1-interfamily-beet.patch

Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the rela

+				fl_tunnel.fl4_dst = remote.in->s_addr;
+				break;
+			case AF_INET6:
+				ipv6_addr_copy(&fl_tunnel.fl6_src, local.in6);
+				ipv6_addr_copy(&fl_tunnel.fl6_dst, remote.in6);
+				break;
+			}
 			err = xfrm_dst_lookup((struct xfrm_dst **)&rt,
-					      &fl_tunnel, AF_INET);
+					      &fl_tunnel, outer_family);
 			if (err)
 				goto error;
+			/* Without this, the atomic inc below segfaults */
+			if (outer_family == AF_INET6) {
+				rt->peer = NULL;
+				rt_bind_peer(rt,1);
+			}
 		} else
 			dst_hold(&rt->u.dst);
 	}
@@ -181,6 +206,12 @@ __xfrm4_bundle_create(struct xfrm_policy
 	}
 
 	xfrm_init_pmtu(dst);
+	if (outer_family6) {
+		/* The worst case */
+		int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+		u32 mtu = dst_mtu(dst);
+		xfrm4_update_pmtu(dst, mtu - delta);
+	}
 	return 0;
 
 error:
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
index edcfffa..3f642d0 100644
--- a/net/ipv6/xfrm6_mode_beet.c
+++ b/net/ipv6/xfrm6_mode_beet.c
@@ -16,6 +16,7 @@
 #include <net/dsfield.h>
 #include <net/dst.h>
 #include <net/inet_ecn.h>
+#include <net/ip.h>
 #include <net/ipv6.h>
 #include <net/xfrm.h>
 
@@ -34,35 +35,88 @@
 static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
 {
 	struct ipv6hdr *iph, *top_iph;
-	u8 *prevhdr;
-	int hdr_len;
+	struct dst_entry *dst = skb->dst;
 
 	skb_push(skb, x->props.header_len);
 	iph = skb->nh.ipv6h;
 
-	hdr_len = ip6_find_1stfragopt(skb, &prevhdr);
-	skb->nh.raw = prevhdr - x->props.header_len;
-	skb->h.raw = skb->data + hdr_len;
-	memmove(skb->data, iph, hdr_len);
+	if (x->props.family == AF_INET6) {
+		u8 *prevhdr;
+		int hdr_len;
+
+		hdr_len = ip6_find_1stfragopt(skb, &prevhdr);
+		skb->nh.raw = prevhdr - x->props.header_len;
+		skb->h.raw = skb->data + hdr_len;
+		memmove(skb->data, iph, hdr_len);
+	}
 
 	skb->nh.raw = skb->data;
 	top_iph = skb->nh.ipv6h;
-	skb->nh.raw = &top_iph->nexthdr;
-	skb->h.ipv6h = top_iph + 1;
-
-	ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
-	ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
+	if (x->props.family == AF_INET6) {
+		skb->nh.raw = &top_iph->nexthdr;
+		skb->h.ipv6h = top_iph + 1;
+
+		ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
+		ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
+	} else if (x->props.family == AF_INET) {
+		/* Inner = 6, Outer = 4 : changing the external IP hdr
+		 * to the outer addresses
+		 */
+		struct iphdr *top_iphv4;
+		u8 protocol = iph->nexthdr;
+		int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+
+		skb->nh.raw = skb_pull(skb, delta);
+		top_iphv4 = skb->nh.iph;
+		skb->h.raw = skb->data + x->props.header_len;
+		top_iphv4->ihl = (sizeof(struct iphdr) >> 2);
+		top_iphv4->version = 4;
+		top_iphv4->id = 0;
+		top_iphv4->frag_off = htons(IP_DF);
+		top_iphv4->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
+		top_iphv4->saddr = x->props.saddr.a4;
+		top_iphv4->daddr = x->id.daddr.a4;
+
+		skb->h.raw += top_iphv4->ihl*4;
+		top_iphv4->protocol = protocol;
+	} else
+		BUG_ON(1);
 
 	return 0;
 }
 
 static int xfrm6_beet_input(struct xfrm_state *x, struct sk_buff *skb)
 {
-	struct ipv6hdr *ip6h;
-	int size = sizeof(struct ipv6hdr);
+	struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(skb->h.raw);
+	int size = (x->sel.family == AF_INET) ? sizeof(struct iphdr) : sizeof(struct ipv6hdr);
+	int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+	__u8 proto = skb->nh.ipv6h->nexthdr, hops = skb->nh.ipv6h->hop_limit;
+	__u8 ph_nexthdr = 0;
+	int phlen = 0;
+	int optlen = 0;
+
 	int err = -EINVAL;
 
-	if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+	if (x->sel.family == AF_INET) {
+		/* Inner = IPv4, therefore the IPhdr must be shrunk */
+		/* Inner = 4, Outer = 6 */
+		if (unlikely(proto == IPPROTO_BEETPH)) {
+			if (!pskb_may_pull(skb, sizeof(*ph)))
+				goto out;
+			phlen = ph->hdrlen * 8;
+			optlen = phlen - ph->padlen - sizeof(*ph);
+
+			if (optlen < 0 || optlen & 3 || optlen > 250)
+				goto out;
+			if (!pskb_may_pull(skb, phlen))
+				goto out;
+
+			proto = ph_nexthdr = ph->nexthdr;
+		}
+		skb->nh.raw += delta;
+	}
+
+	if (!pskb_may_pull(skb, size))
 		goto out;
 
 	skb_push(skb, size);
@@ -71,11 +125,36 @@ static int xfrm6_beet_input(struct xfrm_
 
 	skb->mac.raw = memmove(skb->data - skb->mac_len,
 			       skb->mac.raw, skb->mac_len);
-
-	ip6h = skb->nh.ipv6h;
-	ip6h->payload_len = htons(skb->len - size);
-	ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);
-	ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);
+	if (unlikely(phlen)) {
+		skb_pull(skb, phlen - optlen);
+		skb->nh.raw = skb->data;
+	}
+	if (x->sel.family == AF_INET6) {
+		struct ipv6hdr *ip6h = skb->nh.ipv6h;
+		ip6h->payload_len = htons(skb->len - size);
+		ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);
+		ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);
+	} else if (x->sel.family == AF_INET) {
+		struct iphdr *iph = skb->nh.iph;
+		iph->ihl = (sizeof(*iph) + optlen) / 4;
+		iph->version = 4;
+		iph->tos = 0;
+		iph->id = 0;
+		iph->frag_off = 0;
+		iph->ttl = hops;
+		iph->protocol = proto;
+		iph->daddr = x->sel.daddr.a4;
+		iph->saddr = x->sel.saddr.a4;
+		iph->tot_len = htons(skb->len);
+		ip_send_check(iph);
+		skb->protocol = htons(ETH_P_IP);
+		if (unlikely(!optlen)) {
+			skb->h.raw = skb->nh.raw;
+		}
+		dst_release(skb->dst);
+		skb->dst = NULL;
+	} else
+		BUG_ON(1);
 	err = 0;
 out:
 	return err;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 6a252e2..491e1aa 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -129,16 +129,18 @@ __xfrm6_bundle_create(struct xfrm_policy
 	struct dst_entry *dst, *dst_prev;
 	struct rt6_info *rt0 = (struct rt6_info*)(*dst_p);
 	struct rt6_info *rt  = rt0;
-	struct in6_addr *remote = &fl->fl6_dst;
-	struct in6_addr *local  = &fl->fl6_src;
 	struct flowi fl_tunnel = {
 		.nl_u = {
 			.ip6_u = {
-				.saddr = *local,
-				.daddr = *remote
+				.saddr = fl->fl6_src,
+				.daddr = fl->fl6_dst
 			}
 		}
 	};
+	union {
+		struct in6_addr *in6;
+		struct in_addr *in;
+	} remote, local;
 	int i;
 	int err = 0;
 	int header_len = 0;
@@ -151,8 +153,8 @@ __xfrm6_bundle_create(struct xfrm_policy
 	for (i = 0; i < nx; i++) {
 		struct dst_entry *dst1 = dst_alloc(&xfrm6_dst_ops);
 		struct xfrm_dst *xdst;
-		int tunnel = 0;
-
+		unsigned short outer_family = 0;
+		
 		if (unlikely(dst1 == NULL)) {
 			err = -ENOBUFS;
 			dst_release(&rt->u.dst);
@@ -176,18 +178,33 @@ __xfrm6_bundle_create(struct xfrm_policy
 		dst1->next = dst_prev;
 		dst_prev = dst1;
 		if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
-			remote = __xfrm6_bundle_addr_remote(xfrm[i], remote);
-			local  = __xfrm6_bundle_addr_local(xfrm[i], local);
-			tunnel = 1;
+			outer_family = xfrm[i]->props.family;
+			if (outer_family == AF_INET6) {
+				remote.in6 = __xfrm6_bundle_addr_remote(xfrm[i], remote.in6);
+				local.in6  = __xfrm6_bundle_addr_local(xfrm[i], local.in6);
+			} else if (outer_family == AF_INET) {
+				remote.in = (struct in_addr*)&xfrm[i]->id.daddr.a4;
+				local.in = (struct in_addr*)&xfrm[i]->props.saddr.a4;
+			} else
+				BUG_ON(1);
 		}
 		__xfrm6_bundle_len_inc(&header_len, &nfheader_len, xfrm[i]);
 		trailer_len += xfrm[i]->props.trailer_len;
 
-		if (tunnel) {
-			ipv6_addr_copy(&fl_tunnel.fl6_dst, remote);
-			ipv6_addr_copy(&fl_tunnel.fl6_src, local);
+		if (outer_family) {
+			switch (outer_family) {
+			default:
+			case AF_INET6:
+				ipv6_addr_copy(&fl_tunnel.fl6_dst, remote.in6);
+				ipv6_addr_copy(&fl_tunnel.fl6_src, local.in6);
+				break;
+			case AF_INET:
+				fl_tunnel.fl4_dst = remote.in->s_addr;
+				fl_tunnel.fl4_src = local.in->s_addr;
+				break;
+			}
 			err = xfrm_dst_lookup((struct xfrm_dst **) &rt,
-					      &fl_tunnel, AF_INET6);
+					      &fl_tunnel, outer_family);
 			if (err)
 				goto error;
 		} else