Commit be1fc1ce authored by Andi Kleen's avatar Andi Kleen Committed by David S. Miller

[NET]: Allow XFRM subsystem to be optional.

parent 3a6045ff
......@@ -247,8 +247,16 @@ static inline int dst_input(struct sk_buff *skb)
extern void dst_init(void);
struct flowi;
#ifndef CONFIG_XFRM
static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags)
{
return 0;
}
#else
extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags);
#endif
#endif
#endif /* _NET_DST_H */
......@@ -588,6 +588,8 @@ xfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short
return !0;
}
#ifdef CONFIG_XFRM
extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
......@@ -653,6 +655,26 @@ static inline void xfrm_sk_free_policy(struct sock *sk)
}
}
#else
static inline void xfrm_sk_free_policy(struct sock *sk) {}
static inline int xfrm_sk_clone_policy(struct sock *sk) { return 0; }
static inline int xfrm6_route_forward(struct sk_buff *skb) { return 1; }
static inline int xfrm4_route_forward(struct sk_buff *skb) { return 1; }
static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
{
return 1;
}
static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
{
return 1;
}
static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
{
return 1;
}
#endif
static __inline__
xfrm_address_t *xfrm_flowi_daddr(struct flowi *fl, unsigned short family)
{
......@@ -783,12 +805,32 @@ extern void xfrm_replay_advance(struct xfrm_state *x, u32 seq);
extern int xfrm_check_selectors(struct xfrm_state **x, int n, struct flowi *fl);
extern int xfrm_check_output(struct xfrm_state *x, struct sk_buff *skb, unsigned short family);
extern int xfrm4_rcv(struct sk_buff *skb);
extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
extern int xfrm4_tunnel_check_size(struct sk_buff *skb);
extern int xfrm6_rcv(struct sk_buff **pskb, unsigned int *nhoffp);
#ifdef CONFIG_XFRM
extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
extern int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen);
extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
#else
static inline int xfrm_user_policy(struct sock *sk, int optname, u8 *optval, int optlen)
{
return -ENOPROTOOPT;
}
static inline int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
{
/* should not happen */
kfree_skb(skb);
return 0;
}
static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family)
{
return -EINVAL;
}
#endif
void xfrm_policy_init(void);
void xfrm4_policy_init(void);
......@@ -810,7 +852,6 @@ extern void xfrm_policy_kill(struct xfrm_policy *);
extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
extern struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl);
extern int xfrm_flush_bundles(struct xfrm_state *x);
extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
extern wait_queue_head_t km_waitq;
extern void km_state_expired(struct xfrm_state *x, int hard);
......
......@@ -83,6 +83,7 @@ config UNIX
config NET_KEY
tristate "PF_KEY sockets"
select XFRM
---help---
PF_KEYv2 socket family, compatible to KAME ones.
They are required if you are going to use IPsec tools ported
......
......@@ -225,7 +225,7 @@ void __kfree_skb(struct sk_buff *skb)
}
dst_release(skb->dst);
#ifdef CONFIG_INET
#ifdef CONFIG_XFRM
secpath_put(skb->sp);
#endif
if(skb->destructor) {
......
......@@ -187,6 +187,7 @@ config IP_PNP_RARP
config NET_IPIP
tristate "IP: tunneling"
depends on INET
select XFRM
---help---
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
......@@ -205,6 +206,7 @@ config NET_IPIP
config NET_IPGRE
tristate "IP: GRE tunnels over IP"
depends on INET
select XFRM
help
Tunneling means encapsulating data of one protocol type within
another protocol and sending it over a channel that understands the
......@@ -343,6 +345,7 @@ config SYN_COOKIES
config INET_AH
tristate "IP: AH transformation"
select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
......@@ -354,6 +357,7 @@ config INET_AH
config INET_ESP
tristate "IP: ESP transformation"
select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
......@@ -366,6 +370,7 @@ config INET_ESP
config INET_IPCOMP
tristate "IP: IPComp transformation"
select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
......
......@@ -23,4 +23,4 @@ obj-$(CONFIG_IP_PNP) += ipconfig.o
obj-$(CONFIG_NETFILTER) += netfilter/
obj-$(CONFIG_IP_VS) += ipvs/
obj-y += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o xfrm4_tunnel.o
......@@ -2785,8 +2785,10 @@ int __init ip_rt_init(void)
create_proc_read_entry("net/rt_acct", 0, 0, ip_rt_acct_read, NULL);
#endif
#endif
#ifdef CONFIG_XFRM
xfrm_init();
xfrm4_init();
#endif
out:
return rc;
out_enomem:
......
......@@ -938,6 +938,9 @@ static void udp_close(struct sock *sk, long timeout)
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
#ifndef CONFIG_XFRM
return 1;
#else
struct udp_opt *up = udp_sk(sk);
struct udphdr *uh = skb->h.uh;
struct iphdr *iph;
......@@ -997,10 +1000,12 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
return -1;
default:
if (net_ratelimit())
printk(KERN_INFO "udp_encap_rcv(): Unhandled UDP encap type: %u\n",
encap_type);
return 1;
}
#endif
}
/* returns:
......
......@@ -22,6 +22,7 @@ config IPV6_PRIVACY
config INET6_AH
tristate "IPv6: AH transformation"
depends on IPV6
select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
......@@ -34,6 +35,7 @@ config INET6_AH
config INET6_ESP
tristate "IPv6: ESP transformation"
depends on IPV6
select XFRM
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_MD5
......@@ -47,6 +49,7 @@ config INET6_ESP
config INET6_IPCOMP
tristate "IPv6: IPComp transformation"
depends on IPV6
select XFRM
select CRYPTO
select CRYPTO_DEFLATE
---help---
......
......@@ -8,8 +8,10 @@ ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o sit.o \
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
ip6_flowlabel.o ipv6_syms.o \
xfrm6_policy.o xfrm6_state.o xfrm6_input.o
ip6_flowlabel.o ipv6_syms.o
ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o
ipv6-objs += $(ipv6-y)
obj-$(CONFIG_INET6_AH) += ah6.o
obj-$(CONFIG_INET6_ESP) += esp6.o
......
......@@ -36,7 +36,9 @@ EXPORT_SYMBOL(in6addr_any);
EXPORT_SYMBOL(in6addr_loopback);
EXPORT_SYMBOL(in6_dev_finish_destroy);
EXPORT_SYMBOL(ip6_find_1stfragopt);
#ifdef CONFIG_XFRM
EXPORT_SYMBOL(xfrm6_rcv);
#endif
EXPORT_SYMBOL(rt6_lookup);
EXPORT_SYMBOL(fl6_sock_lookup);
EXPORT_SYMBOL(ipv6_ext_hdr);
......
......@@ -1988,7 +1988,9 @@ void __init ip6_route_init(void)
if (p)
p->proc_fops = &rt6_stats_seq_fops;
#endif
#ifdef CONFIG_XFRM
xfrm6_init();
#endif
}
#ifdef MODULE
......
......@@ -56,7 +56,6 @@ extern __u32 sysctl_rmem_max;
#include <linux/inet.h>
#include <linux/mroute.h>
#include <linux/igmp.h>
#include <net/xfrm.h>
#if defined(CONFIG_INET_AH) || defined(CONFIG_INET_AH_MODULE) || defined(CONFIG_INET6_AH) || defined(CONFIG_INET6_AH_MODULE)
#include <net/ah.h>
#endif
......@@ -276,6 +275,7 @@ EXPORT_SYMBOL(ip_dev_find);
EXPORT_SYMBOL(inetdev_by_index);
EXPORT_SYMBOL(in_dev_finish_destroy);
EXPORT_SYMBOL(ip_defrag);
EXPORT_SYMBOL(inet_peer_idlock);
/* Route manipulation */
EXPORT_SYMBOL(ip_rt_ioctl);
......@@ -293,80 +293,6 @@ EXPORT_SYMBOL(tcp_proc_unregister);
/* needed for ip_gre -cw */
EXPORT_SYMBOL(ip_statistics);
EXPORT_SYMBOL(xfrm_user_policy);
EXPORT_SYMBOL(km_waitq);
EXPORT_SYMBOL(km_new_mapping);
EXPORT_SYMBOL(xfrm_cfg_sem);
EXPORT_SYMBOL(xfrm_policy_alloc);
EXPORT_SYMBOL(__xfrm_policy_destroy);
EXPORT_SYMBOL(xfrm_lookup);
EXPORT_SYMBOL(__xfrm_policy_check);
EXPORT_SYMBOL(__xfrm_route_forward);
EXPORT_SYMBOL(xfrm_state_alloc);
EXPORT_SYMBOL(__xfrm_state_destroy);
EXPORT_SYMBOL(xfrm_state_find);
EXPORT_SYMBOL(xfrm_state_insert);
EXPORT_SYMBOL(xfrm_state_add);
EXPORT_SYMBOL(xfrm_state_update);
EXPORT_SYMBOL(xfrm_state_check_expire);
EXPORT_SYMBOL(xfrm_state_check_space);
EXPORT_SYMBOL(xfrm_state_lookup);
EXPORT_SYMBOL(xfrm_state_register_afinfo);
EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
EXPORT_SYMBOL(xfrm_state_get_afinfo);
EXPORT_SYMBOL(xfrm_state_put_afinfo);
EXPORT_SYMBOL(xfrm_state_delete_tunnel);
EXPORT_SYMBOL(xfrm_replay_check);
EXPORT_SYMBOL(xfrm_replay_advance);
EXPORT_SYMBOL(xfrm_check_selectors);
EXPORT_SYMBOL(xfrm_check_output);
EXPORT_SYMBOL(__secpath_destroy);
EXPORT_SYMBOL(secpath_dup);
EXPORT_SYMBOL(xfrm_get_acqseq);
EXPORT_SYMBOL(xfrm_parse_spi);
EXPORT_SYMBOL(xfrm4_rcv);
EXPORT_SYMBOL(xfrm4_tunnel_register);
EXPORT_SYMBOL(xfrm4_tunnel_deregister);
EXPORT_SYMBOL(xfrm4_tunnel_check_size);
EXPORT_SYMBOL(xfrm_register_type);
EXPORT_SYMBOL(xfrm_unregister_type);
EXPORT_SYMBOL(xfrm_get_type);
EXPORT_SYMBOL(inet_peer_idlock);
EXPORT_SYMBOL(xfrm_register_km);
EXPORT_SYMBOL(xfrm_unregister_km);
EXPORT_SYMBOL(xfrm_state_delete);
EXPORT_SYMBOL(xfrm_state_walk);
EXPORT_SYMBOL(xfrm_find_acq_byseq);
EXPORT_SYMBOL(xfrm_find_acq);
EXPORT_SYMBOL(xfrm_alloc_spi);
EXPORT_SYMBOL(xfrm_state_flush);
EXPORT_SYMBOL(xfrm_policy_kill);
EXPORT_SYMBOL(xfrm_policy_bysel);
EXPORT_SYMBOL(xfrm_policy_insert);
EXPORT_SYMBOL(xfrm_policy_walk);
EXPORT_SYMBOL(xfrm_policy_flush);
EXPORT_SYMBOL(xfrm_policy_byid);
EXPORT_SYMBOL(xfrm_policy_list);
EXPORT_SYMBOL(xfrm_dst_lookup);
EXPORT_SYMBOL(xfrm_policy_register_afinfo);
EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
EXPORT_SYMBOL(xfrm_policy_get_afinfo);
EXPORT_SYMBOL(xfrm_policy_put_afinfo);
EXPORT_SYMBOL_GPL(xfrm_probe_algs);
EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
EXPORT_SYMBOL_GPL(skb_icv_walk);
#if defined(CONFIG_INET_ESP) || defined(CONFIG_INET_ESP_MODULE) || defined(CONFIG_INET6_ESP) || defined(CONFIG_INET6_ESP_MODULE)
EXPORT_SYMBOL_GPL(skb_cow_data);
EXPORT_SYMBOL_GPL(pskb_put);
......
#
# XFRM configuration
#
config XFRM
bool
depends on NET
config XFRM_USER
tristate "IPsec user configuration interface"
depends on INET
depends on INET && XFRM
---help---
Support for IPsec user configuration interface used
by native Linux tools.
......
......@@ -2,6 +2,7 @@
# Makefile for the XFRM subsystem.
#
obj-y := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o
obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_input.o xfrm_algo.o xfrm_output.o \
xfrm_export.o
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
#include <linux/module.h>
#include <net/xfrm.h>
EXPORT_SYMBOL(xfrm_user_policy);
EXPORT_SYMBOL(km_waitq);
EXPORT_SYMBOL(km_new_mapping);
EXPORT_SYMBOL(xfrm_cfg_sem);
EXPORT_SYMBOL(xfrm_policy_alloc);
EXPORT_SYMBOL(__xfrm_policy_destroy);
EXPORT_SYMBOL(xfrm_lookup);
EXPORT_SYMBOL(__xfrm_policy_check);
EXPORT_SYMBOL(__xfrm_route_forward);
EXPORT_SYMBOL(xfrm_state_alloc);
EXPORT_SYMBOL(__xfrm_state_destroy);
EXPORT_SYMBOL(xfrm_state_find);
EXPORT_SYMBOL(xfrm_state_insert);
EXPORT_SYMBOL(xfrm_state_add);
EXPORT_SYMBOL(xfrm_state_update);
EXPORT_SYMBOL(xfrm_state_check_expire);
EXPORT_SYMBOL(xfrm_state_check_space);
EXPORT_SYMBOL(xfrm_state_lookup);
EXPORT_SYMBOL(xfrm_state_register_afinfo);
EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
EXPORT_SYMBOL(xfrm_state_get_afinfo);
EXPORT_SYMBOL(xfrm_state_put_afinfo);
EXPORT_SYMBOL(xfrm_state_delete_tunnel);
EXPORT_SYMBOL(xfrm_replay_check);
EXPORT_SYMBOL(xfrm_replay_advance);
EXPORT_SYMBOL(xfrm_check_selectors);
EXPORT_SYMBOL(xfrm_check_output);
EXPORT_SYMBOL(__secpath_destroy);
EXPORT_SYMBOL(secpath_dup);
EXPORT_SYMBOL(xfrm_get_acqseq);
EXPORT_SYMBOL(xfrm_parse_spi);
EXPORT_SYMBOL(xfrm4_rcv);
EXPORT_SYMBOL(xfrm4_tunnel_register);
EXPORT_SYMBOL(xfrm4_tunnel_deregister);
EXPORT_SYMBOL(xfrm4_tunnel_check_size);
EXPORT_SYMBOL(xfrm_register_type);
EXPORT_SYMBOL(xfrm_unregister_type);
EXPORT_SYMBOL(xfrm_get_type);
EXPORT_SYMBOL(xfrm_register_km);
EXPORT_SYMBOL(xfrm_unregister_km);
EXPORT_SYMBOL(xfrm_state_delete);
EXPORT_SYMBOL(xfrm_state_walk);
EXPORT_SYMBOL(xfrm_find_acq_byseq);
EXPORT_SYMBOL(xfrm_find_acq);
EXPORT_SYMBOL(xfrm_alloc_spi);
EXPORT_SYMBOL(xfrm_state_flush);
EXPORT_SYMBOL(xfrm_policy_kill);
EXPORT_SYMBOL(xfrm_policy_bysel);
EXPORT_SYMBOL(xfrm_policy_insert);
EXPORT_SYMBOL(xfrm_policy_walk);
EXPORT_SYMBOL(xfrm_policy_flush);
EXPORT_SYMBOL(xfrm_policy_byid);
EXPORT_SYMBOL(xfrm_policy_list);
EXPORT_SYMBOL(xfrm_dst_lookup);
EXPORT_SYMBOL(xfrm_policy_register_afinfo);
EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
EXPORT_SYMBOL(xfrm_policy_get_afinfo);
EXPORT_SYMBOL(xfrm_policy_put_afinfo);
EXPORT_SYMBOL_GPL(xfrm_probe_algs);
EXPORT_SYMBOL_GPL(xfrm_count_auth_supported);
EXPORT_SYMBOL_GPL(xfrm_count_enc_supported);
EXPORT_SYMBOL_GPL(xfrm_aalg_get_byidx);
EXPORT_SYMBOL_GPL(xfrm_ealg_get_byidx);
EXPORT_SYMBOL_GPL(xfrm_calg_get_byidx);
EXPORT_SYMBOL_GPL(xfrm_aalg_get_byid);
EXPORT_SYMBOL_GPL(xfrm_ealg_get_byid);
EXPORT_SYMBOL_GPL(xfrm_calg_get_byid);
EXPORT_SYMBOL_GPL(xfrm_aalg_get_byname);
EXPORT_SYMBOL_GPL(xfrm_ealg_get_byname);
EXPORT_SYMBOL_GPL(xfrm_calg_get_byname);
EXPORT_SYMBOL_GPL(skb_icv_walk);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment