[IPSEC]: Implement UDP Encapsulation framework.

In particular, implement ESPinUDP encapsulation for IPsec
Nat Traversal.

3 files changed, 40 insertions, 2 deletions

diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index efb41c857ea3..b5efb37a1c2f 100644
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -194,6 +194,26 @@ struct sadb_x_ipsecrequest {
 } __attribute__((packed));
 /* sizeof(struct sadb_x_ipsecrequest) == 16 */
 
+/* This defines the TYPE of Nat Traversal in use.  Currently only one
+ * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
+ */
+struct sadb_x_nat_t_type {
+	uint16_t	sadb_x_nat_t_type_len;
+	uint16_t	sadb_x_nat_t_type_exttype;
+	uint8_t		sadb_x_nat_t_type_type;
+	uint8_t		sadb_x_nat_t_type_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_type) == 8 */
+
+/* Pass a NAT Traversal port (Source or Dest port) */
+struct sadb_x_nat_t_port {
+	uint16_t	sadb_x_nat_t_port_len;
+	uint16_t	sadb_x_nat_t_port_exttype;
+	uint16_t	sadb_x_nat_t_port_port;
+	uint16_t	sadb_x_nat_t_port_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_port) == 8 */
+
 /* Message types */
 #define SADB_RESERVED		0
 #define SADB_GETSPI		1
@@ -218,7 +238,8 @@ struct sadb_x_ipsecrequest {
 #define SADB_X_SPDSETIDX	20
 #define SADB_X_SPDEXPIRE	21
 #define SADB_X_SPDDELETE2	22
-#define SADB_MAX		22
+#define SADB_X_NAT_T_NEW_MAPPING	23
+#define SADB_MAX		23
 
 /* Security Association flags */
 #define SADB_SAFLAGS_PFS	1
@@ -291,7 +312,12 @@ struct sadb_x_ipsecrequest {
 #define SADB_X_EXT_KMPRIVATE		17
 #define SADB_X_EXT_POLICY		18
 #define SADB_X_EXT_SA2			19
-#define SADB_EXT_MAX			19
+/* The next four entries are for setting up NAT Traversal */
+#define SADB_X_EXT_NAT_T_TYPE		20
+#define SADB_X_EXT_NAT_T_SPORT		21
+#define SADB_X_EXT_NAT_T_DPORT		22
+#define SADB_X_EXT_NAT_T_OA		23
+#define SADB_EXT_MAX			23
 
 /* Identity Extension values */
 #define SADB_IDENTTYPE_RESERVED	0
diff --git a/include/linux/udp.h b/include/linux/udp.h
index 5bdb970a1b69..2cd62b5b79f3 100644
--- a/include/linux/udp.h
+++ b/include/linux/udp.h
@@ -30,10 +30,15 @@ struct udphdr {
 
 /* UDP socket options */
 #define UDP_CORK	1	/* Never send partially complete segments */
+#define UDP_ENCAP	100	/* Set the socket to accept encapsulated packets */
+
+/* UDP encapsulation types */
+#define UDP_ENCAP_ESPINUDP	2 /* draft-ietf-ipsec-udp-encaps-06 */
 
 struct udp_opt {
 	int		pending;	/* Any pending frames ? */
 	unsigned int	corkflag;	/* Cork is required */
+  	__u16		encap_type;	/* Is this an Encapsulation socket? */
 	/*
 	 * Following members retains the infomation to create a UDP header
 	 * when the socket is uncorked.
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 8b1ae0cc3ebe..46144681c5a7 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -130,12 +130,19 @@ struct xfrm_user_tmpl {
 	__u32			calgos;
 };
 
+struct xfrm_encap_tmpl {
+	__u16		encap_type;
+	__u16		encap_sport;
+	__u16		encap_dport;
+};
+
 /* Netlink message attributes.  */
 enum xfrm_attr_type_t {
 	XFRMA_UNSPEC,
 	XFRMA_ALG_AUTH,		/* struct xfrm_algo */
 	XFRMA_ALG_CRYPT,	/* struct xfrm_algo */
 	XFRMA_ALG_COMP,		/* struct xfrm_algo */
+	XFRMA_ENCAP,		/* struct xfrm_algo + struct xfrm_encap_tmpl */
 	XFRMA_TMPL,		/* 1 or more struct xfrm_user_tmpl */
 
 #define XFRMA_MAX XFRMA_TMPL