Re: [PATCH]:[XFRM] BEET mode
Quoting Miika Komu <[EMAIL PROTECTED]>: > On Tue, 19 Sep 2006, Miika Komu wrote: > > > Ah, forgot to add new files to version control, sorry. My bad... > > The last patch I sent should be fine. > Yes, this patch taken from the mail works just fine. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
On Tue, 19 Sep 2006, Miika Komu wrote: Ah, forgot to add new files to version control, sorry. My bad... The last patch I sent should be fine. -- Miika Komu http://www.iki.fi/miika/ - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
This patch introduces the BEET mode (Bound End-to-End Tunnel) with as
specified by the ietf draft at the following link:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
The patch provides only single family support (i.e. inner family =
outer family).
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Signed-off-by: Miika Komu <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: Abhinav Pathak <[EMAIL PROTECTED]>
Signed-off-by: Jeff Ahrenholz <[EMAIL PROTECTED]>
---
commit d9bc03a423b2436535efb7d4d8c36472a0c51074
tree bd907aaedb2226abb6a51c68380fcc60e09afb12
parent 7800c382abc6b2416eab2e935ff82c20e2f08acd
author Miika Komu <[EMAIL PROTECTED]> Tue, 19 Sep 2006 15:05:24 +0300
committer Miika Komu <[EMAIL PROTECTED]> Tue, 19 Sep 2006 15:05:24 +0300
include/linux/in.h |1
include/linux/ip.h |9 +++
include/linux/ipsec.h |3 +
include/linux/xfrm.h |3 +
net/ipv4/Kconfig |9 +++
net/ipv4/Makefile |1
net/ipv4/esp4.c| 26 ++--
net/ipv4/ipcomp.c |5 +-
net/ipv4/xfrm4_mode_beet.c | 139
net/ipv6/Kconfig | 10 +++
net/ipv6/Makefile |1
net/ipv6/ipcomp6.c |5 +-
net/ipv6/xfrm6_mode_beet.c | 107 ++
net/xfrm/xfrm_user.c |1
14 files changed, 309 insertions(+), 11 deletions(-)
diff --git a/include/linux/in.h b/include/linux/in.h
index bcaca83..f1ae3cc 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -40,6 +40,7 @@ enum {
IPPROTO_ESP = 50,/* Encapsulation Security Payload protocol */
IPPROTO_AH = 51, /* Authentication Header protocol */
+ IPPROTO_BEETPH = 94,/* IP option pseudo header for BEET */
IPPROTO_PIM= 103,/* Protocol Independent Multicast
*/
IPPROTO_COMP = 108,/* Compression Header protocol */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 2f46001..7a3aee8 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -80,6 +80,8 @@ #define IPOPT_TS_TSONLY 0 /*
timestamp
#defineIPOPT_TS_TSANDADDR 1 /* timestamps and
addresses */
#defineIPOPT_TS_PRESPEC3 /* specified modules
only */
+#define IPV4_BEET_PHMAXLEN 8
+
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8ihl:4,
@@ -123,4 +125,11 @@ struct ip_comp_hdr {
__u16 cpi;
};
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
#endif /* _LINUX_IP_H */
diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h
index d3c5276..d17a630 100644
--- a/include/linux/ipsec.h
+++ b/include/linux/ipsec.h
@@ -12,7 +12,8 @@ #define IPSEC_PROTO_ANY 255
enum {
IPSEC_MODE_ANY = 0,/* We do not support this for SA */
IPSEC_MODE_TRANSPORT= 1,
- IPSEC_MODE_TUNNEL = 2
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
};
enum {
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 14ecd19..a745cb3 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -129,7 +129,8 @@ #define XFRM_MODE_TRANSPORT 0
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
-#define XFRM_MODE_MAX 4
+#define XFRM_MODE_BEET 4
+#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 90f9136..c5e3b17 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -433,6 +433,15 @@ config INET_XFRM_MODE_TUNNEL
If unsure, say Y.
+config INET_XFRM_MODE_BEET
+ tristate "IP: IPsec BEET mode"
+ default y
+ select XFRM
+ ---help---
+ Support for IPsec BEET mode.
+
+ If unsure, say Y.
+
config INET_DIAG
tristate "INET: socket monitoring interface"
default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index f66049e..15645c5 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -23,6 +23,7 @@ obj-$(CONFIG_INET_AH) += ah4.o
obj-$(CONFIG_INET_ESP) += esp4.o
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
+obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 9628de9..c846f13 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -241,7 +241,8 @@ static int esp_input(struct xfrm_state *
*as per draft-ietf-ipsec-udp-encaps-06,
*section 3.1.2
*/
- if (x->props.mode == XFRM_MODE_TRANSPORT)
+ if (x->prop
Re: [PATCH]:[XFRM] BEET mode
Ah, forgot to add new files to version control, sorry. My bad... -- Miika Komu http://www.iki.fi/miika/ - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
This patch introduces the BEET mode (Bound End-to-End Tunnel) with as
specified by the ietf draft at the following link:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
The patch provides only single family support (i.e. inner family =
outer family).
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Signed-off-by: Miika Komu <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: Abhinav Pathak <[EMAIL PROTECTED]>
Signed-off-by: Jeff Ahrenholz <[EMAIL PROTECTED]>
---
commit c1064da17f2c4a680b72cdf0daa74d7a69f90ea7
tree b6d7762770387223fe2b49a87312ba3ea786cd1b
parent 7800c382abc6b2416eab2e935ff82c20e2f08acd
author Miika Komu <[EMAIL PROTECTED]> Tue, 19 Sep 2006 12:21:59 +0300
committer Miika Komu <[EMAIL PROTECTED]> Tue, 19 Sep 2006 12:21:59 +0300
include/linux/in.h|1 +
include/linux/ip.h|9 +
include/linux/ipsec.h |3 ++-
include/linux/xfrm.h |3 ++-
net/ipv4/Kconfig |9 +
net/ipv4/Makefile |1 +
net/ipv4/esp4.c | 26 +++---
net/ipv4/ipcomp.c |5 -
net/ipv6/Kconfig | 10 ++
net/ipv6/Makefile |1 +
net/ipv6/ipcomp6.c|5 -
net/xfrm/xfrm_user.c |1 +
12 files changed, 63 insertions(+), 11 deletions(-)
diff --git a/include/linux/in.h b/include/linux/in.h
index bcaca83..f1ae3cc 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -40,6 +40,7 @@ enum {
IPPROTO_ESP = 50,/* Encapsulation Security Payload protocol */
IPPROTO_AH = 51, /* Authentication Header protocol */
+ IPPROTO_BEETPH = 94,/* IP option pseudo header for BEET */
IPPROTO_PIM= 103,/* Protocol Independent Multicast
*/
IPPROTO_COMP = 108,/* Compression Header protocol */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 2f46001..7a3aee8 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -80,6 +80,8 @@ #define IPOPT_TS_TSONLY 0 /*
timestamp
#defineIPOPT_TS_TSANDADDR 1 /* timestamps and
addresses */
#defineIPOPT_TS_PRESPEC3 /* specified modules
only */
+#define IPV4_BEET_PHMAXLEN 8
+
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8ihl:4,
@@ -123,4 +125,11 @@ struct ip_comp_hdr {
__u16 cpi;
};
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
#endif /* _LINUX_IP_H */
diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h
index d3c5276..d17a630 100644
--- a/include/linux/ipsec.h
+++ b/include/linux/ipsec.h
@@ -12,7 +12,8 @@ #define IPSEC_PROTO_ANY 255
enum {
IPSEC_MODE_ANY = 0,/* We do not support this for SA */
IPSEC_MODE_TRANSPORT= 1,
- IPSEC_MODE_TUNNEL = 2
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
};
enum {
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 14ecd19..a745cb3 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -129,7 +129,8 @@ #define XFRM_MODE_TRANSPORT 0
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
-#define XFRM_MODE_MAX 4
+#define XFRM_MODE_BEET 4
+#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 90f9136..c5e3b17 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -433,6 +433,15 @@ config INET_XFRM_MODE_TUNNEL
If unsure, say Y.
+config INET_XFRM_MODE_BEET
+ tristate "IP: IPsec BEET mode"
+ default y
+ select XFRM
+ ---help---
+ Support for IPsec BEET mode.
+
+ If unsure, say Y.
+
config INET_DIAG
tristate "INET: socket monitoring interface"
default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index f66049e..15645c5 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -23,6 +23,7 @@ obj-$(CONFIG_INET_AH) += ah4.o
obj-$(CONFIG_INET_ESP) += esp4.o
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
+obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 9628de9..c846f13 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -241,7 +241,8 @@ static int esp_input(struct xfrm_state *
*as per draft-ietf-ipsec-udp-encaps-06,
*section 3.1.2
*/
- if (x->props.mode == XFRM_MODE_TRANSPORT)
+ if (x->props.mode == XFRM_MODE_TRANSPORT ||
+ x->props.mode == XFRM_MODE_BEET)
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
Re: [PATCH]:[XFRM] BEET mode
Ok, I will resend the patch in a moment. I tested it with cg-* tools and it did not create any conflicts with davem branch. The email programs with automatic line wrapping are really tricky, seems like "mail" or "mailx" really the only options. -- Miika Komu http://www.iki.fi/miika/ - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
On Sat, 16 Sep 2006, Diego Beltrami wrote: The patch which introduces the BEET mode and which previously was sent to this mailing list is valid also for http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=summary branch. However there are probably some errors in attaching inline the patch to the mail. I retry to reattach it. In any case, if there would be some errors, the same patch can be found at the following URL and it works just fine: .. For those who haven't been following this discussion, the patch introduces the BEET mode (Bound End-to-End Tunnel) as specified by the ietf draft at the following link: http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]> Signed-off-by: Miika Komu <[EMAIL PROTECTED]> Signed-off-by: Herbert Xu <[EMAIL PROTECTED]> Signed-off-by: Abhinav Pathak <[EMAIL PROTECTED]> Signed-off-by: Jeff Ahrenholz <[EMAIL PROTECTED]> Is the patch in the web fine? Diego said that the patch applies fine to Dave's branch, but the problem is the email formatting. The patch in the web is the same as forwarded to the email list. I put the patch into a more permanent location: http://infrahip.hiit.fi/beet/2.6.18/simple-beet-ph-patch-2.6.18 http://infrahip.hiit.fi/beet/2.6.18/simple-beet-ph-patch-2.6.18.md5sum 5cd131d2f15f04d3dc26e360ce3ae38e simple-beet-ph-patch-2.6.18 -- Miika Komu http://www.iki.fi/miika/ - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
The patch which introduces the BEET mode and which previously was sent to this
mailing list is valid also for
http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=summary
branch.
However there are probably some errors in attaching inline the patch to the
mail.
I retry to reattach it. In any case, if there would be some errors, the same
patch can be found at the following URL and it works just fine:
http://infrahip.hiit.fi/beet/tmp/simple-beet-ph-patch-2.6.18
For those who haven't been following this discussion, the patch introduces the
BEET mode (Bound End-to-End Tunnel) as specified by the ietf draft at the
following link:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Signed-off-by: Miika Komu <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: Abhinav Pathak <[EMAIL PROTECTED]>
Signed-off-by: Jeff Ahrenholz <[EMAIL PROTECTED]>
Thanks,
--
Diego Beltrami
diff --git a/include/linux/in.h b/include/linux/in.h
index bcaca83..f1ae3cc 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -40,6 +40,7 @@ enum {
IPPROTO_ESP = 50,/* Encapsulation Security Payload protocol */
IPPROTO_AH = 51, /* Authentication Header protocol */
+ IPPROTO_BEETPH = 94,/* IP option pseudo header for BEET */
IPPROTO_PIM= 103,/* Protocol Independent Multicast
*/
IPPROTO_COMP = 108,/* Compression Header protocol */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 2f46001..7a3aee8 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -80,6 +80,8 @@
#defineIPOPT_TS_TSANDADDR 1 /* timestamps and
addresses */
#defineIPOPT_TS_PRESPEC3 /* specified modules
only */
+#define IPV4_BEET_PHMAXLEN 8
+
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8ihl:4,
@@ -123,4 +125,11 @@ struct ip_comp_hdr {
__u16 cpi;
};
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
#endif /* _LINUX_IP_H */
diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h
index d3c5276..d17a630 100644
--- a/include/linux/ipsec.h
+++ b/include/linux/ipsec.h
@@ -12,7 +12,8 @@
enum {
IPSEC_MODE_ANY = 0,/* We do not support this for SA */
IPSEC_MODE_TRANSPORT= 1,
- IPSEC_MODE_TUNNEL = 2
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
};
enum {
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 14ecd19..a745cb3 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -129,7 +129,8 @@ enum
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
-#define XFRM_MODE_MAX 4
+#define XFRM_MODE_BEET 4
+#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 90f9136..c5e3b17 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -433,6 +433,15 @@ config INET_XFRM_MODE_TUNNEL
If unsure, say Y.
+config INET_XFRM_MODE_BEET
+ tristate "IP: IPsec BEET mode"
+ default y
+ select XFRM
+ ---help---
+ Support for IPsec BEET mode.
+
+ If unsure, say Y.
+
config INET_DIAG
tristate "INET: socket monitoring interface"
default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index f66049e..15645c5 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -23,6 +23,7 @@ obj-$(CONFIG_INET_AH) += ah4.o
obj-$(CONFIG_INET_ESP) += esp4.o
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
+obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 9628de9..c846f13 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -241,7 +241,8 @@ static int esp_input(struct xfrm_state *
*as per draft-ietf-ipsec-udp-encaps-06,
*section 3.1.2
*/
- if (x->props.mode == XFRM_MODE_TRANSPORT)
+ if (x->props.mode == XFRM_MODE_TRANSPORT ||
+ x->props.mode == XFRM_MODE_BEET)
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
@@ -259,17 +260,28 @@ static u32 esp4_get_max_size(struct xfrm
{
struct esp_data *esp = x->data;
u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
+ int enclen = 0;
- if (x->props.mode == XFRM_MODE_TUNNEL) {
- mtu = ALIGN(mtu + 2, blksize);
- } else {
- /* The worst case. */
+ switch (x->props.mode) {
+ case XFRM_MODE_TUNNEL:
+ mtu = ALIGN(mtu +2,
Re: [PATCH]:[XFRM] BEET mode
On Thu, Sep 14, 2006 at 09:09:07AM -0700, Randy.Dunlap wrote:
>
> http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=summary
Yes please use this one until 2.6.18 is released.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
On Thu, 14 Sep 2006 18:52:26 +0300 Diego Beltrami wrote: > > > I suppose that this applies to Dave's netdev git tree? > > That would explain why I get lots of patch errors when I try > > to apply it to 2.6.18-rc7... > > Actually we made the patch against linux/kernel/git/acme/net-2.6.19.git > > is that the wrong branch? I can answer, but it won't be authoritative, so someone else should also answer. I would expect patches to be made against DaveM's 2.6.19 git or 2.6.x git trees: http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=summary http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.git;a=summary although the acme tree may be tracking DaveM's tree(s) closely. --- ~Randy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
> I suppose that this applies to Dave's netdev git tree? > That would explain why I get lots of patch errors when I try > to apply it to 2.6.18-rc7... Actually we made the patch against linux/kernel/git/acme/net-2.6.19.git is that the wrong branch? -- Diego - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
On Thu, 14 Sep 2006 13:25:49 +0300 (EEST) Miika Komu wrote: > Below is a fixed version of the announced patch. I hope this one is ok. Yes, the split line is fixed now. I suppose that this applies to Dave's netdev git tree? That would explain why I get lots of patch errors when I try to apply it to 2.6.18-rc7... or it could be that the surrounding patch context lines have too many leading spaces for some reason. That's what it looks like to me. Did you take the patch from the mailing list and try to apply it to your unpatched tree? linux-2618-rc7work> dryrun < ~/beet-mode.patch 1 out of 1 hunk FAILED -- saving rejects to file include/linux/in.h.rej 2 out of 2 hunks FAILED -- saving rejects to file include/linux/ip.h.rej 1 out of 1 hunk FAILED -- saving rejects to file include/linux/ipsec.h.rej 1 out of 1 hunk FAILED -- saving rejects to file include/linux/xfrm.h.rej 1 out of 1 hunk FAILED -- saving rejects to file net/ipv4/Kconfig.rej 1 out of 1 hunk FAILED -- saving rejects to file net/ipv4/Makefile.rej 2 out of 2 hunks FAILED -- saving rejects to file net/ipv4/esp4.c.rej 2 out of 2 hunks FAILED -- saving rejects to file net/ipv4/ipcomp.c.rej 1 out of 1 hunk FAILED -- saving rejects to file net/ipv6/Kconfig.rej 1 out of 1 hunk FAILED -- saving rejects to file net/ipv6/Makefile.rej 2 out of 2 hunks FAILED -- saving rejects to file net/ipv6/ipcomp6.c.rej 1 out of 1 hunk FAILED -- saving rejects to file net/xfrm/xfrm_user.c.rej --- ~Randy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH]:[XFRM] BEET mode
Below is a fixed version of the announced patch. I hope this one is ok.
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Signed-off-by: Miika Komu <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: Abhinav Pathak <[EMAIL PROTECTED]>
Signed-off-by: Jeff Ahrenholz <[EMAIL PROTECTED]>
diff --git a/include/linux/in.h b/include/linux/in.h
index bcaca83..f1ae3cc 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -40,6 +40,7 @@ enum {
IPPROTO_ESP = 50,/* Encapsulation Security Payload protocol */
IPPROTO_AH = 51, /* Authentication Header protocol */
+ IPPROTO_BEETPH = 94,/* IP option pseudo header for BEET */
IPPROTO_PIM= 103,/* Protocol Independent Multicast
*/
IPPROTO_COMP = 108,/* Compression Header protocol */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 2f46001..7a3aee8 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -80,6 +80,8 @@
#defineIPOPT_TS_TSANDADDR 1 /* timestamps and
addresses */
#defineIPOPT_TS_PRESPEC3 /* specified modules
only */
+#define IPV4_BEET_PHMAXLEN 8
+
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8ihl:4,
@@ -123,4 +125,11 @@ struct ip_comp_hdr {
__u16 cpi;
};
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
#endif /* _LINUX_IP_H */
diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h
index d3c5276..d17a630 100644
--- a/include/linux/ipsec.h
+++ b/include/linux/ipsec.h
@@ -12,7 +12,8 @@
enum {
IPSEC_MODE_ANY = 0,/* We do not support this for SA */
IPSEC_MODE_TRANSPORT= 1,
- IPSEC_MODE_TUNNEL = 2
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
};
enum {
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 14ecd19..a745cb3 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -129,7 +129,8 @@ enum
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
-#define XFRM_MODE_MAX 4
+#define XFRM_MODE_BEET 4
+#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 90f9136..c5e3b17 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -433,6 +433,15 @@ config INET_XFRM_MODE_TUNNEL
If unsure, say Y.
+config INET_XFRM_MODE_BEET
+ tristate "IP: IPsec BEET mode"
+ default y
+ select XFRM
+ ---help---
+ Support for IPsec BEET mode.
+
+ If unsure, say Y.
+
config INET_DIAG
tristate "INET: socket monitoring interface"
default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index f66049e..15645c5 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -23,6 +23,7 @@ obj-$(CONFIG_INET_AH) += ah4.o
obj-$(CONFIG_INET_ESP) += esp4.o
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
+obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 9628de9..c846f13 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -241,7 +241,8 @@ static int esp_input(struct xfrm_state *
*as per draft-ietf-ipsec-udp-encaps-06,
*section 3.1.2
*/
- if (x->props.mode == XFRM_MODE_TRANSPORT)
+ if (x->props.mode == XFRM_MODE_TRANSPORT ||
+ x->props.mode == XFRM_MODE_BEET)
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
@@ -259,17 +260,28 @@ static u32 esp4_get_max_size(struct xfrm
{
struct esp_data *esp = x->data;
u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
+ int enclen = 0;
- if (x->props.mode == XFRM_MODE_TUNNEL) {
- mtu = ALIGN(mtu + 2, blksize);
- } else {
- /* The worst case. */
+ switch (x->props.mode) {
+ case XFRM_MODE_TUNNEL:
+ mtu = ALIGN(mtu +2, blksize);
+ break;
+ default:
+ case XFRM_MODE_TRANSPORT:
+ /* The worst case */
mtu = ALIGN(mtu + 2, 4) + blksize - 4;
+ break;
+ case XFRM_MODE_BEET:
+ /* The worst case. */
+ enclen = IPV4_BEET_PHMAXLEN;
+ mtu = ALIGN(mtu + enclen + 2, blksize);
+ break;
}
+
if (esp->conf.padlen)
mtu = ALIGN(mtu, esp->conf.padlen);
- return mtu + x->props.header_len + esp->auth.icv_trunc_len;
+ return mtu + x->props.header_len + esp->auth.icv_trunc_len - enclen;
}
static void esp4_err(struct sk_buff *skb, u32 i
Re: [PATCH]:[XFRM] BEET mode
On Wed, 13 Sep 2006 19:26:19 +0300 Diego Beltrami wrote: Looks like IMP (? or something else along the way?) split a long line into 2 lines for you (same thing in 2 places). See below. > diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c > new file mode 100644 > index 000..75db6a6 > --- /dev/null > +++ b/net/ipv4/xfrm4_mode_beet.c > @@ -0,0 +1,139 @@ > + * The top IP header will be constructed per > draft-nikander-esp-beet-mode-06.txt. There, above, and same comment in the ipv6 source file. > diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c > new file mode 100644 > index 000..edcfffa > --- /dev/null > +++ b/net/ipv6/xfrm6_mode_beet.c > @@ -0,0 +1,107 @@ > + > +/* Add encapsulation header. > + * > + * The top IP header will be constructed per > draft-nikander-esp-beet-mode-06.txt. There, above. > + * The following fields in it shall be filled in by x->type->output: > + * payload_len --- ~Randy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH]:[XFRM] BEET mode
Hi all,
here you can find the patch rebased to the current tree net-2.6.19 which
introduces the BEET mode (Bound End-to-End Tunnel) as specified by the ietf
draft at the following link:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
A BEET mode Security Associations records two pairs of IP addresses, called
inner addresses and outer addresses. The inner addresses are what the
applications see. The outer addresses are what appear on the wire.
The presented BEET mode allows for transformation having inner family equal to
outer family.
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Signed-off-by: Miika Komu <[EMAIL PROTECTED]>
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: Abhinav Pathak <[EMAIL PROTECTED]>
Signed-off-by: Jeff Ahrenholz <[EMAIL PROTECTED]>
--
Diego Beltrami
diff --git a/include/linux/in.h b/include/linux/in.h
index bcaca83..f1ae3cc 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -40,6 +40,7 @@ enum {
IPPROTO_ESP = 50,/* Encapsulation Security Payload protocol */
IPPROTO_AH = 51, /* Authentication Header protocol */
+ IPPROTO_BEETPH = 94,/* IP option pseudo header for BEET */
IPPROTO_PIM= 103,/* Protocol Independent Multicast
*/
IPPROTO_COMP = 108,/* Compression Header protocol */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 2f46001..7a3aee8 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -80,6 +80,8 @@
#defineIPOPT_TS_TSANDADDR 1 /* timestamps and
addresses */
#defineIPOPT_TS_PRESPEC3 /* specified modules
only */
+#define IPV4_BEET_PHMAXLEN 8
+
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8ihl:4,
@@ -123,4 +125,11 @@ struct ip_comp_hdr {
__u16 cpi;
};
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
#endif /* _LINUX_IP_H */
diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h
index d3c5276..d17a630 100644
--- a/include/linux/ipsec.h
+++ b/include/linux/ipsec.h
@@ -12,7 +12,8 @@
enum {
IPSEC_MODE_ANY = 0,/* We do not support this for SA */
IPSEC_MODE_TRANSPORT= 1,
- IPSEC_MODE_TUNNEL = 2
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
};
enum {
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 14ecd19..a745cb3 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -129,7 +129,8 @@ enum
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
-#define XFRM_MODE_MAX 4
+#define XFRM_MODE_BEET 4
+#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 90f9136..c5e3b17 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -433,6 +433,15 @@ config INET_XFRM_MODE_TUNNEL
If unsure, say Y.
+config INET_XFRM_MODE_BEET
+ tristate "IP: IPsec BEET mode"
+ default y
+ select XFRM
+ ---help---
+ Support for IPsec BEET mode.
+
+ If unsure, say Y.
+
config INET_DIAG
tristate "INET: socket monitoring interface"
default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index f66049e..15645c5 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -23,6 +23,7 @@ obj-$(CONFIG_INET_AH) += ah4.o
obj-$(CONFIG_INET_ESP) += esp4.o
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
+obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 9628de9..c846f13 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -241,7 +241,8 @@ static int esp_input(struct xfrm_state *
*as per draft-ietf-ipsec-udp-encaps-06,
*section 3.1.2
*/
- if (x->props.mode == XFRM_MODE_TRANSPORT)
+ if (x->props.mode == XFRM_MODE_TRANSPORT ||
+ x->props.mode == XFRM_MODE_BEET)
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
@@ -259,17 +260,28 @@ static u32 esp4_get_max_size(struct xfrm
{
struct esp_data *esp = x->data;
u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
+ int enclen = 0;
- if (x->props.mode == XFRM_MODE_TUNNEL) {
- mtu = ALIGN(mtu + 2, blksize);
- } else {
- /* The worst case. */
+ switch (x->props.mode) {
+ case XFRM_MODE_TUNNEL:
+ mtu = ALIGN(mtu +2, blksize);
+ break;
+ default:
+ case XFRM_MODE_TRANSPORT:
+ /* The worst case */
mtu = ALIGN(mtu + 2, 4) + blk
Re: [PATCH]:[XFRM] BEET mode
Hello.
In article <[EMAIL PROTECTED]> (at Sun, 10 Sep 2006 20:10:06 +0300), Diego
Beltrami <[EMAIL PROTECTED]> says:
> as part of this email you can find a patch which introduces the BEET mode
> (Bound
> End-to-End Tunnel) as specified by the ietf draft at the following link:
:
> Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
>Miika Komu <[EMAIL PROTECTED]>
>Herbert Xu <[EMAIL PROTECTED]>
>Abhinav Pathak <[EMAIL PROTECTED]>
>Jeff Ahrenholz <[EMAIL PROTECTED]>
Please put one "Signed-off-by:" per person,.
> diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
> index 46a15c7..6a616de 100644
> --- a/include/linux/xfrm.h
> +++ b/include/linux/xfrm.h
> @@ -120,7 +120,8 @@ enum
>
> #define XFRM_MODE_TRANSPORT 0
> #define XFRM_MODE_TUNNEL 1
> -#define XFRM_MODE_MAX 2
> +#define XFRM_MODE_BEET 2
> +#define XFRM_MODE_MAX 3
>
> /* Netlink configuration messages. */
> enum {
This clearly indicates that this patch conflicts with current net-2.6.19.
Please rebase to the current tree.
--yoshfuji
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH]:[XFRM] BEET mode
Hi,
as part of this email you can find a patch which introduces the BEET mode (Bound
End-to-End Tunnel) as specified by the ietf draft at the following link:
http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt
A BEET mode Security Associations records two pairs of IP addresses, called
inner addresses and outer addresses. The inner addresses are what the
applications see. The outer addresses are what appear on the wire.
The presented BEET mode allows for transformation having inner family equal to
outer family.
Signed-off-by: Diego Beltrami <[EMAIL PROTECTED]>
Miika Komu <[EMAIL PROTECTED]>
Herbert Xu <[EMAIL PROTECTED]>
Abhinav Pathak <[EMAIL PROTECTED]>
Jeff Ahrenholz <[EMAIL PROTECTED]>
--
Diego Beltrami
diff --git a/include/linux/in.h b/include/linux/in.h
index 94f557f..9290d99 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -40,6 +40,7 @@ enum {
IPPROTO_ESP = 50,/* Encapsulation Security Payload protocol */
IPPROTO_AH = 51, /* Authentication Header protocol */
+ IPPROTO_BEETPH = 94,/* IP option pseudo header for BEET */
IPPROTO_PIM= 103,/* Protocol Independent Multicast
*/
IPPROTO_COMP = 108,/* Compression Header protocol */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 4b55cf1..e4d8a39 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -79,6 +79,8 @@
#defineIPOPT_TS_TSANDADDR 1 /* timestamps and
addresses */
#defineIPOPT_TS_PRESPEC3 /* specified modules
only */
+#define IPV4_BEET_PHMAXLEN 8
+
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8ihl:4,
@@ -122,4 +124,11 @@ struct ip_comp_hdr {
__u16 cpi;
};
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
#endif /* _LINUX_IP_H */
diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h
index d3c5276..d17a630 100644
--- a/include/linux/ipsec.h
+++ b/include/linux/ipsec.h
@@ -12,7 +12,8 @@
enum {
IPSEC_MODE_ANY = 0,/* We do not support this for SA */
IPSEC_MODE_TRANSPORT= 1,
- IPSEC_MODE_TUNNEL = 2
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
};
enum {
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 46a15c7..6a616de 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -120,7 +120,8 @@ enum
#define XFRM_MODE_TRANSPORT 0
#define XFRM_MODE_TUNNEL 1
-#define XFRM_MODE_MAX 2
+#define XFRM_MODE_BEET 2
+#define XFRM_MODE_MAX 3
/* Netlink configuration messages. */
enum {
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 8514106..02c5ff7 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -432,6 +432,15 @@ config INET_XFRM_MODE_TUNNEL
If unsure, say Y.
+config INET_XFRM_MODE_BEET
+ tristate "IP: IPsec BEET mode"
+ default y
+ select XFRM
+ ---help---
+ Support for IPsec BEET mode.
+
+ If unsure, say Y.
+
config INET_DIAG
tristate "INET: socket monitoring interface"
default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index 4878fc5..ad22492 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -26,6 +26,7 @@ obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
+obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
obj-$(CONFIG_IP_PNP) += ipconfig.o
obj-$(CONFIG_IP_ROUTE_MULTIPATH_RR) += multipath_rr.o
obj-$(CONFIG_IP_ROUTE_MULTIPATH_RANDOM) += multipath_random.o
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 1366bc6..9d6f0e7 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -253,7 +253,7 @@ static int ah_init_state(struct xfrm_sta
goto error;
x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
ahp->icv_trunc_len);
- if (x->props.mode)
+ if (x->props.mode == XFRM_MODE_TUNNEL)
x->props.header_len += sizeof(struct iphdr);
x->data = ahp;
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index fc2f8ce..76722e1 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -237,7 +237,8 @@ static int esp_input(struct xfrm_state *
*as per draft-ietf-ipsec-udp-encaps-06,
*section 3.1.2
*/
- if (!x->props.mode)
+ if (x->props.mode == XFRM_MODE_TUNNEL ||
+ x->props.mode == XFRM_MODE_BEET )
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
@@ -255,17 +256,28 @@ static u32 esp4_get_max_size(struct xfrm
{
struct esp_data *esp = x->data;
u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);
+ int enclen = 0;
-
