beet-simple-and-interfamily.patch-does-not-work

Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the rela

diff -urN linux-2.6.18.1/include/linux/in.h linux-2.6.18.1.beet/include/linux/in.h
--- linux-2.6.18.1/include/linux/in.h	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/include/linux/in.h	2006-10-21 14:59:54.000000000 +0300
@@ -40,6 +40,7 @@
 
   IPPROTO_ESP = 50,            /* Encapsulation Security Payload protocol */
   IPPROTO_AH = 51,             /* Authentication Header protocol       */
+  IPPROTO_BEETPH = 94,		/* IP option pseudo header for BEET */
   IPPROTO_PIM    = 103,		/* Protocol Independent Multicast	*/
 
   IPPROTO_COMP   = 108,                /* Compression Header protocol */
diff -urN linux-2.6.18.1/include/linux/ip.h linux-2.6.18.1.beet/include/linux/ip.h
--- linux-2.6.18.1/include/linux/ip.h	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/include/linux/ip.h	2006-10-21 14:59:54.000000000 +0300
@@ -79,6 +79,8 @@
 #define	IPOPT_TS_TSANDADDR	1		/* timestamps and addresses */
 #define	IPOPT_TS_PRESPEC	3		/* specified modules only */
 
+#define IPV4_BEET_PHMAXLEN 8
+
 struct iphdr {
 #if defined(__LITTLE_ENDIAN_BITFIELD)
 	__u8	ihl:4,
@@ -122,4 +124,11 @@
 	__u16 cpi;
 };
 
+struct ip_beet_phdr {
+	__u8 nexthdr;
+	__u8 hdrlen;
+	__u8 padlen;
+	__u8 reserved;
+};
+
 #endif	/* _LINUX_IP_H */
diff -urN linux-2.6.18.1/include/linux/ipsec.h linux-2.6.18.1.beet/include/linux/ipsec.h
--- linux-2.6.18.1/include/linux/ipsec.h	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/include/linux/ipsec.h	2006-10-21 14:59:54.000000000 +0300
@@ -12,7 +12,8 @@
 enum {
 	IPSEC_MODE_ANY		= 0,	/* We do not support this for SA */
 	IPSEC_MODE_TRANSPORT	= 1,
-	IPSEC_MODE_TUNNEL	= 2
+	IPSEC_MODE_TUNNEL	= 2,
+	IPSEC_MODE_BEET         = 3
 };
 
 enum {
diff -urN linux-2.6.18.1/include/linux/xfrm.h linux-2.6.18.1.beet/include/linux/xfrm.h
--- linux-2.6.18.1/include/linux/xfrm.h	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/include/linux/xfrm.h	2006-10-21 15:53:34.000000000 +0300
@@ -43,6 +43,12 @@
 #define XFRM_SC_ALG_RESERVED 0
 #define XFRM_SC_ALG_SELINUX 1
 
+/* Transport layer flag  passed to xfrm_lookup. If set, the userspace
+   process sleeps in a waitqueue until key management daemon has 
+   finished setting up security associations. This workaround exists 
+   until we have queues for outgoing IPsec packets. */
+#define XFRM_LOOKUP_SLEEP (!in_atomic() && !in_softirq())
+
 /* Selector, used as selector both on policy rules (SPD) and SAs. */
 
 struct xfrm_selector
@@ -120,7 +126,8 @@
 
 #define XFRM_MODE_TRANSPORT 0
 #define XFRM_MODE_TUNNEL 1
-#define XFRM_MODE_MAX 2
+#define XFRM_MODE_BEET 2
+#define XFRM_MODE_MAX 3
 
 /* Netlink configuration messages.  */
 enum {
diff -urN linux-2.6.18.1/include/net/xfrm.h linux-2.6.18.1.beet/include/net/xfrm.h
--- linux-2.6.18.1/include/net/xfrm.h	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/include/net/xfrm.h	2006-10-21 14:59:54.000000000 +0300
@@ -297,6 +297,10 @@
 /* Source address of tunnel. Ignored, if it is not a tunnel. */
 	xfrm_address_t		saddr;
 
+/* family of the outer addresses. The family may differ from
+   the one in selector */
+	unsigned short		outer_family;
+
 	__u32			reqid;
 
 /* Mode: transport/tunnel */
diff -urN linux-2.6.18.1/net/ipv4/ah4.c linux-2.6.18.1.beet/net/ipv4/ah4.c
--- linux-2.6.18.1/net/ipv4/ah4.c	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/net/ipv4/ah4.c	2006-10-21 14:59:54.000000000 +0300
@@ -253,8 +253,10 @@
 		goto error;
 	
 	x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct iphdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	x->data = ahp;
 
 	return 0;
diff -urN linux-2.6.18.1/net/ipv4/esp4.c linux-2.6.18.1.beet/net/ipv4/esp4.c
--- linux-2.6.18.1/net/ipv4/esp4.c	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/net/ipv4/esp4.c	2006-10-21 14:59:54.000000000 +0300
@@ -237,7 +237,8 @@
 		 *    as per draft-ietf-ipsec-udp-encaps-06,
 		 *    section 3.1.2
 		 */
-		if (!x->props.mode)
+		if (x->props.mode == XFRM_MODE_TRANSPORT ||
+		    x->props.mode == XFRM_MODE_BEET)
 			skb->ip_summed = CHECKSUM_UNNECESSARY;
 	}
 
@@ -255,17 +256,27 @@
 {
 	struct esp_data *esp = x->data;
 	u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
+	int enclen = 0;
 
-	if (x->props.mode) {
-		mtu = ALIGN(mtu + 2, blksize);
-	} else {
-		/* The worst case. */
+	switch (x->props.mode) {
+	default:
+	case XFRM_MODE_TUNNEL:
+		mtu = ALIGN(mtu +2, blksize);
+		break;
+	case XFRM_MODE_TRANSPORT:
+		/* The worst case */
 		mtu = ALIGN(mtu + 2, 4) + blksize - 4;
+		break;
+	case XFRM_MODE_BEET:
+		/* The worst case. */
+		enclen = IPV4_BEET_PHMAXLEN;
+		mtu = ALIGN(mtu + enclen + 2, blksize);
+		break;
 	}
 	if (esp->conf.padlen)
 		mtu = ALIGN(mtu, esp->conf.padlen);
 
-	return mtu + x->props.header_len + esp->auth.icv_trunc_len;
+	return mtu + x->props.header_len + esp->auth.icv_trunc_len - enclen;
 }
 
 static void esp4_err(struct sk_buff *skb, u32 info)
@@ -368,8 +379,10 @@
 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
 		goto error;
 	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct iphdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	if (x->encap) {
 		struct xfrm_encap_tmpl *encap = x->encap;
 
diff -urN linux-2.6.18.1/net/ipv4/ipcomp.c linux-2.6.18.1.beet/net/ipv4/ipcomp.c
--- linux-2.6.18.1/net/ipv4/ipcomp.c	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/net/ipv4/ipcomp.c	2006-10-21 14:59:54.000000000 +0300
@@ -176,7 +176,7 @@
 	return 0;
 
 out_ok:
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		ip_send_check(iph);
 	return 0;
 }
@@ -216,7 +216,7 @@
 	t->id.daddr.a4 = x->id.daddr.a4;
 	memcpy(&t->sel, &x->sel, sizeof(t->sel));
 	t->props.family = AF_INET;
-	t->props.mode = 1;
+	t->props.mode = x->props.mode;
 	t->props.saddr.a4 = x->props.saddr.a4;
 	t->props.flags = x->props.flags;
 
@@ -415,8 +415,10 @@
 		goto out;
 
 	x->props.header_len = 0;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct iphdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 
 	mutex_lock(&ipcomp_resource_mutex);
 	if (!ipcomp_alloc_scratches())
@@ -427,7 +429,7 @@
 		goto error;
 	mutex_unlock(&ipcomp_resource_mutex);
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = ipcomp_tunnel_attach(x);
 		if (err)
 			goto error_tunnel;
diff -urN linux-2.6.18.1/net/ipv4/xfrm4_input.c linux-2.6.18.1.beet/net/ipv4/xfrm4_input.c
--- linux-2.6.18.1/net/ipv4/xfrm4_input.c	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/net/ipv4/xfrm4_input.c	2006-10-21 14:59:54.000000000 +0300
@@ -109,6 +109,84 @@
 		if (x->props.mode) {
 			decaps = 1;
 			break;
+		} else if (x->props.mode == XFRM_MODE_BEET) {
+			int phlen = 0;
+			int optlen = 0;
+			__u8 ph_nexthdr = 0;
+			int size = (x->sel.family == AF_INET) ? sizeof(struct iphdr) : sizeof(struct ipv6hdr);
+			int proto = skb->nh.iph->protocol;
+			int hops = skb->nh.iph->ttl;
+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+			if (x->sel.family == AF_INET6) {
+				/* Here, the inner family is 6, therefore I have to
+				 * substitute the IPhdr by enlarging it */
+				if (skb_tailroom(skb) <  delta){
+					if (pskb_expand_head(skb, 0, delta, GFP_ATOMIC))
+						return -EINVAL;		//Just returning from here.
+				}
+				skb->nh.raw -= delta;
+			} else if (x->sel.family == AF_INET) {
+				// We need to extract the PH
+				struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(skb->nh.iph + 1);
+
+				if (proto == IPPROTO_BEETPH) {
+					if (!pskb_may_pull(skb, sizeof(*ph)))
+						goto drop;
+					phlen = ph->hdrlen * 8;
+					optlen = phlen - ph->padlen - sizeof(*ph);
+
+					if (optlen < 0 || optlen & 3 || optlen > 250)
+						goto drop;
+					if (!pskb_may_pull(skb, phlen))
+						goto drop;
+
+					ph_nexthdr = ph->nexthdr;
+				}
+			} else
+				BUG_ON(1);
+
+
+			if (skb_cloned(skb) &&
+			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+				goto drop;
+
+			skb_push(skb, size);
+			memmove(skb->data, skb->nh.raw, size);
+			skb->nh.raw = skb->data;
+
+			if (x->sel.family == AF_INET) {
+				struct iphdr *iph = skb->nh.iph;
+
+				if (unlikely(phlen)) {
+					skb_pull(skb, phlen - optlen);
+					memmove(skb->data, skb->nh.raw, sizeof(*iph));
+					skb->nh.raw = skb->data;
+					iph = skb->nh.iph;
+				}
+
+				iph->ihl = (sizeof(*iph) + optlen) / 4;
+				iph->tot_len = htons(skb->len);
+				iph->daddr = x->sel.daddr.a4;
+				iph->saddr = x->sel.saddr.a4;
+				if (ph_nexthdr)
+					iph->protocol = ph_nexthdr;
+				else
+					iph->protocol = proto;
+				ip_send_check(iph);
+			} else if (x->sel.family == AF_INET6) {
+				struct ipv6hdr *ip6h = skb->nh.ipv6h;
+				memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
+				ip6h->version = 6;
+				ip6h->priority = 0;
+				ip6h->nexthdr = proto;
+				ip6h->hop_limit = hops;
+				ip6h->payload_len = htons(skb->len - size);
+				ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *)&x->sel.daddr.a6);
+				ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *)&x->sel.saddr.a6);
+				skb->protocol = htons(ETH_P_IPV6);
+			}
+			decaps = 1;
+			break;
 		}
 
 		if ((err = xfrm_parse_spi(skb, skb->nh.iph->protocol, &spi, &seq)) < 0)
diff -urN linux-2.6.18.1/net/ipv4/xfrm4_output.c linux-2.6.18.1.beet/net/ipv4/xfrm4_output.c
--- linux-2.6.18.1/net/ipv4/xfrm4_output.c	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/net/ipv4/xfrm4_output.c	2006-10-21 14:59:54.000000000 +0300
@@ -54,7 +54,7 @@
 			goto error_nolock;
 	}
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = xfrm4_tunnel_check_size(skb);
 		if (err)
 			goto error_nolock;
diff -urN linux-2.6.18.1/net/ipv4/xfrm4_policy.c linux-2.6.18.1.beet/net/ipv4/xfrm4_policy.c
--- linux-2.6.18.1/net/ipv4/xfrm4_policy.c	2006-10-14 06:34:03.000000000 +0300
+++ linux-2.6.18.1.beet/net/ipv4/xfrm4_policy.c	2006-10-21 14:59:54.000000000 +0300
@@ -16,6 +16,8 @@
 static struct dst_ops xfrm4_dst_ops;
 static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
 
+static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu);
+
 static int xfrm4_dst_lookup(struct xfrm_dst **dst, struct flowi *fl)
 {
 	return __ip_route_output_key((struct rtable**)dst, fl);
@@ -53,17 +55,20 @@
 	struct dst_entry *dst, *dst_prev;
 	struct rtable *rt0 = (struct rtable*)(*dst_p);
 	struct rtable *rt = rt0;
-	u32 remote = fl->fl4_dst;
-	u32 local  = fl->fl4_src;
 	struct flowi fl_tunnel = {
 		.nl_u = {
 			.ip4_u = {
-				.saddr = local,
-				.daddr = remote,
+				.saddr = fl->fl4_dst,
+				.daddr = fl->fl4_src,
 				.tos = fl->fl4_tos
 			}
 		}
 	};
+	union {
+		struct in6_addr *in6;
+		struct in_addr *in;
+	} remote, local;
+	unsigned short outer_family = 0, beet = 0;
 	int i;
 	int err;
 	int header_len = 0;
@@ -75,7 +80,6 @@
 	for (i = 0; i < nx; i++) {
 		struct dst_entry *dst1 = dst_alloc(&xfrm4_dst_ops);
 		struct xfrm_dst *xdst;
-		int tunnel = 0;
 
 		if (unlikely(dst1 == NULL)) {
 			err = -ENOBUFS;
@@ -96,21 +100,45 @@
 
 		dst1->next = dst_prev;
 		dst_prev = dst1;
-		if (xfrm[i]->props.mode) {
-			remote = xfrm[i]->id.daddr.a4;
-			local  = xfrm[i]->props.saddr.a4;
-			tunnel = 1;
+
+		if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL || xfrm[i]->props.mode == XFRM_MODE_BEET) {
+			outer_family = xfrm[i]->props.family;
+			beet = (xfrm[i]->props.mode == XFRM_MODE_BEET);
+
+			if(outer_family == AF_INET6){
+				remote.in6 = (struct in6_addr*)&xfrm[i]->id.daddr;
+				local.in6 = (struct in6_addr*)&xfrm[i]->props.saddr;
+			} else if(outer_family == AF_INET){
+				remote.in = (struct in_addr*)&xfrm[i]->id.daddr;
+				local.in = (struct in_addr*)&xfrm[i]->props.saddr;
+			} else
+				BUG_ON(1);
 		}
 		header_len += xfrm[i]->props.header_len;
 		trailer_len += xfrm[i]->props.trailer_len;
 
-		if (tunnel) {
-			fl_tunnel.fl4_src = local;
-			fl_tunnel.fl4_dst = remote;
+		if (outer_family) {
+			switch(outer_family) {
+			case AF_INET:
+				fl_tunnel.fl4_dst = remote.in->s_addr;
+				fl_tunnel.fl4_src = local.in->s_addr;
+				break;
+			case AF_INET6:
+				ipv6_addr_copy(&fl_tunnel.fl6_dst, remote.in6);
+				ipv6_addr_copy(&fl_tunnel.fl6_src, local.in6);
+				break;
+			default:
+				BUG_ON(1);
+			}
 			err = xfrm_dst_lookup((struct xfrm_dst **)&rt,
-					      &fl_tunnel, AF_INET);
+					      &fl_tunnel, outer_family);
 			if (err)
 				goto error;