/* void */ int ipsec_cleanup(void) { int error = 0; #ifdef CONFIG_SYSCTL ipsec_sysctl_unregister(); #endif KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_tunnel_cleanup_devices.\n"); error |= ipsec_tunnel_cleanup_devices(); KLIPS_PRINT(debug_netlink, "called ipsec_tunnel_cleanup_devices"); /* we never actually link IPCOMP to the stack */ #ifdef IPCOMP_USED_ALONE #ifdef CONFIG_IPSEC_IPCOMP if (openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "comp close: can't remove protocol\n"); #endif /* CONFIG_IPSEC_IPCOMP */ #endif /* IPCOMP_USED_ALONE */ #ifdef CONFIG_IPSEC_AH if (openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "ah close: can't remove protocol\n"); #endif /* CONFIG_IPSEC_AH */ #ifdef CONFIG_IPSEC_ESP if (openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "esp close: can't remove protocol\n"); #endif /* CONFIG_IPSEC_ESP */ error |= unregister_netdevice_notifier(&ipsec_dev_notifier); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_sadb_cleanup.\n"); error |= ipsec_sadb_cleanup(0); error |= ipsec_sadb_free(); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_radijcleanup.\n"); error |= ipsec_radijcleanup(); KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling pfkey_cleanup.\n"); error |= pfkey_cleanup(); ipsec_proc_cleanup(); prng_final(&ipsec_prng); return error; }
void #else int #endif ipsec_cleanup(void) { int error = 0; #ifdef CONFIG_SYSCTL ipsec_sysctl_unregister(); #endif #if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) if(udp4_unregister_esp_rcvencap(klips26_rcv_encap, klips_old_encap) < 0) { printk(KERN_ERR "KLIPS: can not unregister klips_rcv_encap function\n"); } #endif error |= ipsec_mast_cleanup_devices(); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_tunnel_cleanup_devices.\n"); error |= ipsec_tunnel_cleanup_devices(); KLIPS_PRINT(debug_netlink, "called ipsec_tunnel_cleanup_devices"); #ifdef CONFIG_XFRM_ALTERNATE_STACK xfrm_deregister_alternate_rcv(ipsec_rcv); #else // CONFIG_XFRM_ALTERNATE_STACK /* we never actually link IPCOMP to the stack */ #ifdef IPCOMP_USED_ALONE #ifdef CONFIG_KLIPS_IPCOMP if (openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "comp close: can't remove protocol\n"); #endif /* CONFIG_KLIPS_IPCOMP */ #endif /* IPCOMP_USED_ALONE */ #ifdef CONFIG_KLIPS_AH if (openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "ah close: can't remove protocol\n"); #endif /* CONFIG_KLIPS_AH */ #ifdef CONFIG_KLIPS_ESP if (openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "esp close: can't remove protocol\n"); #endif /* CONFIG_KLIPS_ESP */ #endif // CONFIG_XFRM_ALTERNATE_STACK error |= unregister_netdevice_notifier(&ipsec_dev_notifier); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_sadb_cleanup.\n"); error |= ipsec_sadb_cleanup(0); error |= ipsec_sadb_free(); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_radijcleanup.\n"); error |= ipsec_radijcleanup(); KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling pfkey_cleanup.\n"); error |= pfkey_cleanup(); ipsec_rcv_state_cache_cleanup (); ipsec_xmit_state_cache_cleanup (); ipsec_proc_cleanup(); prng_final(&ipsec_prng); #ifdef NET_26 if (error) printk("ipsec_cleanup: error %d\n", error); #else return error; #endif }
/* void */ int ipsec_cleanup(void) { int error = 0; #ifdef CONFIG_SYSCTL ipsec_sysctl_unregister(); #endif #if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) if(udp4_unregister_esp_rcvencap(klips_old_encap) < 0) { printk(KERN_ERR "KLIPS: can not unregister klips_rcv_encap function\n"); } #endif KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_tunnel_cleanup_devices.\n"); error |= ipsec_tunnel_cleanup_devices(); KLIPS_PRINT(debug_netlink, "called ipsec_tunnel_cleanup_devices"); /* we never actually link IPCOMP to the stack */ #ifdef IPCOMP_USED_ALONE #ifdef CONFIG_KLIPS_IPCOMP if (openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "comp close: can't remove protocol\n"); #endif /* CONFIG_KLIPS_IPCOMP */ #endif /* IPCOMP_USED_ALONE */ #ifdef CONFIG_KLIPS_AH if (openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "ah close: can't remove protocol\n"); #endif /* CONFIG_KLIPS_AH */ #ifdef CONFIG_KLIPS_ESP if (openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP) < 0) printk(KERN_INFO "klips_debug:ipsec_cleanup: " "esp close: can't remove protocol\n"); #endif /* CONFIG_KLIPS_ESP */ error |= unregister_netdevice_notifier(&ipsec_dev_notifier); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_sadb_cleanup.\n"); error |= ipsec_sadb_cleanup(0); error |= ipsec_sadb_free(); KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling ipsec_radijcleanup.\n"); error |= ipsec_radijcleanup(); KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */ "klips_debug:ipsec_cleanup: " "calling pfkey_cleanup.\n"); error |= pfkey_cleanup(); ipsec_proc_cleanup(); prng_final(&ipsec_prng); if (ipsec_irs_cache) kmem_cache_destroy(ipsec_irs_cache); ipsec_irs_cache = NULL; if (ipsec_ixs_cache) kmem_cache_destroy(ipsec_ixs_cache); ipsec_ixs_cache = NULL; return error; }
/* void */ int ipsec_klips_init(void) { int error = 0; unsigned char seed[256]; #ifdef CONFIG_KLIPS_ENC_3DES extern int des_check_key; /* turn off checking of keys */ des_check_key=0; #endif /* CONFIG_KLIPS_ENC_3DES */ KLIPS_PRINT(1, "klips_info:ipsec_init: " "KLIPS startup, Openswan KLIPS IPsec stack version: %s\n", ipsec_version_code()); error = ipsec_xmit_state_cache_init (); if (error) goto error_xmit_state_cache; error = ipsec_rcv_state_cache_init (); if (error) goto error_rcv_state_cache; error |= ipsec_proc_init(); if (error) goto error_proc_init; #ifdef SPINLOCK ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED; #else /* SPINLOCK */ ipsec_sadb.sadb_lock = 0; #endif /* SPINLOCK */ #ifndef SPINLOCK tdb_lock.lock = 0; eroute_lock.lock = 0; #endif /* !SPINLOCK */ error |= ipsec_sadb_init(); if (error) goto error_sadb_init; error |= ipsec_radijinit(); if (error) goto error_radijinit; error |= pfkey_init(); if (error) goto error_pfkey_init; error |= register_netdevice_notifier(&ipsec_dev_notifier); if (error) goto error_netdev_notifier; #ifdef CONFIG_XFRM_ALTERNATE_STACK error = xfrm_register_alternate_rcv (ipsec_rcv); if (error) goto error_xfrm_register; #else // CONFIG_XFRM_ALTERNATE_STACK #ifdef CONFIG_KLIPS_ESP error |= openswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP,"ESP"); if (error) goto error_openswan_inet_add_protocol_esp; #endif /* CONFIG_KLIPS_ESP */ #ifdef CONFIG_KLIPS_AH error |= openswan_inet_add_protocol(&ah_protocol, IPPROTO_AH,"AH"); if (error) goto error_openswan_inet_add_protocol_ah; #endif /* CONFIG_KLIPS_AH */ /* we never actually link IPCOMP to the stack */ #ifdef IPCOMP_USED_ALONE #ifdef CONFIG_KLIPS_IPCOMP error |= openswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP,"IPCOMP"); if (error) goto error_openswan_inet_add_protocol_comp; #endif /* CONFIG_KLIPS_IPCOMP */ #endif #endif // CONFIG_XFRM_ALTERNATE_STACK error |= ipsec_tunnel_init_devices(); if (error) goto error_tunnel_init_devices; error |= ipsec_mast_init_devices(); #if defined(NET_26) && defined(CONFIG_IPSEC_NAT_TRAVERSAL) /* register our ESP-UDP handler */ if(udp4_register_esp_rcvencap(klips26_rcv_encap , &klips_old_encap)!=0) { printk(KERN_ERR "KLIPS: can not register klips_rcv_encap function\n"); } #endif #ifdef CONFIG_SYSCTL error |= ipsec_sysctl_register(); if (error) goto error_sysctl_register; #endif #ifdef CONFIG_KLIPS_ALG ipsec_alg_init(); #endif #ifdef CONFIG_KLIPS_OCF ipsec_ocf_init(); #endif get_random_bytes((void *)seed, sizeof(seed)); prng_init(&ipsec_prng, seed, sizeof(seed)); return error; // undo ipsec_sysctl_register error_sysctl_register: ipsec_tunnel_cleanup_devices(); error_tunnel_init_devices: #ifdef CONFIG_XFRM_ALTERNATE_STACK xfrm_deregister_alternate_rcv(ipsec_rcv); error_xfrm_register: #else // CONFIG_XFRM_ALTERNATE_STACK #ifdef IPCOMP_USED_ALONE #ifdef CONFIG_KLIPS_IPCOMP error_openswan_inet_add_protocol_comp: openswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP); #endif /* CONFIG_KLIPS_IPCOMP */ #endif #ifdef CONFIG_KLIPS_AH error_openswan_inet_add_protocol_ah: openswan_inet_del_protocol(&ah_protocol, IPPROTO_AH); #endif error_openswan_inet_add_protocol_esp: openswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP); #endif unregister_netdevice_notifier(&ipsec_dev_notifier); error_netdev_notifier: pfkey_cleanup(); error_pfkey_init: ipsec_radijcleanup(); error_radijinit: ipsec_sadb_cleanup(0); ipsec_sadb_free(); error_sadb_init: error_proc_init: // ipsec_proc_init() does not cleanup after itself, so we have to do it here // TODO: ipsec_proc_init() should roll back what it chaned on failure ipsec_proc_cleanup(); ipsec_rcv_state_cache_cleanup (); error_rcv_state_cache: ipsec_xmit_state_cache_cleanup (); error_xmit_state_cache: return error; }