[XFRM]: BEET mode

This patch introduces the BEET mode (Bound End-to-End Tunnel) with as specified by the ietf draft at the following link: http://www.ietf.org/internet-drafts/draft-nikander-esp-beet-mode-06.txt The patch provides only single family support (i.e. inner family = outer family). Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Abhinav Pathak <abhinav.pathak@hiit.fi> Signed-off-by: Jeff Ahrenholz <ahrenholz@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Diego Beltrami <diego.beltrami@gmail.com> 2006-10-04 02:47:05 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-10-04 03:31:09 -0400
commit: 0a69452cb45add0841c2bc1e75c25f6bd4f1d8d9 (patch)
tree: 17906377f0f55c809126932e3a0e4b9bb972739c /net/ipv6
parent: 80246ab36ec8baf7d107254adb166baa555a59f8 (diff)
4 files changed, 122 insertions, 1 deletions
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index a2d211da2aba..a460e8132b4d 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -136,6 +136,16 @@ config INET6_XFRM_MODE_TUNNEL
          If unsure, say Y.
+config INET6_XFRM_MODE_BEET
+        tristate "IPv6: IPsec BEET mode"
+        depends on IPV6
+        default IPV6
+        select XFRM
+        ---help---
+          Support for IPsec BEET mode.
+          If unsure, say Y.
 config INET6_XFRM_MODE_ROUTEOPTIMIZATION
        tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
        depends on IPV6 && EXPERIMENTAL
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index 0213c6612b58..87274e47fe32 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -26,6 +26,7 @@ obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o
 obj-$(CONFIG_INET6_XFRM_MODE_TRANSPORT) += xfrm6_mode_transport.o
 obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o
 obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
+obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
 obj-$(CONFIG_NETFILTER) += netfilter/
 obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index a2860e35efd7..71f59f18ede8 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -199,6 +199,7 @@ static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 static struct xfrm_state *ipcomp6_tunnel_create(struct xfrm_state *x)
 {
        struct xfrm_state *t = NULL;
+        u8 mode = XFRM_MODE_TUNNEL;
        t = xfrm_state_alloc();
        if (!t)
@@ -212,7 +213,9 @@ static struct xfrm_state *ipcomp6_tunnel_create(struct xfrm_state *x)
        memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr));
        memcpy(&t->sel, &x->sel, sizeof(t->sel));
        t->props.family = AF_INET6;
-        t->props.mode = XFRM_MODE_TUNNEL;
+        if (x->props.mode == XFRM_MODE_BEET)
+                mode = x->props.mode;
+        t->props.mode = mode;
        memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
        if (xfrm_init_state(t))
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
new file mode 100644
index 000000000000..edcfffa9e87b
--- /dev/null
+++ b/net/ipv6/xfrm6_mode_beet.c
@@ -0,0 +1,107 @@
+/*
+ * xfrm6_mode_beet.c - BEET mode encapsulation for IPv6.
+ *
+ * Copyright (c) 2006 Diego Beltrami <diego.beltrami@gmail.com>
+ *                    Miika Komu     <miika@iki.fi>
+ *                    Herbert Xu     <herbert@gondor.apana.org.au>
+ *                    Abhinav Pathak <abhinav.pathak@hiit.fi>
+ *                    Jeff Ahrenholz <ahrenholz@gmail.com>
+ */
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/stringify.h>
+#include <net/dsfield.h>
+#include <net/dst.h>
+#include <net/inet_ecn.h>
+#include <net/ipv6.h>
+#include <net/xfrm.h>
+/* Add encapsulation header.
+ *
+ * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
+ * The following fields in it shall be filled in by x->type->output:
+ *      payload_len
+ *
+ * On exit, skb->h will be set to the start of the encapsulation header to be
+ * filled in by x->type->output and skb->nh will be set to the nextheader field
+ * of the extension header directly preceding the encapsulation header, or in
+ * its absence, that of the top IP header.  The value of skb->data will always
+ * point to the top IP header.
+ */
+static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct ipv6hdr *iph, *top_iph;
+        u8 *prevhdr;
+        int hdr_len;
+        skb_push(skb, x->props.header_len);
+        iph = skb->nh.ipv6h;
+        hdr_len = ip6_find_1stfragopt(skb, &prevhdr);
+        skb->nh.raw = prevhdr - x->props.header_len;
+        skb->h.raw = skb->data + hdr_len;
+        memmove(skb->data, iph, hdr_len);
+        skb->nh.raw = skb->data;
+        top_iph = skb->nh.ipv6h;
+        skb->nh.raw = &top_iph->nexthdr;
+        skb->h.ipv6h = top_iph + 1;
+        ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
+        ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
+        return 0;
+}
+static int xfrm6_beet_input(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct ipv6hdr *ip6h;
+        int size = sizeof(struct ipv6hdr);
+        int err = -EINVAL;
+        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+                goto out;
+        skb_push(skb, size);
+        memmove(skb->data, skb->nh.raw, size);
+        skb->nh.raw = skb->data;
+        skb->mac.raw = memmove(skb->data - skb->mac_len,
+                               skb->mac.raw, skb->mac_len);
+        ip6h = skb->nh.ipv6h;
+        ip6h->payload_len = htons(skb->len - size);
+        ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);
+        ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);
+        err = 0;
+out:
+        return err;
+}
+static struct xfrm_mode xfrm6_beet_mode = {
+        .input = xfrm6_beet_input,
+        .output = xfrm6_beet_output,
+        .owner = THIS_MODULE,
+        .encap = XFRM_MODE_BEET,
+};
+static int __init xfrm6_beet_init(void)
+{
+        return xfrm_register_mode(&xfrm6_beet_mode, AF_INET6);
+}
+static void __exit xfrm6_beet_exit(void)
+{
+        int err;
+        err = xfrm_unregister_mode(&xfrm6_beet_mode, AF_INET6);
+        BUG_ON(err);
+}
+module_init(xfrm6_beet_init);
+module_exit(xfrm6_beet_exit);
+MODULE_LICENSE("GPL");
+MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_BEET);
author	Diego Beltrami <diego.beltrami@gmail.com>	2006-10-04 02:47:05 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-10-04 03:31:09 -0400
commit	0a69452cb45add0841c2bc1e75c25f6bd4f1d8d9 (patch)
tree	17906377f0f55c809126932e3a0e4b9bb972739c /net/ipv6
parent	80246ab36ec8baf7d107254adb166baa555a59f8 (diff)

diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index a2d211da2aba..a460e8132b4d 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig
@@ -136,6 +136,16 @@ config INET6_XFRM_MODE_TUNNEL
136		136
137	If unsure, say Y.	137	If unsure, say Y.
138		138
		139	config INET6_XFRM_MODE_BEET
		140	tristate "IPv6: IPsec BEET mode"
		141	depends on IPV6
		142	default IPV6
		143	select XFRM
		144	---help---
		145	Support for IPsec BEET mode.
		146
		147	If unsure, say Y.
		148
139	config INET6_XFRM_MODE_ROUTEOPTIMIZATION	149	config INET6_XFRM_MODE_ROUTEOPTIMIZATION
140	tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"	150	tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
141	depends on IPV6 && EXPERIMENTAL	151	depends on IPV6 && EXPERIMENTAL


diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile index 0213c6612b58..87274e47fe32 100644 --- a/net/ipv6/Makefile +++ b/net/ipv6/Makefile
@@ -26,6 +26,7 @@ obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o
26	obj-$(CONFIG_INET6_XFRM_MODE_TRANSPORT) += xfrm6_mode_transport.o	26	obj-$(CONFIG_INET6_XFRM_MODE_TRANSPORT) += xfrm6_mode_transport.o
27	obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o	27	obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o
28	obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o	28	obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
		29	obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
29	obj-$(CONFIG_NETFILTER) += netfilter/	30	obj-$(CONFIG_NETFILTER) += netfilter/
30		31
31	obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o	32	obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o


diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index a2860e35efd7..71f59f18ede8 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c
@@ -199,6 +199,7 @@ static void ipcomp6_err(struct sk_buff skb, struct inet6_skb_parm opt,
199	static struct xfrm_state ipcomp6_tunnel_create(struct xfrm_state x)	199	static struct xfrm_state ipcomp6_tunnel_create(struct xfrm_state x)
200	{	200	{
201	struct xfrm_state *t = NULL;	201	struct xfrm_state *t = NULL;
		202	u8 mode = XFRM_MODE_TUNNEL;
202		203
203	t = xfrm_state_alloc();	204	t = xfrm_state_alloc();
204	if (!t)	205	if (!t)
@@ -212,7 +213,9 @@ static struct xfrm_state ipcomp6_tunnel_create(struct xfrm_state x)
212	memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr));	213	memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr));
213	memcpy(&t->sel, &x->sel, sizeof(t->sel));	214	memcpy(&t->sel, &x->sel, sizeof(t->sel));
214	t->props.family = AF_INET6;	215	t->props.family = AF_INET6;
215	t->props.mode = XFRM_MODE_TUNNEL;	216	if (x->props.mode == XFRM_MODE_BEET)
		217	mode = x->props.mode;
		218	t->props.mode = mode;
216	memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));	219	memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
217		220
218	if (xfrm_init_state(t))	221	if (xfrm_init_state(t))


diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c new file mode 100644 index 000000000000..edcfffa9e87b --- /dev/null +++ b/net/ipv6/xfrm6_mode_beet.c
@@ -0,0 +1,107 @@
		1	/*
		2	* xfrm6_mode_beet.c - BEET mode encapsulation for IPv6.
		3	*
		4	* Copyright (c) 2006 Diego Beltrami <diego.beltrami@gmail.com>
		5	* Miika Komu <miika@iki.fi>
		6	* Herbert Xu <herbert@gondor.apana.org.au>
		7	* Abhinav Pathak <abhinav.pathak@hiit.fi>
		8	* Jeff Ahrenholz <ahrenholz@gmail.com>
		9	*/
		10
		11	#include <linux/init.h>
		12	#include <linux/kernel.h>
		13	#include <linux/module.h>
		14	#include <linux/skbuff.h>
		15	#include <linux/stringify.h>
		16	#include <net/dsfield.h>
		17	#include <net/dst.h>
		18	#include <net/inet_ecn.h>
		19	#include <net/ipv6.h>
		20	#include <net/xfrm.h>
		21
		22	/* Add encapsulation header.
		23	*
		24	* The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
		25	* The following fields in it shall be filled in by x->type->output:
		26	* payload_len
		27	*
		28	* On exit, skb->h will be set to the start of the encapsulation header to be
		29	* filled in by x->type->output and skb->nh will be set to the nextheader field
		30	* of the extension header directly preceding the encapsulation header, or in
		31	* its absence, that of the top IP header. The value of skb->data will always
		32	* point to the top IP header.
		33	*/
		34	static int xfrm6_beet_output(struct xfrm_state x, struct sk_buff skb)
		35	{
		36	struct ipv6hdr iph, top_iph;
		37	u8 *prevhdr;
		38	int hdr_len;
		39
		40	skb_push(skb, x->props.header_len);
		41	iph = skb->nh.ipv6h;
		42
		43	hdr_len = ip6_find_1stfragopt(skb, &prevhdr);
		44	skb->nh.raw = prevhdr - x->props.header_len;
		45	skb->h.raw = skb->data + hdr_len;
		46	memmove(skb->data, iph, hdr_len);
		47
		48	skb->nh.raw = skb->data;
		49	top_iph = skb->nh.ipv6h;
		50	skb->nh.raw = &top_iph->nexthdr;
		51	skb->h.ipv6h = top_iph + 1;
		52
		53	ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
		54	ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
		55
		56	return 0;
		57	}
		58
		59	static int xfrm6_beet_input(struct xfrm_state x, struct sk_buff skb)
		60	{
		61	struct ipv6hdr *ip6h;
		62	int size = sizeof(struct ipv6hdr);
		63	int err = -EINVAL;
		64
		65	if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
		66	goto out;
		67
		68	skb_push(skb, size);
		69	memmove(skb->data, skb->nh.raw, size);
		70	skb->nh.raw = skb->data;
		71
		72	skb->mac.raw = memmove(skb->data - skb->mac_len,
		73	skb->mac.raw, skb->mac_len);
		74
		75	ip6h = skb->nh.ipv6h;
		76	ip6h->payload_len = htons(skb->len - size);
		77	ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);
		78	ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);
		79	err = 0;
		80	out:
		81	return err;
		82	}
		83
		84	static struct xfrm_mode xfrm6_beet_mode = {
		85	.input = xfrm6_beet_input,
		86	.output = xfrm6_beet_output,
		87	.owner = THIS_MODULE,
		88	.encap = XFRM_MODE_BEET,
		89	};
		90
		91	static int __init xfrm6_beet_init(void)
		92	{
		93	return xfrm_register_mode(&xfrm6_beet_mode, AF_INET6);
		94	}
		95
		96	static void __exit xfrm6_beet_exit(void)
		97	{
		98	int err;
		99
		100	err = xfrm_unregister_mode(&xfrm6_beet_mode, AF_INET6);
		101	BUG_ON(err);
		102	}
		103
		104	module_init(xfrm6_beet_init);
		105	module_exit(xfrm6_beet_exit);
		106	MODULE_LICENSE("GPL");
		107	MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_BEET);