simple-beet-and-interfamily-2.6.17.9-v1.patch

Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the rela

-
-	if (!x->props.mode) {
-		skb->h.raw += iph->ihl*4;
-		memmove(top_iph, iph, iph->ihl*4);
-		return;
-	}
-
-	top_iph->ihl = 5;
-	top_iph->version = 4;
-
-	/* DS disclosed */
-	top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
-
-	flags = x->props.flags;
-	if (flags & XFRM_STATE_NOECN)
-		IP_ECN_clear(top_iph);
-
-	top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
-		0 : (iph->frag_off & htons(IP_DF));
-	if (!top_iph->frag_off)
-		__ip_select_ident(top_iph, dst->child, 0);
-
-	top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
-
-	top_iph->saddr = x->props.saddr.a4;
-	top_iph->daddr = x->id.daddr.a4;
-	top_iph->protocol = IPPROTO_IPIP;
-
-	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+        struct dst_entry *dst = skb->dst;
+        struct xfrm_state *x = dst->xfrm;
+        struct iphdr *iph, *top_iph;
+        int flags;
+        int hdrlen, optlen;
+
+        iph = skb->nh.iph;
+        skb->h.ipiph = iph;
+
+        hdrlen = x->props.header_len;
+        optlen = iph->ihl * 4 - sizeof(*iph);
+        if (x->props.mode == XFRM_MODE_BEET) {
+                if (!optlen) {
+                        hdrlen -= IPV4_BEET_PHMAXLEN;
+                }
+                else {
+                        skb->h.raw -= (IPV4_BEET_PHMAXLEN - (optlen & 4));
+                        hdrlen -= optlen & 4;
+                }
+        }
+
+        skb->nh.raw = skb_push(skb, hdrlen);
+        top_iph = skb->nh.iph;
+
+        hdrlen = iph->ihl * 4 - optlen;
+        switch (x->props.mode) {
+        case XFRM_MODE_TRANSPORT:
+                skb->h.raw += hdrlen;
+                memmove(top_iph, iph, hdrlen);
+                return;
+        case XFRM_MODE_BEET:
+                skb->h.raw += hdrlen;
+                if (x->props.family == AF_INET) {
+                        memmove(top_iph, iph, hdrlen);
+                }
+
+                if (unlikely(optlen)) {
+                        struct ip_beet_phdr *ph;
+
+                        BUG_ON(optlen < 0);
+
+                        ph = (struct ip_beet_phdr *)skb->h.raw;
+                        ph->padlen = 4 - (optlen & 4);
+                        ph->hdrlen = (optlen + ph->padlen + sizeof(*ph)) / 8;
+                        ph->nexthdr = iph->protocol;
+                        top_iph->protocol = IPPROTO_BEETPH;
+                        top_iph->ihl = sizeof(struct iphdr) / 4;
+                }
+
+                break;
+        default:
+        case XFRM_MODE_TUNNEL:
+                if (x->props.family == AF_INET) {
+                        top_iph->ihl = 5;
+                        top_iph->version = 4;
+
+                        /* DS disclosed */
+                        top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
+                        flags = x->props.flags;
+                        if (flags & XFRM_STATE_NOECN)
+                                IP_ECN_clear(top_iph);
+
+                        top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
+                                0 : (iph->frag_off & htons(IP_DF));
+                        if (!top_iph->frag_off)
+                                __ip_select_ident(top_iph, dst, 0);
+
+                        top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
+
+                        top_iph->protocol = IPPROTO_IPIP;
+                        memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); }
+                break;
+        }
+
+        if (x->props.family == AF_INET) {
+                top_iph->saddr = x->props.saddr.a4;
+                top_iph->daddr = x->id.daddr.a4;
+        } else if (x->props.family == AF_INET6) {
+                /* Inner = 4, Outer = 6*/
+                struct ipv6hdr *top_iph6;
+                int dsfield;
+                u8 protocol = top_iph->protocol;
+
+                if (unlikely(optlen))
+                        protocol = top_iph->protocol;
+                else
+                        protocol = iph->protocol;
+                if (x->props.mode == XFRM_MODE_BEET) {
+                        int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+
+                        if (skb_headroom(skb) <=  2*delta){
+                                if (pskb_expand_head(skb, delta,0, GFP_ATOMIC))
+                                        return;
+                        }
+
+                        skb->nh.raw = skb_push(skb, delta);
+                }
+
+                top_iph6 = skb->nh.ipv6h;
+                skb->h.ipv6h = top_iph6 + 1;
+                /* DS disclosed */
+                top_iph6->version = 6;
+                top_iph6->priority = 0;
+                top_iph6->flow_lbl[0] = 0;
+                top_iph6->flow_lbl[1] = 0;
+                top_iph6->flow_lbl[2] = 0;
+                dsfield = ipv6_get_dsfield(top_iph6);
+                dsfield = INET_ECN_encapsulate(dsfield, dsfield);
+                flags = x->props.flags;
+                if (flags & XFRM_STATE_NOECN)
+                        dsfield &= ~INET_ECN_MASK;
+                ipv6_change_dsfield(top_iph6, 0, dsfield);
+
+                if (x->props.mode == XFRM_MODE_TUNNEL)
+                        top_iph6->nexthdr = IPPROTO_IPIP;
+                else
+                        top_iph6->nexthdr = protocol;
+                top_iph6->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);
+                top_iph6->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
+                ipv6_addr_copy(&top_iph6->saddr,(struct in6_addr *)&x->props.saddr);
+                ipv6_addr_copy(&top_iph6->daddr, (struct in6_addr *)&x->id.daddr);
+                skb->nh.raw = &top_iph6->nexthdr;
+                //skb->nh.raw = &skb->nh.ipv6h->nexthdr;
+        } else
+                BUG_ON(1);
 }
 
 static int xfrm4_tunnel_check_size(struct sk_buff *skb)
@@ -109,7 +195,7 @@
 			goto error_nolock;
 	}
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = xfrm4_tunnel_check_size(skb);
 		if (err)
 			goto error_nolock;
diff -urN linux-2.6.17.9/net/ipv4/xfrm4_policy.c linux-2.6.17.9.hipl/net/ipv4/xfrm4_policy.c
--- linux-2.6.17.9/net/ipv4/xfrm4_policy.c	2006-08-18 19:26:24.000000000 +0300
+++ linux-2.6.17.9.hipl/net/ipv4/xfrm4_policy.c	2006-12-18 15:01:04.000000000 +0200
@@ -19,6 +19,8 @@
 
 static struct xfrm_type_map xfrm4_type_map = { .lock = RW_LOCK_UNLOCKED };
 
+static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu);
+
 static int xfrm4_dst_lookup(struct xfrm_dst **dst, struct flowi *fl)
 {
 	return __ip_route_output_key((struct rtable**)dst, fl);
@@ -56,17 +58,20 @@
 	struct dst_entry *dst, *dst_prev;
 	struct rtable *rt0 = (struct rtable*)(*dst_p);
 	struct rtable *rt = rt0;
-	u32 remote = fl->fl4_dst;
-	u32 local  = fl->fl4_src;
 	struct flowi fl_tunnel = {
 		.nl_u = {
 			.ip4_u = {
-				.saddr = local,
-				.daddr = remote,
+				.saddr = fl->fl4_dst,
+				.daddr = fl->fl4_src,
 				.tos = fl->fl4_tos
 			}
 		}
 	};
+	union {
+		struct in6_addr *in6;
+		struct in_addr *in;
+	} remote, local;
+	unsigned short outer_family = 0, beet = 0;
 	int i;
 	int err;
 	int header_len = 0;
@@ -78,7 +83,6 @@
 	for (i = 0; i < nx; i++) {
 		struct dst_entry *dst1 = dst_alloc(&xfrm4_dst_ops);
 		struct xfrm_dst *xdst;
-		int tunnel = 0;
 
 		if (unlikely(dst1 == NULL)) {
 			err = -ENOBUFS;
@@ -99,21 +103,45 @@
 
 		dst1->next = dst_prev;
 		dst_prev = dst1;
-		if (xfrm[i]->props.mode) {
-			remote = xfrm[i]->id.daddr.a4;
-			local  = xfrm[i]->props.saddr.a4;
-			tunnel = 1;
+
+		if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL || xfrm[i]->props.mode == XFRM_MODE_BEET) {
+			outer_family = xfrm[i]->props.family;
+			beet = (xfrm[i]->props.mode == XFRM_MODE_BEET);
+
+			if(outer_family == AF_INET6){
+				remote.in6 = (struct in6_addr*)&xfrm[i]->id.daddr;
+				local.in6 = (struct in6_addr*)&xfrm[i]->props.saddr;
+			} else if(outer_family == AF_INET){
+				remote.in = (struct in_addr*)&xfrm[i]->id.daddr;
+				local.in = (struct in_addr*)&xfrm[i]->props.saddr;
+			} else
+				BUG_ON(1);
 		}
 		header_len += xfrm[i]->props.header_len;
 		trailer_len += xfrm[i]->props.trailer_len;
 
-		if (tunnel) {
-			fl_tunnel.fl4_src = local;
-			fl_tunnel.fl4_dst = remote;
+		if (outer_family) {
+			switch(outer_family) {
+			case AF_INET:
+				fl_tunnel.fl4_dst = remote.in->s_addr;
+				fl_tunnel.fl4_src = local.in->s_addr;
+				break;
+			case AF_INET6:
+				ipv6_addr_copy(&fl_tunnel.fl6_dst, remote.in6);
+				ipv6_addr_copy(&fl_tunnel.fl6_src, local.in6);
+				break;
+			default:
+				BUG_ON(1);
+			}
 			err = xfrm_dst_lookup((struct xfrm_dst **)&rt,
-					      &fl_tunnel, AF_INET);
+					      &fl_tunnel, outer_family);
 			if (err)
 				goto error;
+			/* Without this, the atomic inc below segfaults */
+			if (outer_family == AF_INET6) {
+				rt->peer = NULL;
+				rt_bind_peer(rt,1);
+			}
 		} else
 			dst_hold(&rt->u.dst);
 	}
@@ -163,6 +191,11 @@
 	}
 
 	xfrm_init_pmtu(dst);
+	if (beet && outer_family == AF_INET6) {
+		int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+		u32 mtu = dst_mtu(dst);
+		xfrm4_update_pmtu(dst, mtu - delta);
+	}
 	return 0;
 
 error:
diff -urN linux-2.6.17.9/net/ipv4/xfrm4_tunnel.c linux-2.6.17.9.hipl/net/ipv4/xfrm4_tunnel.c
--- linux-2.6.17.9/net/ipv4/xfrm4_tunnel.c	2006-08-18 19:26:24.000000000 +0300
+++ linux-2.6.17.9.hipl/net/ipv4/xfrm4_tunnel.c	2006-12-18 15:01:04.000000000 +0200
@@ -28,13 +28,20 @@
 
 static int ipip_init_state(struct xfrm_state *x)
 {
-	if (!x->props.mode)
-		return -EINVAL;
-
 	if (x->encap)
 		return -EINVAL;
 
-	x->props.header_len = sizeof(struct iphdr);
+	switch (x->props.mode) {
+	case XFRM_MODE_TRANSPORT:
+		return -EINVAL;
+	default:
+	case XFRM_MODE_TUNNEL:
+		x->props.header_len = sizeof(struct iphdr);
+		break;
+	case XFRM_MODE_BEET:
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
+		break;
+	}
 
 	return 0;
 }
diff -urN linux-2.6.17.9/net/ipv6/ah6.c linux-2.6.17.9.hipl/net/ipv6/ah6.c
--- linux-2.6.17.9/net/ipv6/ah6.c	2006-08-18 19:26:24.000000000 +0300
+++ linux-2.6.17.9.hipl/net/ipv6/ah6.c	2006-12-18 15:01:04.000000000 +0200
@@ -392,8 +392,10 @@
 		goto error;
 	
 	x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len);
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	x->data = ahp;
 
 	return 0;
diff -urN linux-2.6.17.9/net/ipv6/esp6.c linux-2.6.17.9.hipl/net/ipv6/esp6.c
--- linux-2.6.17.9/net/ipv6/esp6.c	2006-08-18 19:26:24.000000000 +0300
+++ linux-2.6.17.9.hipl/net/ipv6/esp6.c	2006-12-18 15:01:04.000000000 +0200
@@ -357,8 +357,10 @@
 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
 		goto error;
 	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	x->data = esp;
 	return 0;
 
diff -urN linux-2.6.17.9/net/ipv6/ipcomp6.c linux-2.6.17.9.hipl/net/ipv6/ipcomp6.c
--- linux-2.6.17.9/net/ipv6/ipcomp6.c	2006-08-18 19:26:24.000000000 +0300
+++ linux-2.6.17.9.hipl/net/ipv6/ipcomp6.c	2006-12-18 15:01:04.000000000 +0200
@@ -438,8 +438,10 @@
 		goto out;
 
 	x->props.header_len = 0;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	
 	mutex_lock(&ipcomp6_resource_mutex);
 	if (!ipcomp6_alloc_scratches())
@@ -450,7 +452,7 @@
 		goto error;
 	mutex_unlock(&ipcomp6_resource_mutex);
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = ipcomp6_tunnel_attach(x);
 		if (err)
 			goto error_tunnel;
diff -urN linux-2.6.17.9/net/ipv6/xfrm6_input.c linux-2.6.17.9.hipl/net/ipv6/xfrm6_input.c
--- linux-2.6.17.9/net/ipv6/xfrm6_input.c	2006-08-18 19:26:24.000000000 +0300
+++ linux-2.6.17.9.hipl/net/ipv6/xfrm6_input.c	2006-12-18 15:01:04.000000000 +0200
@@ -81,16 +81,34 @@
 
 		xfrm_vec[xfrm_nr++] = x;
 
-		if (x->props.mode) { /* XXX */
-			if (nexthdr != IPPROTO_IPV6)
-				goto drop;
-			if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
-				goto drop;
-			if (skb_cloned(skb) &&
-			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
-				goto drop;
-			if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-				ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);
+		if (x->props.mode == XFRM_MODE_TUNNEL) {
+			if (x->sel.family == AF_INET6) {
+
+				if (nexthdr != IPPROTO_IPV6)
+					goto drop;
+				if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+					goto drop;
+				if (skb_cloned(skb) &&
+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+					goto drop;
+				if (x->props.flags & XFRM_STATE_DECAP_DSCP)
+					ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);
+			} else if (x->sel.family == AF_INET) {
+
+				if (nexthdr != IPPROTO_IPIP)
+					goto drop;
+				if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+					goto drop;
+				if (skb_cloned(skb) &&
+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))