/* void */
int
ipsec_klips_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error |= ipsec_proc_init();
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
error |= ipsec_radijinit();
error |= pfkey_init();
error |= register_netdevice_notifier(&ipsec_dev_notifier);
#ifdef CONFIG_KLIPS_ESP
openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_KLIPS_ESP */
#ifdef CONFIG_KLIPS_AH
openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_KLIPS_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
error |= ipsec_tunnel_init_devices();
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
/* register our ESP-UDP handler */
if(udp4_register_esp_rcvencap(klips26_rcv_encap
, &klips_old_encap)!=0) {
printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
}
#endif
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
#endif
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_init();
#endif
#ifdef CONFIG_KLIPS_OCF
ipsec_ocf_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
atomic_set(&ipsec_irs_cnt, 0);
atomic_set(&ipsec_ixs_cnt, 0);
ipsec_irs_cache = kmem_cache_create("ipsec_irs",
sizeof(struct ipsec_rcv_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ipsec_irs_cache) {
printk("Failed to get IRS cache\n");
error |= 1;
}
ipsec_ixs_cache = kmem_cache_create("ipsec_ixs",
sizeof(struct ipsec_xmit_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ipsec_ixs_cache) {
printk("Failed to get IXS cache\n");
error |= 1;
}
return error;
}
/* void */
int
ipsec_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_IPSEC_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_IPSEC_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error |= ipsec_proc_init();
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
error |= ipsec_radijinit();
error |= pfkey_init();
error |= register_netdevice_notifier(&ipsec_dev_notifier);
#ifdef CONFIG_IPSEC_ESP
openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_IPSEC_ESP */
#ifdef CONFIG_IPSEC_AH
openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_IPSEC_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_IPSEC_IPCOMP
openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_IPSEC_IPCOMP */
#endif
error |= ipsec_tunnel_init_devices();
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
#endif
#ifdef CONFIG_IPSEC_ALG
ipsec_alg_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
return error;
}
/* void */
int
ipsec_klips_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error = ipsec_xmit_state_cache_init ();
if (error)
goto error_xmit_state_cache;
error = ipsec_rcv_state_cache_init ();
if (error)
goto error_rcv_state_cache;
error |= ipsec_proc_init();
if (error)
goto error_proc_init;
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
if (error)
goto error_sadb_init;
error |= ipsec_radijinit();
if (error)
goto error_radijinit;
error |= pfkey_init();
if (error)
goto error_pfkey_init;
error |= register_netdevice_notifier(&ipsec_dev_notifier);
if (error)
goto error_netdev_notifier;
#ifdef CONFIG_XFRM_ALTERNATE_STACK
error = xfrm_register_alternate_rcv (ipsec_rcv);
if (error)
goto error_xfrm_register;
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef CONFIG_KLIPS_ESP
error |= openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP,"ESP");
if (error)
goto error_openswan_inet_add_protocol_esp;
#endif /* CONFIG_KLIPS_ESP */
#ifdef CONFIG_KLIPS_AH
error |= openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH,"AH");
if (error)
goto error_openswan_inet_add_protocol_ah;
#endif /* CONFIG_KLIPS_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error |= openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP,"IPCOMP");
if (error)
goto error_openswan_inet_add_protocol_comp;
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#endif // CONFIG_XFRM_ALTERNATE_STACK
error |= ipsec_tunnel_init_devices();
if (error)
goto error_tunnel_init_devices;
error |= ipsec_mast_init_devices();
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
/* register our ESP-UDP handler */
if(udp4_register_esp_rcvencap(klips26_rcv_encap
, &klips_old_encap)!=0) {
printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
}
#endif
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
if (error)
goto error_sysctl_register;
#endif
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_init();
#endif
#ifdef CONFIG_KLIPS_OCF
ipsec_ocf_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
return error;
// undo ipsec_sysctl_register
error_sysctl_register:
ipsec_tunnel_cleanup_devices();
error_tunnel_init_devices:
#ifdef CONFIG_XFRM_ALTERNATE_STACK
xfrm_deregister_alternate_rcv(ipsec_rcv);
error_xfrm_register:
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error_openswan_inet_add_protocol_comp:
openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#ifdef CONFIG_KLIPS_AH
error_openswan_inet_add_protocol_ah:
openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH);
#endif
error_openswan_inet_add_protocol_esp:
openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP);
#endif
unregister_netdevice_notifier(&ipsec_dev_notifier);
error_netdev_notifier:
pfkey_cleanup();
error_pfkey_init:
ipsec_radijcleanup();
error_radijinit:
ipsec_sadb_cleanup(0);
ipsec_sadb_free();
error_sadb_init:
error_proc_init:
// ipsec_proc_init() does not cleanup after itself, so we have to do it here
// TODO: ipsec_proc_init() should roll back what it chaned on failure
ipsec_proc_cleanup();
ipsec_rcv_state_cache_cleanup ();
error_rcv_state_cache:
ipsec_xmit_state_cache_cleanup ();
error_xmit_state_cache:
return error;
}
