int main(char *argv[], int argc)
{
int error;
struct sockaddr_in saddr,daddr;
struct sockaddr_in saddr2,daddr2;
void *main_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[]={0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65};
char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};
debug_xform = 1;
init_kmalloc();
debug_tunnel=0xffffffff;
debug_xmit=0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_said.dst.u.v4.sin_family = AF_INET;
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(main_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(main_talloc, enc, sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_add(sa);
assert(ipsec_sa_init(sa) == 0);
ipsec_sa_put(sa);
}
{
struct ipsec_xmit_state ixs_mem;
struct ipsec_xmit_state *ixs = &ixs_mem;
enum ipsec_xmit_value stat;
struct net_device_stats stats;
int iphlen;
struct sk_buff *skb = skbFromArray(packet2, packet2_len);
skb->nh.raw = skb_pull(skb, skb->mac_len);
iphlen = (skb->nh.iph->ihl<<2);
/* do not use skb_pull, since data should stay at IP header */
skb->h.raw = skb->nh.raw + iphlen;
memset((caddr_t)ixs, 0, sizeof(*ixs));
memset(&stats, 0, sizeof(stats));
ixs->stats = &stats;
ixs->oskb = NULL;
ixs->saved_header = NULL; /* saved copy of the hard header */
ixs->route = NULL;
memset((caddr_t)&(ixs->ips), 0, sizeof(ixs->ips));
ixs->dev = NULL;
ixs->skb = skb;
ixs->physmtu = 1500;
ixs->cur_mtu = 1500;
ixs->outgoing_said.spi = htonl(0x12345678);
ixs->outgoing_said.proto = IPPROTO_ESP;
ixs->outgoing_said.dst.u.v4.sin_family = AF_INET;
ixs->outgoing_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
stat = ipsec_xmit_sanity_check_skb(ixs);
assert(stat == IPSEC_XMIT_OK);
#if 0
stat = ipsec_tunnel_strip_hard_header(ixs);
assert(stat == IPSEC_XMIT_OK);
stat = ipsec_tunnel_SAlookup(ixs);
assert(stat == IPSEC_XMIT_OK);
#endif
stat = ipsec_xmit_encap_bundle(ixs);
assert(stat == IPSEC_XMIT_OK);
#if 0
stat = ipsec_tunnel_restore_hard_header(ixs);
#endif
ipsec_print_ip(ixs->iph);
}
return 0;
}
int main(char *argv[], int argc)
{
int ret;
int error;
struct sockaddr_in saddr, daddr;
struct sockaddr_in saddr2, daddr2;
void *rcv02_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[] = { 0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65 };
char enc[] = { 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58 };
debug_xform = 1;
init_kmalloc();
debug_rcv = 0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(rcv02_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_natt_type = ESPINUDP_WITH_NON_ESP;
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(rcv02_talloc, enc,
sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_init(sa);
ipsec_sa_add(sa);
//ipsec_sa_put(sa);
}
{
int iphlen, len;
struct iphdr *iph;
struct sk_buff *skb = skbFromArray(packet1, packet1_len);
skb_ethernet_ip_setup(skb);
/* now simulate action of udp_encap_rcv */
len = sizeof(struct udphdr);
iph = skb->nh.iph;
iphlen = iph->ihl << 2;
iph->tot_len = htons(ntohs(iph->tot_len) - len);
if (skb->len < iphlen + len) {
/* packet is too small!?! */
return 0;
}
/* pull the data buffer up to the ESP header and set the
* transport header to point to ESP. Keep UDP on the stack
* for later.
*/
skb->h.raw = skb_pull(skb, len);
/* modify the protocol (it's ESP!) */
iph->protocol = IPPROTO_ESP;
printf("SA natt: %d\n", sa->ips_natt_type);
ret = klips26_rcv_encap(skb, UDP_ENCAP_ESPINUDP);
}
return 0;
}
int main(char *argv[], int argc)
{
int ret;
int error;
struct sockaddr_in saddr,daddr;
struct sockaddr_in saddr2,daddr2;
void *rcv01_talloc = NULL;
struct ipsec_sa *sa, *sa1;
char auth1[]={0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65,
0x87, 0x65, 0x87, 0x65};
char enc[] ={0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46, 0x49,
0x49, 0x4a, 0x4a, 0x4c, 0x4c, 0x4f, 0x4f, 0x51,
0x51, 0x52, 0x52, 0x54, 0x54, 0x57, 0x57, 0x58};
debug_xform = 1;
init_kmalloc();
debug_rcv=0xffffffff;
sysctl_ipsec_debug_verbose = 1;
prng_init(&ipsec_prng, seed, sizeof(seed));
ipsec_sadb_init();
ipsec_alg_init();
{
sa1 = ipsec_sa_alloc(&error);
assert(error == 0);
ipsec_sa_intern(sa1);
sa1->ips_said.spi = htonl(0x12345678);
sa1->ips_said.proto = IPPROTO_IPIP;
sa1->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa1->ips_seq = 1;
sa1->ips_pid = 10;
sa1->ips_state = SADB_SASTATE_MATURE;
daddr2.sin_addr.s_addr = htonl(0xc001022D);
saddr2.sin_addr.s_addr = htonl(0xc0010217);
sa1->ips_addr_s = (struct sockaddr *)&saddr2;
sa1->ips_addr_d = (struct sockaddr *)&daddr2;
}
{
sa = ipsec_sa_alloc(&error);
ipsec_sa_intern(sa);
assert(error == 0);
sa->ips_said.spi = htonl(0x12345678);
sa->ips_said.proto = IPPROTO_ESP;
sa->ips_said.dst.u.v4.sin_addr.s_addr = htonl(0xc001022D);
sa->ips_seq = 1;
sa->ips_pid = 10;
sa->ips_inext = sa1;
{
/* make a copy so that ipsec_sa_init() can zero it out */
char *auth = talloc_size(rcv01_talloc, AHMD596_KLEN);
memcpy(auth, auth1, AHMD596_KLEN);
sa->ips_authalg = AH_MD5;
sa->ips_key_bits_a = AHMD596_KLEN * 8;
sa->ips_key_a = auth;
}
sa->ips_encalg = ESP_3DES;
sa->ips_key_bits_e = 192;
sa->ips_iv_bits = 128;
sa->ips_key_e_size = 0;
sa->ips_key_e = talloc_memdup(rcv01_talloc, enc, sa->ips_key_bits_e);
sa->ips_state = SADB_SASTATE_MATURE;
daddr.sin_addr.s_addr = htonl(0xc001022D);
saddr.sin_addr.s_addr = htonl(0xc0010217);
sa->ips_addr_s = (struct sockaddr *)&saddr;
sa->ips_addr_d = (struct sockaddr *)&daddr;
ipsec_sa_add(sa);
assert(ipsec_sa_init(sa) == 0);
//ipsec_sa_put(sa);
}
{
struct sk_buff *skb = skbFromArray(packet1, packet1_len);
skb_ethernet_ip_setup(skb);
ret = ipsec_rcv(skb);
assert(netif_rx_count == 1);
}
ipsec_sadb_cleanup(0); /* 0 = all protocols */
exit(0);
}
/* void */
int
ipsec_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_IPSEC_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_IPSEC_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error |= ipsec_proc_init();
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
error |= ipsec_radijinit();
error |= pfkey_init();
error |= register_netdevice_notifier(&ipsec_dev_notifier);
#ifdef CONFIG_IPSEC_ESP
openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_IPSEC_ESP */
#ifdef CONFIG_IPSEC_AH
openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_IPSEC_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_IPSEC_IPCOMP
openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_IPSEC_IPCOMP */
#endif
error |= ipsec_tunnel_init_devices();
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
#endif
#ifdef CONFIG_IPSEC_ALG
ipsec_alg_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
return error;
}
/* void */
int
ipsec_klips_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error |= ipsec_proc_init();
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
error |= ipsec_radijinit();
error |= pfkey_init();
error |= register_netdevice_notifier(&ipsec_dev_notifier);
#ifdef CONFIG_KLIPS_ESP
openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP);
#endif /* CONFIG_KLIPS_ESP */
#ifdef CONFIG_KLIPS_AH
openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH);
#endif /* CONFIG_KLIPS_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
error |= ipsec_tunnel_init_devices();
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
/* register our ESP-UDP handler */
if(udp4_register_esp_rcvencap(klips26_rcv_encap
, &klips_old_encap)!=0) {
printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
}
#endif
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
#endif
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_init();
#endif
#ifdef CONFIG_KLIPS_OCF
ipsec_ocf_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
atomic_set(&ipsec_irs_cnt, 0);
atomic_set(&ipsec_ixs_cnt, 0);
ipsec_irs_cache = kmem_cache_create("ipsec_irs",
sizeof(struct ipsec_rcv_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ipsec_irs_cache) {
printk("Failed to get IRS cache\n");
error |= 1;
}
ipsec_ixs_cache = kmem_cache_create("ipsec_ixs",
sizeof(struct ipsec_xmit_state), 0, SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ipsec_ixs_cache) {
printk("Failed to get IXS cache\n");
error |= 1;
}
return error;
}
/* void */
int
ipsec_klips_init(void)
{
int error = 0;
unsigned char seed[256];
#ifdef CONFIG_KLIPS_ENC_3DES
extern int des_check_key;
/* turn off checking of keys */
des_check_key=0;
#endif /* CONFIG_KLIPS_ENC_3DES */
KLIPS_PRINT(1, "klips_info:ipsec_init: "
"KLIPS startup, Openswan KLIPS IPsec stack version: %s\n",
ipsec_version_code());
error = ipsec_xmit_state_cache_init ();
if (error)
goto error_xmit_state_cache;
error = ipsec_rcv_state_cache_init ();
if (error)
goto error_rcv_state_cache;
error |= ipsec_proc_init();
if (error)
goto error_proc_init;
#ifdef SPINLOCK
ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED;
#else /* SPINLOCK */
ipsec_sadb.sadb_lock = 0;
#endif /* SPINLOCK */
#ifndef SPINLOCK
tdb_lock.lock = 0;
eroute_lock.lock = 0;
#endif /* !SPINLOCK */
error |= ipsec_sadb_init();
if (error)
goto error_sadb_init;
error |= ipsec_radijinit();
if (error)
goto error_radijinit;
error |= pfkey_init();
if (error)
goto error_pfkey_init;
error |= register_netdevice_notifier(&ipsec_dev_notifier);
if (error)
goto error_netdev_notifier;
#ifdef CONFIG_XFRM_ALTERNATE_STACK
error = xfrm_register_alternate_rcv (ipsec_rcv);
if (error)
goto error_xfrm_register;
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef CONFIG_KLIPS_ESP
error |= openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP,"ESP");
if (error)
goto error_openswan_inet_add_protocol_esp;
#endif /* CONFIG_KLIPS_ESP */
#ifdef CONFIG_KLIPS_AH
error |= openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH,"AH");
if (error)
goto error_openswan_inet_add_protocol_ah;
#endif /* CONFIG_KLIPS_AH */
/* we never actually link IPCOMP to the stack */
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error |= openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP,"IPCOMP");
if (error)
goto error_openswan_inet_add_protocol_comp;
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#endif // CONFIG_XFRM_ALTERNATE_STACK
error |= ipsec_tunnel_init_devices();
if (error)
goto error_tunnel_init_devices;
error |= ipsec_mast_init_devices();
#if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL)
/* register our ESP-UDP handler */
if(udp4_register_esp_rcvencap(klips26_rcv_encap
, &klips_old_encap)!=0) {
printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n");
}
#endif
#ifdef CONFIG_SYSCTL
error |= ipsec_sysctl_register();
if (error)
goto error_sysctl_register;
#endif
#ifdef CONFIG_KLIPS_ALG
ipsec_alg_init();
#endif
#ifdef CONFIG_KLIPS_OCF
ipsec_ocf_init();
#endif
get_random_bytes((void *)seed, sizeof(seed));
prng_init(&ipsec_prng, seed, sizeof(seed));
return error;
// undo ipsec_sysctl_register
error_sysctl_register:
ipsec_tunnel_cleanup_devices();
error_tunnel_init_devices:
#ifdef CONFIG_XFRM_ALTERNATE_STACK
xfrm_deregister_alternate_rcv(ipsec_rcv);
error_xfrm_register:
#else // CONFIG_XFRM_ALTERNATE_STACK
#ifdef IPCOMP_USED_ALONE
#ifdef CONFIG_KLIPS_IPCOMP
error_openswan_inet_add_protocol_comp:
openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP);
#endif /* CONFIG_KLIPS_IPCOMP */
#endif
#ifdef CONFIG_KLIPS_AH
error_openswan_inet_add_protocol_ah:
openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH);
#endif
error_openswan_inet_add_protocol_esp:
openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP);
#endif
unregister_netdevice_notifier(&ipsec_dev_notifier);
error_netdev_notifier:
pfkey_cleanup();
error_pfkey_init:
ipsec_radijcleanup();
error_radijinit:
ipsec_sadb_cleanup(0);
ipsec_sadb_free();
error_sadb_init:
error_proc_init:
// ipsec_proc_init() does not cleanup after itself, so we have to do it here
// TODO: ipsec_proc_init() should roll back what it chaned on failure
ipsec_proc_cleanup();
ipsec_rcv_state_cache_cleanup ();
error_rcv_state_cache:
ipsec_xmit_state_cache_cleanup ();
error_xmit_state_cache:
return error;
}