Committer: Diego Biurrun <diego@xxxxxxxxxx> Date: 12/05/2010 at 15:29:52 Revision: 4496 Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Branch nick: trunk Log: Remove pfkey/ipsec code. Modified: D hipd/pfkeyapi.c D lib/ipsec/ D lib/ipsec/ipsec_set_policy.3 D lib/ipsec/ipsec_strerror.3 D lib/ipsec/ipsec_strerror.c D lib/ipsec/ipsec_strerror.h D lib/ipsec/libpfkey.h D lib/ipsec/pfkey.c D lib/ipsec/pfkeyv2.h D lib/ipsec/policy_parse.c D lib/ipsec/policy_parse.h D lib/ipsec/policy_parse.y D lib/ipsec/policy_token.l D lib/tool/pfkeysadb.c D lib/tool/pfkeysadb.h D patches/kernel/2.6.22.6/pfkey_xfrmuser_interfamily-2.6.22.6.patch M COPYING M Makefile.am M configure.ac M hipd/init.c M lib/tool/xfrmapi.c M tools/hipl_autobuild.sh === modified file 'COPYING' --- COPYING 2010-03-30 12:41:08 +0000 +++ COPYING 2010-05-12 12:29:33 +0000 @@ -35,7 +35,6 @@ * firewall/user_ipsec_esp.c * tools/DNS * lib/tool - * lib/ipsec * i3 MIT (Expat) License === modified file 'Makefile.am' --- Makefile.am 2010-05-12 10:09:10 +0000 +++ Makefile.am 2010-05-12 12:29:33 +0000 @@ -5,11 +5,9 @@ # For "make dist" EXTRA_DIST = .vimrc debian doc patches release.version version.h EXTRA_DIST += i3/i3-cfg-PL.xml i3/aeshash/aescpp.hh i3/i3/i3_debug.c i3/utils/netwrap_win32.c -EXTRA_DIST += lib/ipsec/policy_parse.c lib/ipsec/policy_parse.y lib/ipsec/policy_token.l EXTRA_DIST += packaging tools/maintainer EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/agent/,*.lang)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/lib/dht/,*.txt)) -EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/lib/ipsec/,*.3)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/test/,*.pl *.sh)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/tools/,*.cfg *.pl *.sh)) EXTRA_DIST += $(wildcard $(addprefix $(srcdir)/firewall/,*.cfg)) @@ -60,10 +58,6 @@ ### libraries ### lib_LTLIBRARIES = lib/core/libhipcore.la -if HIP_PFKEY -lib_LTLIBRARIES += lib/ipsec/libhipsec.la -endif - if HIP_OPPORTUNISTIC lib_LTLIBRARIES += lib/opphip/libopphip.la endif @@ -130,10 +124,6 @@ hipd_hipd_SOURCES += hipd/dht.c endif -if HIP_PFKEY -hipd_hipd_SOURCES += hipd/pfkeyapi.c -endif - if HIP_MIDAUTH hipd_hipd_SOURCES += hipd/pisa.c endif @@ -221,7 +211,8 @@ lib/tool/checksum.c \ lib/tool/lutil.c \ lib/tool/nlink.c \ - lib/tool/pk.c + lib/tool/pk.c \ + lib/tool/xfrmapi.c if HIP_AGENT lib_core_libhipcore_la_SOURCES += lib/core/sqlitedbapi.c @@ -236,13 +227,6 @@ lib_core_libhipcore_la_SOURCES += lib/core/performance.c endif -# don't use libipsec, but xfrmapi -if HIP_PFKEY -lib_core_libhipcore_la_SOURCES += lib/tool/pfkeysadb.c -else -lib_core_libhipcore_la_SOURCES += lib/tool/xfrmapi.c -endif # HIPPFKEY - lib_opphip_libopphip_la_SOURCES = lib/opphip/wrap.c \ lib/opphip/wrap_db.c @@ -306,32 +290,6 @@ i3_chord_gen_conf_same_SOURCES = i3/chord/gen_conf_same.c i3_chord_test_SOURCES = i3/chord/test.c -############################ NOTE ################################## -# -# Note: when you upgrade this library, please do the following: -# -# 1. uncomment policy_parse.y and policy_token.l lines -# 2. "make" -# 3. disable the policy_parse.y and policy_token.l lines again -# 4. commit the code (including lex/yacc generated c files) -# -# I could not make the lex/yacc stuff work with "make dist" which -# is mandatory for building e.g. rpm packages. -mk -#################################################################### -lib_ipsec_libhipsec_la_SOURCES = lib/ipsec/ipsec_strerror.c \ - lib/ipsec/pfkey.c \ - #lib/ipsec/policy_parse.y \ - #lib/ipsec/policy_token.l - -AM_YFLAGS = -d -p __libhipsec -AM_LFLAGS = -P__libhipsec -olex.yy.c - -# version is current:revision:age. -# See: http://www.gnu.org/manual/libtool-1.4.2/html_chapter/libtool_6.html#SEC32 -#lib_ipsec_libhipsec_la_LDFLAGS = -version-info 0:1:0 -#lib_ipsec_libhipsec_la_LIBADD = $(LEXLIB) - -#DISTCLEANFILES = lib/ipsec/policy_parse.c lib/ipsec/policy_token.c ### library dependencies ### @@ -349,10 +307,6 @@ hipd_hipd_LDADD += i3/libi3.la endif -if HIP_PFKEY -hipd_hipd_LDADD += lib/ipsec/libhipsec.la -endif - agent_hipagent_LDADD = lib/gui/libhipgui.la \ lib/core/libhipcore.la === modified file 'configure.ac' --- configure.ac 2010-05-03 16:43:45 +0000 +++ configure.ac 2010-05-12 12:29:33 +0000 @@ -124,21 +124,6 @@ fi AM_CONDITIONAL(HIP_AGENT, test x"$ac_cv_use_agent" = x"yes") -AC_ARG_ENABLE(pfkey, - AS_HELP_STRING([--enable-pfkey], - [HIP pfkey extensions (default is NO)]), - [ac_cv_use_pfkey=$enableval], - [ac_cv_use_pfkey=no]) -AC_CACHE_CHECK([whether to use pfkey extensions], - [ac_cv_use_pfkey], - [ac_cv_use_pfkey=no]) -if test x"$ac_cv_use_pfkey" = x"yes"; then - AC_DEFINE(CONFIG_HIP_PFKEY) - AH_TEMPLATE(CONFIG_HIP_PFKEY, [Defined to 1 if pfkey is enabled.]) - AM_PROG_LEX -fi -AM_CONDITIONAL(HIP_PFKEY, test x"$ac_cv_use_pfkey" = x"yes") - AC_ARG_ENABLE(rvs, AS_HELP_STRING([--enable-rvs], [HIP Rendezvous Extensions (default is YES)]), === modified file 'hipd/init.c' --- hipd/init.c 2010-05-12 10:09:10 +0000 +++ hipd/init.c 2010-05-12 12:29:33 +0000 @@ -182,8 +182,6 @@ * - XFRM_BEET changed from 2 to 4 * - crypto algo names changed */ - -#ifndef CONFIG_HIP_PFKEY if (rel[0] <= 2 && rel[1] <= 6 && rel[2] < 19) { hip_xfrm_set_beet(2); hip_xfrm_set_algo_names(0); @@ -193,7 +191,6 @@ } /* This requires new kernel versions (the 2.6.18 patch) - jk */ hip_xfrm_set_default_sa_prefix_len(128); -#endif } #ifdef CONFIG_HIP_AGENT @@ -1059,9 +1056,7 @@ goto out_err; } -#ifndef CONFIG_HIP_PFKEY hip_xfrm_set_nl_ipsec(&hip_nl_ipsec); -#endif HIP_IFEL(hip_init_raw_sock_v6(&hip_raw_sock_output_v6, IPPROTO_HIP), -1, "raw sock output v6\n"); HIP_IFEL(hip_init_raw_sock_v4(&hip_raw_sock_output_v4, IPPROTO_HIP), -1, "raw sock output v4\n"); === removed directory 'lib/ipsec' === modified file 'lib/tool/xfrmapi.c' --- lib/tool/xfrmapi.c 2010-04-16 01:30:31 +0000 +++ lib/tool/xfrmapi.c 2010-05-12 12:29:33 +0000 @@ -530,7 +530,6 @@ in_port_t sport, dport; // Ignore the dst_addr, because xfrm accepts only one address. - // dst_addr is used only in pfkeyapi.c _HIP_DEBUG("spi=0x%x\n", spi); _HIP_DEBUG_IN6ADDR("SA daddr", peer_addr); @@ -589,8 +588,7 @@ * @return zero on success and non-zero on error * @note IPv4 addresses in IPv6 mapped format * @note If you make changes to this function, please change also - * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa() and - * pfkeyapi.c:add_sa() + * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa(). */ uint32_t hip_add_sa(const struct in6_addr *saddr, const struct in6_addr *daddr, === modified file 'tools/hipl_autobuild.sh' --- tools/hipl_autobuild.sh 2010-05-12 10:43:39 +0000 +++ tools/hipl_autobuild.sh 2010-05-12 12:29:33 +0000 @@ -109,10 +109,10 @@ run_program "make -j17 distcheck" # PISA configuration -compile --enable-firewall --disable-agent --disable-pfkey --disable-rvs --disable-hipproxy --disable-i3 --disable-opportunistic --disable-dht --disable-blind --disable-profiling --enable-debug --enable-midauth --disable-performance --disable-demo +compile --enable-firewall --disable-agent --disable-rvs --disable-hipproxy --disable-i3 --disable-opportunistic --disable-dht --disable-blind --disable-profiling --enable-debug --enable-midauth --disable-performance --disable-demo # Alternative path to vanilla -compile --enable-firewall --enable-agent --enable-pfkey --disable-rvs --disable-hipproxy --enable-i3 --disable-opportunistic --disable-dht --enable-blind --enable-profiling --disable-debug --enable-midauth --enable-performance --enable-demo +compile --enable-firewall --enable-agent --disable-rvs --disable-hipproxy --enable-i3 --disable-opportunistic --disable-dht --enable-blind --enable-profiling --disable-debug --enable-midauth --enable-performance --enable-demo # Compile HIPL within an OpenWrt checkout CONFIGURATION="OpenWrt ARM crosscompile"