Merge nuts.ninka.net:/home/davem/src/BK/network-2.5

into nuts.ninka.net:/home/davem/src/BK/net-2.5

Merge nuts.ninka.net:/home/davem/src/BK/network-2.5
into nuts.ninka.net:/home/davem/src/BK/net-2.5
f643f785 · David S. Miller · 582a045d · b07bd9cb · f643f785 · f643f785
Commit f643f785 authored Mar 22, 2003 by David S. Miller
13 changed files
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -55,6 +55,7 @@
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/types.h>
+#include <linux/errno.h>
 #include <linux/crypto.h>
 #include <asm/byteorder.h>


--- a/crypto/api.c
+++ b/crypto/api.c
@@ -15,6 +15,7 @@
 */
 #include <linux/init.h>
 #include <linux/crypto.h>
+#include <linux/errno.h>
 #include <linux/rwsem.h>
 #include <linux/slab.h>
 #include "internal.h"

--- a/crypto/des.c
+++ b/crypto/des.c
@@ -23,6 +23,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/mm.h>
+#include <linux/errno.h>
 #include <asm/scatterlist.h>
 #include <linux/crypto.h>


--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -13,6 +13,7 @@
 */
 #include <linux/crypto.h>
 #include <linux/mm.h>
+#include <linux/errno.h>
 #include <linux/highmem.h>
 #include <asm/scatterlist.h>
 #include "internal.h"

--- a/crypto/serpent.c
+++ b/crypto/serpent.c
@@ -13,6 +13,7 @@

 #include <linux/init.h>
 #include <linux/module.h>
+#include <linux/errno.h>
 #include <asm/byteorder.h>
 #include <linux/crypto.h>


--- a/crypto/twofish.c
+++ b/crypto/twofish.c
@@ -40,6 +40,7 @@
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/types.h>
+#include <linux/errno.h>
 #include <linux/crypto.h>



--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -180,5 +180,8 @@ struct in6_flowlabel_req
 #define IPV6_FLOWLABEL_MGR	32
 #define IPV6_FLOWINFO_SEND	33

+#define IPV6_IPSEC_POLICY	34
+#define IPV6_XFRM_POLICY	35
+

 #endif
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -10,6 +10,7 @@
 #include <linux/pfkeyv2.h>
 #include <linux/in6.h>

+#include <net/sock.h>
 #include <net/dst.h>
 #include <net/route.h>
 #include <net/ip6_fib.h>

--- a/net/ipv4/xfrm_user.c
+++ b/net/ipv4/xfrm_user.c
@@ -1086,10 +1086,26 @@ struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
 	struct xfrm_policy *xp;
 	int nr;

-	if (opt != IP_XFRM_POLICY) {
-		*dir = -EOPNOTSUPP;
+	switch (family) {
+	case AF_INET:
+		if (opt != IP_XFRM_POLICY) {
+			*dir = -EOPNOTSUPP;
+			return NULL;
+		}
+		break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		if (opt != IPV6_XFRM_POLICY) {
+			*dir = -EOPNOTSUPP;
+			return NULL;
+		}
+		break;
+#endif
+	default:
+		*dir = -EINVAL;
 		return NULL;
 	}
+
 	*dir = -EINVAL;

 	if (len < sizeof(*p) ||

--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -47,6 +47,7 @@
 #include <net/inet_common.h>
 #include <net/tcp.h>
 #include <net/udp.h>
+#include <net/xfrm.h>

 #include <asm/uaccess.h>

@@ -404,6 +405,10 @@ int ipv6_setsockopt(struct sock *sk, int level, int optname, char *optval,
 	case IPV6_FLOWLABEL_MGR:
 		retv = ipv6_flowlabel_opt(sk, optval, optlen);
 		break;
+	case IPV6_IPSEC_POLICY:
+	case IPV6_XFRM_POLICY:
+		retv = xfrm_user_policy(sk, optname, optval, optlen);
+		break;

 #ifdef CONFIG_NETFILTER
 	default:

--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -967,7 +967,7 @@ static void tcp_v6_send_check(struct sock *sk, struct tcphdr *th, int len,
 	struct ipv6_pinfo *np = inet6_sk(sk);

 	if (skb->ip_summed == CHECKSUM_HW) {
-		th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
+		th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
 		skb->csum = offsetof(struct tcphdr, check);
 	} else {
 		th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
@@ -1642,7 +1642,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
 		goto discard_and_relse;

 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
-		goto discard_it;
+		goto discard_and_relse;

 	skb->dev = NULL;


--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2416,8 +2416,23 @@ static struct xfrm_policy *pfkey_compile_policy(u16 family, int opt,
 	struct xfrm_policy *xp;
 	struct sadb_x_policy *pol = (struct sadb_x_policy*)data;

-	if (opt != IP_IPSEC_POLICY) {
-		*dir = -EOPNOTSUPP;
+	switch (family) {
+	case AF_INET:
+		if (opt != IP_IPSEC_POLICY) {
+			*dir = -EOPNOTSUPP;
+			return NULL;
+		}
+		break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	case AF_INET6:
+		if (opt != IPV6_IPSEC_POLICY) {
+			*dir = -EOPNOTSUPP;
+			return NULL;
+		}
+		break;
+#endif
+	default:
+		*dir = -EINVAL;
 		return NULL;
 	}


--- a/net/netsyms.c
+++ b/net/netsyms.c
@@ -292,6 +292,7 @@ extern int (*dlci_ioctl_hook)(unsigned int, void *);
 EXPORT_SYMBOL(dlci_ioctl_hook);
 #endif

+EXPORT_SYMBOL(xfrm_user_policy);
 EXPORT_SYMBOL(km_waitq);
 EXPORT_SYMBOL(xfrm_cfg_sem);
 EXPORT_SYMBOL(xfrm_policy_alloc);