simple-beet-ph-patch-2.6.9

Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the rela

-
-	top_iph->ttl = dst_path_metric(dst, RTAX_HOPLIMIT);
+	skb->nh.raw = skb_push(skb, hdrlen);
+	top_iph = skb->nh.iph;
+	hdrlen = iph->ihl * 4 - optlen;
+	switch (x->props.mode) {
+	case XFRM_MODE_TRANSPORT:
+		skb->h.raw += hdrlen;
+		memmove(top_iph, iph, hdrlen);
+ 		return;
+ 
+	case XFRM_MODE_BEET:
+		skb->h.raw += hdrlen;
+		memmove(top_iph, iph, hdrlen);
+		if (unlikely(optlen)) {
+			struct ip_beet_phdr *ph;
+
+			BUG_ON(optlen < 0);
+
+			ph = (struct ip_beet_phdr *)skb->h.raw;
+			ph->padlen = 4 - (optlen & 4);
+			ph->hdrlen = (optlen + ph->padlen + sizeof(*ph)) / 8;
+			ph->nexthdr = top_iph->protocol;
+ 
+			top_iph->protocol = IPPROTO_BEETPH;
+			top_iph->ihl = sizeof(struct iphdr) / 4;
+		}
+		break;
+ 
+	default:
+	case XFRM_MODE_TUNNEL:
+		top_iph->ihl = 5;
+		top_iph->version = 4;
+ 
+		/* DS disclosed */
+		top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
+ 
+		flags = x->props.flags;
+		if (flags & XFRM_STATE_NOECN)
+			IP_ECN_clear(top_iph);
+ 
+		top_iph->frag_off = iph->frag_off & htons(IP_DF);
+		if (!top_iph->frag_off)
+			__ip_select_ident(top_iph, dst, 0);
+
+		top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
+
+		top_iph->protocol = IPPROTO_IPIP;
+		memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+		break;
+	}
 
 	top_iph->saddr = x->props.saddr.a4;
 	top_iph->daddr = x->id.daddr.a4;
-	top_iph->protocol = IPPROTO_IPIP;
-
-	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
 }
 
 static int xfrm4_tunnel_check_size(struct sk_buff *skb)
@@ -110,7 +148,7 @@
 	if (err)
 		goto error;
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = xfrm4_tunnel_check_size(skb);
 		if (err)
 			goto error;
diff -urN linux-2.6.9/net/ipv4/xfrm4_tunnel.c linux-2.6.9-simple-patch/net/ipv4/xfrm4_tunnel.c
--- linux-2.6.9/net/ipv4/xfrm4_tunnel.c	2004-10-19 00:53:21.000000000 +0300
+++ linux-2.6.9-simple-patch/net/ipv4/xfrm4_tunnel.c	2006-08-05 15:08:02.000000000 +0300
@@ -86,15 +86,22 @@
 
 static int ipip_init_state(struct xfrm_state *x, void *args)
 {
-	if (!x->props.mode)
-		return -EINVAL;
-
 	if (x->encap)
 		return -EINVAL;
 
-	x->props.header_len = sizeof(struct iphdr);
-
-	return 0;
+	switch (x->props.mode) {
+	case XFRM_MODE_TRANSPORT:
+		return -EINVAL;
+	default:
+	case XFRM_MODE_TUNNEL:
+		x->props.header_len = sizeof(struct iphdr);
+		break;
+	case XFRM_MODE_BEET:
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
+		break;
+	}
+ 
+ 	return 0;
 }
 
 static void ipip_destroy(struct xfrm_state *x)
diff -urN linux-2.6.9/net/ipv6/ah6.c linux-2.6.9-simple-patch/net/ipv6/ah6.c
--- linux-2.6.9/net/ipv6/ah6.c	2004-10-19 00:54:39.000000000 +0300
+++ linux-2.6.9-simple-patch/net/ipv6/ah6.c	2006-08-05 15:08:02.000000000 +0300
@@ -396,7 +396,7 @@
 		goto error;
 	
 	x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len);
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
 	x->data = ahp;
 
diff -urN linux-2.6.9/net/ipv6/esp6.c linux-2.6.9-simple-patch/net/ipv6/esp6.c
--- linux-2.6.9/net/ipv6/esp6.c	2004-10-19 00:54:37.000000000 +0300
+++ linux-2.6.9-simple-patch/net/ipv6/esp6.c	2006-08-05 15:08:02.000000000 +0300
@@ -366,7 +366,7 @@
 	}
 	crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
 	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
 	x->data = esp;
 	return 0;
diff -urN linux-2.6.9/net/ipv6/ipcomp6.c linux-2.6.9-simple-patch/net/ipv6/ipcomp6.c
--- linux-2.6.9/net/ipv6/ipcomp6.c	2004-10-19 00:54:08.000000000 +0300
+++ linux-2.6.9-simple-patch/net/ipv6/ipcomp6.c	2006-08-05 15:08:02.000000000 +0300
@@ -450,7 +450,7 @@
 
 	memset(ipcd, 0, sizeof(*ipcd));
 	x->props.header_len = 0;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
 	
 	down(&ipcomp6_resource_sem);
@@ -462,7 +462,7 @@
 		goto error;
 	up(&ipcomp6_resource_sem);
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = ipcomp6_tunnel_attach(x);
 		if (err)
 			goto error_tunnel;
diff -urN linux-2.6.9/net/ipv6/xfrm6_input.c linux-2.6.9-simple-patch/net/ipv6/xfrm6_input.c
--- linux-2.6.9/net/ipv6/xfrm6_input.c	2004-10-19 00:55:36.000000000 +0300
+++ linux-2.6.9-simple-patch/net/ipv6/xfrm6_input.c	2006-08-05 15:08:02.000000000 +0300
@@ -80,7 +80,7 @@
 
 		xfrm_vec[xfrm_nr++].xvec = x;
 
-		if (x->props.mode) { /* XXX */
+		if (x->props.mode == XFRM_MODE_TUNNEL) {
 			if (nexthdr != IPPROTO_IPV6)
 				goto drop;
 			if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
@@ -97,6 +97,30 @@
 			skb->nh.raw = skb->data;
 			decaps = 1;
 			break;
+		} else if (x->props.mode == XFRM_MODE_BEET) {
+			int size = sizeof(struct ipv6hdr);
+			if (skb_cloned(skb) &&
+			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+				goto drop;
+
+			skb_push(skb, size);
+			memmove(skb->data, skb->nh.raw, size);
+			skb->nh.raw = skb->data;
+
+			skb->mac.raw = memmove(skb->data - skb->mac_len,
+					       skb->mac.raw, skb->mac_len);
+
+			if (x->sel.family == AF_INET6) {
+				struct ipv6hdr *ip6h = skb->nh.ipv6h;
+				ip6h = skb->nh.ipv6h;
+				ip6h->payload_len = htons(skb->len - size);
+				ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);
+				ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);
+			} else
+				BUG_ON(1);
+
+			decaps = 1;
+			break;
 		}
 
 		if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) < 0)
diff -urN linux-2.6.9/net/ipv6/xfrm6_output.c linux-2.6.9-simple-patch/net/ipv6/xfrm6_output.c
--- linux-2.6.9/net/ipv6/xfrm6_output.c	2004-10-19 00:55:07.000000000 +0300
+++ linux-2.6.9-simple-patch/net/ipv6/xfrm6_output.c	2006-08-05 15:32:24.000000000 +0300
@@ -42,7 +42,8 @@
 	skb_push(skb, x->props.header_len);
 	iph = skb->nh.ipv6h;
 
-	if (!x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TRANSPORT ||
+	    x->props.mode == XFRM_MODE_BEET) {
 		u8 *prevhdr;
 		int hdr_len;
 
@@ -50,26 +51,28 @@
 		skb->nh.raw = prevhdr - x->props.header_len;
 		skb->h.raw = skb->data + hdr_len;
 		memmove(skb->data, iph, hdr_len);
-		return;
+		if (x->props.mode == XFRM_MODE_TRANSPORT)
+			return;
 	}
 
 	skb->nh.raw = skb->data;
 	top_iph = skb->nh.ipv6h;
 	skb->nh.raw = &top_iph->nexthdr;
 	skb->h.ipv6h = top_iph + 1;
-
-	top_iph->version = 6;
-	top_iph->priority = iph->priority;
-	top_iph->flow_lbl[0] = iph->flow_lbl[0];
-	top_iph->flow_lbl[1] = iph->flow_lbl[1];
-	top_iph->flow_lbl[2] = iph->flow_lbl[2];
-	dsfield = ipv6_get_dsfield(top_iph);
-	dsfield = INET_ECN_encapsulate(dsfield, dsfield);
-	if (x->props.flags & XFRM_STATE_NOECN)
-		dsfield &= ~INET_ECN_MASK;
-	ipv6_change_dsfield(top_iph, 0, dsfield);
-	top_iph->nexthdr = IPPROTO_IPV6; 
-	top_iph->hop_limit = dst_path_metric(dst, RTAX_HOPLIMIT);
+	if(x->props.mode == XFRM_MODE_TUNNEL) {
+		top_iph->version = 6;
+		top_iph->priority = iph->priority;
+		top_iph->flow_lbl[0] = iph->flow_lbl[0];
+		top_iph->flow_lbl[1] = iph->flow_lbl[1];
+		top_iph->flow_lbl[2] = iph->flow_lbl[2];
+		dsfield = ipv6_get_dsfield(top_iph);
+		dsfield = INET_ECN_encapsulate(dsfield, dsfield);
+		if (x->props.flags & XFRM_STATE_NOECN)
+			dsfield &= ~INET_ECN_MASK;
+		ipv6_change_dsfield(top_iph, 0, dsfield);
+		top_iph->nexthdr = IPPROTO_IPV6; 
+		top_iph->hop_limit = dst_path_metric(dst, RTAX_HOPLIMIT);
+	}
 	ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
 	ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
 }
@@ -110,7 +113,7 @@
 	if (err)
 		goto error;
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = xfrm6_tunnel_check_size(skb);
 		if (err)
 			goto error;
diff -urN linux-2.6.9/net/key/af_key.c linux-2.6.9-simple-patch/net/key/af_key.c
--- linux-2.6.9/net/key/af_key.c	2004-10-19 00:55:36.000000000 +0300
+++ linux-2.6.9-simple-patch/net/key/af_key.c	2006-08-05 15:08:02.000000000 +0300
@@ -1065,7 +1065,8 @@
 		/* Nobody uses this, but we try. */
 		x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
 		x->sel.prefixlen_s = addr->sadb_address_prefixlen;
-	}
+	} else
+		x->sel.family = x->props.family; /* Conservative */
 
 	if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
 		struct sadb_x_nat_t_type* n_type;
diff -urN linux-2.6.9/net/xfrm/xfrm_user.c linux-2.6.9-simple-patch/net/xfrm/xfrm_user.c
--- linux-2.6.9/net/xfrm/xfrm_user.c	2004-10-19 00:54:32.000000000 +0300
+++ linux-2.6.9-simple-patch/net/xfrm/xfrm_user.c	2006-08-05 15:08:02.000000000 +0300
@@ -141,8 +141,9 @@
 
 	err = -EINVAL;
 	switch (p->mode) {
-	case 0:
-	case 1:
+	case XFRM_MODE_TRANSPORT:
+	case XFRM_MODE_TUNNEL:
+	case XFRM_MODE_BEET:
 		break;
 
 	default:
@@ -585,6 +586,7 @@
 	int i;
 
 	xp->xfrm_nr = nr;
+	xp->family = ut->family;
 	for (i = 0; i < nr; i++, ut++) {
 		struct xfrm_tmpl *t = &xp->xfrm_vec[i];