Re: [PATCH] IPv6 IPsec support

["Mitsuru KANDA / 神田 充" <mk@karaba.org>]

Hello David,

> 1) Please, can you split out seperate patch for changes
>    to net/ipv4/xfrm_user.c?  They are independant.
> 
>    Kunihiro sent me identical patch, so please could you
>    add him to credits in comment?  Thank you.
I attached xfrm_user.c patch below.


Just FYI, 
the IPv6 part of this patch depends xfrm6_state_lookup().

Sincerely,

Mitsuru KANDA (mk@karaba.org)
 USAGI Project (mk@linux-ipv6.org)



diff -uNr linux-2.5.62.org/net/ipv4/xfrm_user.c linux-2.5.62/net/ipv4/xfrm_user.c
--- linux-2.5.62.org/net/ipv4/xfrm_user.c	2003-02-18 07:56:17.000000000 +0900
+++ linux-2.5.62/net/ipv4/xfrm_user.c	2003-02-20 00:00:57.000000000 +0900
@@ -1,6 +1,13 @@
 /* xfrm_user.c: User interface to configure xfrm engine.
  *
  * Copyright (C) 2002 David S. Miller (davem@redhat.com)
+ *
+ * Changes
+ *
+ *	Mitsuru KANDA @USAGI       : IPv6 Support 
+ * 	Kazunori MIYAZAWA @USAGI   :
+ * 	Kunihiro Ishiguro          :
+ * 	
  */
 
 #include <linux/module.h>
@@ -17,6 +24,9 @@
 #include <linux/ipsec.h>
 #include <linux/init.h>
 #include <linux/security.h>
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#include <linux/in6.h>
+#endif
 #include <net/sock.h>
 #include <net/xfrm.h>
 
@@ -63,11 +73,13 @@
 	case AF_INET:
 		break;
 
-	case AF_INET6: /* XXX */
-		err = -EAFNOSUPPORT;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		break;
+#endif
 
-		/* fallthru */
 	default:
+		err = -EAFNOSUPPORT;
 		goto out;
 	};
 
@@ -206,8 +218,21 @@
 	if (!x)
 		return err;
 
-	x1 = xfrm_state_lookup(x->props.saddr.xfrm4_addr,
-			       x->id.spi, x->id.proto);
+	switch (p->family) {
+	case AF_INET:
+		x1 = xfrm_state_lookup(x->props.saddr.xfrm4_addr, 
+				x->id.spi, x->id.proto);
+		break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		x1 = xfrm6_state_lookup((struct in6_addr *)&x->props.saddr,
+				x->id.spi,x->id.proto);
+		break;
+#endif
+	default:
+		return -EAFNOSUPPORT;
+	}
+
 	if (x1) {
 		xfrm_state_put(x);
 		xfrm_state_put(x1);
@@ -224,7 +249,19 @@
 	struct xfrm_state *x;
 	struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
 
-	x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+	switch (p->family) {
+	case AF_INET:
+		x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+		break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		x = xfrm6_state_lookup((struct in6_addr *)&p->saddr, p->spi, p->proto);
+		break;
+#endif
+	default:
+		return -EAFNOSUPPORT;
+	}
+
 	if (x == NULL)
 		return -ESRCH;
 
@@ -342,7 +379,19 @@
 	struct sk_buff *resp_skb;
 	int err;
 
-	x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+	switch (p->family) {
+	case AF_INET:
+		x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+		break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		x = xfrm6_state_lookup((struct in6_addr *)&p->saddr, p->spi, p->proto);
+		break;
+#endif
+	default:
+		return -EAFNOSUPPORT;
+	}
+
 	err = -ESRCH;
 	if (x == NULL)
 		goto out_noput;
@@ -393,9 +442,25 @@
 	err = verify_userspi_info(p);
 	if (err)
 		goto out_noput;
-	x = xfrm_find_acq(p->info.mode, p->info.reqid, p->info.id.proto,
-			  p->info.sel.daddr.xfrm4_addr,
-			  p->info.sel.saddr.xfrm4_addr, 1);
+
+	switch (p->info.family) {
+	case AF_INET:
+		x = xfrm_find_acq(p->info.mode, p->info.reqid, p->info.id.proto, 
+				p->info.sel.daddr.xfrm4_addr, 
+				p->info.sel.saddr.xfrm4_addr, 1);
+		break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		x = xfrm6_find_acq(p->info.mode, p->info.reqid, p->info.id.proto,
+				(struct in6_addr *)&p->info.sel.daddr,
+				(struct in6_addr *)&p->info.sel.saddr, 1);
+		break;
+#endif
+	default:
+		err = -EAFNOSUPPORT;
+		goto out_noput;
+	}
+
 	err = -ENOENT;
 	if (x == NULL)
 		goto out_noput;