ipsec_init.c

网上下到的一个很详细介绍VPN基础知识的资料

/*
 * Initialization code, and /proc file system interface code.
 * Copyright (C) 1996, 1997  John Ioannidis.
 * Copyright (C) 1998, 1999, 2000, 2001  Richard Guy Briggs.
 * 
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

char ipsec_init_c_version[] = "RCSID $Id: ipsec_init.c,v 1.69 2001/06/14 19:33:26 rgb Exp $";

#include <linux/config.h>
#include <linux/version.h>

#include <linux/module.h>
#include <linux/kernel.h> /* printk() */
#include <linux/malloc.h> /* kmalloc() */
#include <linux/errno.h>  /* error codes */
#include <linux/types.h>  /* size_t */
#include <linux/interrupt.h> /* mark_bh */

#include <linux/netdevice.h>   /* struct device, and other headers */
#include <linux/etherdevice.h> /* eth_type_trans */
#include <linux/ip.h>          /* struct iphdr */
#include <linux/in.h>          /* struct sockaddr_in */
#include <linux/skbuff.h>
#include <freeswan.h>
#ifdef SPINLOCK
#ifdef SPINLOCK_23
#include <linux/spinlock.h> /* *lock* */
#else /* SPINLOCK_23 */
#include <asm/spinlock.h> /* *lock* */
#endif /* SPINLOCK_23 */
#endif /* SPINLOCK */
#ifdef NET_21
#include <asm/uaccess.h>
#include <linux/in6.h>
#endif /* NET_21 */
#include <asm/checksum.h>
#include <net/ip.h>
#ifdef CONFIG_PROC_FS
#include <linux/proc_fs.h>
#endif /* CONFIG_PROC_FS */
#ifdef NETLINK_SOCK
#include <linux/netlink.h>
#else
#include <net/netlink.h>
#endif

#include "radij.h"
#include "ipsec_encap.h"
#include "ipsec_radij.h"
#include "ipsec_netlink.h"
#include "ipsec_xform.h"
#include "ipsec_tunnel.h"

#include "version.c"

#include "ipsec_rcv.h"
#include "ipsec_ah.h"
#include "ipsec_esp.h"

#ifdef CONFIG_IPSEC_IPCOMP
#include "ipcomp.h"
#endif /* CONFIG_IPSEC_IPCOMP */

#include <pfkeyv2.h>
#include <pfkey.h>

extern char *radij_c_version;

#ifdef CONFIG_IPSEC_DEBUG
int debug_eroute = 0;
int debug_spi = 0;
#endif /* CONFIG_IPSEC_DEBUG */

#ifdef CONFIG_PROC_FS
#ifndef PROC_FS_2325
DEBUG_NO_STATIC
#endif /* PROC_FS_2325 */
int
ipsec_eroute_get_info(char *buffer, char **start, off_t offset, int length
#ifndef PROC_NO_DUMMY
, int dummy
#endif /* !PROC_NO_DUMMY */
)
{
	struct wsbuf w = {buffer, length, offset, 0, 0, 0, 0};

#ifdef CONFIG_IPSEC_DEBUG
	if (debug_radij & DB_RJ_DUMPTREES)
	  rj_dumptrees();			/* XXXXXXXXX */
#endif /* CONFIG_IPSEC_DEBUG */

	KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
		    "klips_debug:ipsec_eroute_get_info: "
		    "buffer=0x%p, *start=0x%x, offset=%d, length=%d\n",
		    buffer,
		    (u_int)*start,
		    (int)offset,
		    length);

	spin_lock_bh(&eroute_lock);

	rj_walktree(rnh, ipsec_rj_walker_procprint, &w);
/*	rj_walktree(mask_rjhead, ipsec_rj_walker_procprint, &w); */

	spin_unlock_bh(&eroute_lock);

	*start = buffer + (offset - w.begin);	/* Start of wanted data */
	w.len -= (offset - w.begin);			/* Start slop */
	if (w.len > length)
		w.len = length;
	return w.len;
}

#ifndef PROC_FS_2325
DEBUG_NO_STATIC
#endif /* PROC_FS_2325 */
int
ipsec_spi_get_info(char *buffer, char **start, off_t offset, int length
#ifndef  PROC_NO_DUMMY
, int dummy
#endif /* !PROC_NO_DUMMY */
)
{
	int len = 0;
	off_t pos = 0, begin = 0;
	int i;
	struct tdb *tdbp;
	char sa[SATOA_BUF];
	char buf_s[ADDRTOA_BUF];
#if 0
	char buf_d[ADDRTOA_BUF];
#endif
	size_t sa_len;

	KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
		    "klips_debug:ipsec_spi_get_info: "
		    "buffer=0x%p, *start=0x%x, offset=%d, length=%d\n",
		    buffer,
		    (u_int)*start,
		    (int)offset,
		    length);
	
	spin_lock_bh(&tdb_lock);
	
	for (i = 0; i < TDB_HASHMOD; i++) {
		for (tdbp = tdbh[i]; tdbp; tdbp = tdbp->tdb_hnext) {
			sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF);
			len += sprintf(buffer + len, "%s ", sa_len ? sa : " (error)");
			len += sprintf(buffer + len, "%s%s%s", TDB_XFORM_NAME(tdbp));
			len += sprintf(buffer + len, ": dir=%s",
				       (tdbp->tdb_flags & EMT_INBOUND) ?
				       "in " : "out");
#if 0
			if((tdbp->tdb_said.proto == IPPROTO_IPIP) && tdbp->tdb_addr_s && tdbp->tdb_addr_d) {
				addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr,
					0, buf_s, sizeof(buf_s));
				addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr,
					0, buf_d, sizeof(buf_d));
				len += sprintf(buffer + len, " %s -> %s",
					       buf_s, buf_d);
			}
#else
			if(tdbp->tdb_addr_s) {
				addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr,
					0, buf_s, sizeof(buf_s));
				len += sprintf(buffer + len, " src=%s",
					       buf_s);
			}
#endif

			if(tdbp->tdb_iv_bits) {
				int j;
				len += sprintf(buffer + len, " iv_bits=%dbits iv=0x",
					       tdbp->tdb_iv_bits);
				for(j = 0; j < tdbp->tdb_iv_bits / 8; j++) {
					len += sprintf(buffer + len, "%02x",
						       (__u32)((__u8*)(tdbp->tdb_iv))[j]);
				}
			}
			if(tdbp->tdb_encalg || tdbp->tdb_authalg) {
				if(tdbp->tdb_replaywin) {
					len += sprintf(buffer + len, " ooowin=%d",
						       tdbp->tdb_replaywin);
				}
				if(tdbp->tdb_replaywin_errs) {
					len += sprintf(buffer + len, " ooo_errs=%d",
						       tdbp->tdb_replaywin_errs);
				}
				if(tdbp->tdb_replaywin_lastseq) {
                                       len += sprintf(buffer + len, " seq=%d",
						      tdbp->tdb_replaywin_lastseq);
				}
				if(tdbp->tdb_replaywin_bitmap) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
					len += sprintf(buffer + len, " bit=0x%Lx",
						       tdbp->tdb_replaywin_bitmap);
#else
					len += sprintf(buffer + len, " bit=0x%x%08x",
						       (__u32)(tdbp->tdb_replaywin_bitmap >> 32),
						       (__u32)tdbp->tdb_replaywin_bitmap);
#endif
				}
				if(tdbp->tdb_replaywin_maxdiff) {
					len += sprintf(buffer + len, " max_seq_diff=%d",
						       tdbp->tdb_replaywin_maxdiff);
				}
			}
			if(tdbp->tdb_flags & ~EMT_INBOUND) {
				len += sprintf(buffer + len, " flags=0x%x",
					       tdbp->tdb_flags & ~EMT_INBOUND);
				len += sprintf(buffer + len, "<");
				/* flag printing goes here */
				len += sprintf(buffer + len, ">");
			}
			if(tdbp->tdb_auth_bits) {
				len += sprintf(buffer + len, " alen=%d",
					       tdbp->tdb_auth_bits);
			}
			if(tdbp->tdb_key_bits_a) {
				len += sprintf(buffer + len, " aklen=%d",
					       tdbp->tdb_key_bits_a);
			}
			if(tdbp->tdb_auth_errs) {
				len += sprintf(buffer + len, " auth_errs=%d",
					       tdbp->tdb_auth_errs);
			}
			if(tdbp->tdb_key_bits_e) {
				len += sprintf(buffer + len, " eklen=%d",
					       tdbp->tdb_key_bits_e);
			}
			if(tdbp->tdb_encsize_errs) {
				len += sprintf(buffer + len, " encr_size_errs=%d",
					       tdbp->tdb_encsize_errs);
			}
			if(tdbp->tdb_encpad_errs) {
				len += sprintf(buffer + len, " encr_pad_errs=%d",
					       tdbp->tdb_encpad_errs);
			}
			
			len += sprintf(buffer + len, " life(c,s,h)=");
			if(tdbp->tdb_lifetime_allocations_c > 1 || 
			   tdbp->tdb_lifetime_allocations_s ||
			   tdbp->tdb_lifetime_allocations_h) {
				len += sprintf(buffer + len, "alloc(%d,%d,%d)",
					       (int)(jiffies - tdbp->tdb_lifetime_allocations_c),
					       tdbp->tdb_lifetime_allocations_s,
					       (int)tdbp->tdb_lifetime_allocations_h);
			}
			if(tdbp->tdb_lifetime_bytes_c ||
			   tdbp->tdb_lifetime_bytes_s ||
			   tdbp->tdb_lifetime_bytes_h) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
				len += sprintf(buffer + len, "bytes(%Ld,%Ld,%Ld)",
					       tdbp->tdb_lifetime_bytes_c,
					       tdbp->tdb_lifetime_bytes_s,
					       tdbp->tdb_lifetime_bytes_h);
#else /* XXX high 32 bits are not displayed */
				len += sprintf(buffer + len, "bytes(%lu,%lu,%lu)",
					       (unsigned long)tdbp->tdb_lifetime_bytes_c,
					       (unsigned long)tdbp->tdb_lifetime_bytes_s,
					       (unsigned long)tdbp->tdb_lifetime_bytes_h);
#endif

			}
			if(tdbp->tdb_lifetime_addtime_c ||
			   tdbp->tdb_lifetime_addtime_s ||
			   tdbp->tdb_lifetime_addtime_h) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
				len += sprintf(buffer + len, "add(%Ld,%Ld,%Ld)",
					       jiffies / HZ - tdbp->tdb_lifetime_addtime_c,
					       tdbp->tdb_lifetime_addtime_s,
					       tdbp->tdb_lifetime_addtime_h);
#else
				len += sprintf(buffer + len, "add(%lu,%lu,%lu)",
					       jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_addtime_c,
					       (unsigned long)tdbp->tdb_lifetime_addtime_s,
					       (unsigned long)tdbp->tdb_lifetime_addtime_h);
#endif
			}
			if(tdbp->tdb_lifetime_usetime_c ||
			   tdbp->tdb_lifetime_usetime_s ||
			   tdbp->tdb_lifetime_usetime_h) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
				len += sprintf(buffer + len, "use(%Ld,%Ld,%Ld)",
					       tdbp->tdb_lifetime_usetime_c ?
						jiffies / HZ - tdbp->tdb_lifetime_usetime_c : 0,
					       tdbp->tdb_lifetime_usetime_s,
					       tdbp->tdb_lifetime_usetime_h);
#else
				len += sprintf(buffer + len, "use(%lu,%lu,%lu)",
					       tdbp->tdb_lifetime_usetime_c ?
						jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_usetime_c : 0,
					       (unsigned long)tdbp->tdb_lifetime_usetime_s,
					       (unsigned long)tdbp->tdb_lifetime_usetime_h);
#endif
			}
			if(tdbp->tdb_lifetime_packets_c ||
			   tdbp->tdb_lifetime_packets_s ||
			   tdbp->tdb_lifetime_packets_h) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
				len += sprintf(buffer + len, "packets(%Ld,%Ld,%Ld)",
					       tdbp->tdb_lifetime_packets_c,
					       tdbp->tdb_lifetime_packets_s,
					       tdbp->tdb_lifetime_packets_h);
#else
				len += sprintf(buffer + len, "packets(%lu,%lu,%lu)",
					       (unsigned long)tdbp->tdb_lifetime_packets_c,
					       (unsigned long)tdbp->tdb_lifetime_packets_s,
					       (unsigned long)tdbp->tdb_lifetime_packets_h);
#endif
			}

			if(tdbp->tdb_lifetime_usetime_c) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
				len += sprintf(buffer + len, " idle=%Ld",
					       jiffies / HZ - tdbp->tdb_lifetime_usetime_l);
#else
				len += sprintf(buffer + len, " idle=%lu",
					       jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_usetime_l);
#endif
			}

#ifdef CONFIG_IPSEC_IPCOMP
			if(tdbp->tdb_said.proto == IPPROTO_COMP &&
			   (tdbp->tdb_comp_ratio_dbytes ||
			    tdbp->tdb_comp_ratio_cbytes)) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)
				len += sprintf(buffer + len, " ratio=%Ld:%Ld",
					       tdbp->tdb_comp_ratio_dbytes,
					       tdbp->tdb_comp_ratio_cbytes);
#else
				len += sprintf(buffer + len, " ratio=%lu:%lu",
					       (unsigned long)tdbp->tdb_comp_ratio_dbytes,
					       (unsigned long)tdbp->tdb_comp_ratio_cbytes);
#endif
			}
#endif /* CONFIG_IPSEC_IPCOMP */

			len += sprintf(buffer + len, "\n");

			pos = begin + len;
			if(pos < offset) {
				len = 0;
				begin = pos;
			}
			if (pos > offset + length) {
				goto done_spi_i;
			}
		}
	}

 done_spi_i:	
	spin_unlock_bh(&tdb_lock);

	*start = buffer + (offset - begin);	/* Start of wanted data */
	len -= (offset - begin);			/* Start slop */
	if (len > length)
		len = length;
	return len;
}

#ifndef PROC_FS_2325
DEBUG_NO_STATIC
#endif /* PROC_FS_2325 */
int
ipsec_spigrp_get_info(char *buffer, char **start, off_t offset, int length
#ifndef PROC_NO_DUMMY
, int dummy
#endif /* !PROC_NO_DUMMY */
)
{
	int len = 0;
	off_t pos = 0, begin = 0;
	int i;
	struct tdb *tdbp, *tdbp2;
	char sa[SATOA_BUF];
	size_t sa_len;

	KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS,
		    "klips_debug:ipsec_spigrp_get_info: "
		    "buffer=0x%p, *start=0x%x, offset=%d, length=%d\n",
		    buffer,
		    (u_int)*start,
		    (int)offset,
		    length);

	spin_lock_bh(&tdb_lock);
	
	for (i = 0; i < TDB_HASHMOD; i++) {
		for (tdbp = tdbh[i]; tdbp; tdbp = tdbp->tdb_hnext)
		{
			if(!tdbp->tdb_inext)