1
/*
2
 * Copyright (C)2002 USAGI/WIDE Project
3
 *
4
 * This program is free software; you can redistribute it and/or modify
5
 * it under the terms of the GNU General Public License as published by
6
 * the Free Software Foundation; either version 2 of the License, or
7
 * (at your option) any later version.
8
 *
9
 * This program is distributed in the hope that it will be useful,
10
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
 * GNU General Public License for more details.
13
 *
14
 * You should have received a copy of the GNU General Public License
15
 * along with this program; if not, write to the Free Software
16
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
17
 *
18
 * Authors
19
 *
20
 *	Mitsuru KANDA @USAGI       : IPv6 Support
21
 * 	Kazunori MIYAZAWA @USAGI   :
22
 * 	Kunihiro Ishiguro <[email protected]>
23
 *
24
 * 	This file is derived from net/ipv4/esp.c
25
 */
26

27
#include <crypto/aead.h>
28
#include <crypto/authenc.h>
29
#include <linux/err.h>
30
#include <linux/module.h>
31
#include <net/ip.h>
32
#include <net/xfrm.h>
33
#include <net/esp.h>
34
#include <linux/scatterlist.h>
35
#include <linux/kernel.h>
36
#include <linux/pfkeyv2.h>
37
#include <linux/random.h>
38
#include <linux/slab.h>
39
#include <linux/spinlock.h>
40
#include <net/icmp.h>
41
#include <net/ipv6.h>
42
#include <net/protocol.h>
43
#include <linux/icmpv6.h>
44

45
struct esp_skb_cb {
46
	struct xfrm_skb_cb xfrm;
47
	void *tmp;
48
};
49

50
#define ESP_SKB_CB(__skb) ((struct esp_skb_cb *)&((__skb)->cb[0]))
51

52
static u32 esp6_get_mtu(struct xfrm_state *x, int mtu);
53

54
/*
55
 * Allocate an AEAD request structure with extra space for SG and IV.
56
 *
57
 * For alignment considerations the upper 32 bits of the sequence number are
58
 * placed at the front, if present. Followed by the IV, the request and finally
59
 * the SG list.
60
 *
61
 * TODO: Use spare space in skb for this where possible.
62
 */
63
static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags, int seqihlen)
64
{
65
	unsigned int len;
66

67
	len = seqihlen;
68

69
	len += crypto_aead_ivsize(aead);
70

71
	if (len) {
72
		len += crypto_aead_alignmask(aead) &
73
		       ~(crypto_tfm_ctx_alignment() - 1);
74
		len = ALIGN(len, crypto_tfm_ctx_alignment());
75
	}
76

77
	len += sizeof(struct aead_givcrypt_request) + crypto_aead_reqsize(aead);
78
	len = ALIGN(len, __alignof__(struct scatterlist));
79

80
	len += sizeof(struct scatterlist) * nfrags;
81

82
	return kmalloc(len, GFP_ATOMIC);
83
}
84

85
static inline __be32 *esp_tmp_seqhi(void *tmp)
86
{
87
	return PTR_ALIGN((__be32 *)tmp, __alignof__(__be32));
88
}
89

90
static inline u8 *esp_tmp_iv(struct crypto_aead *aead, void *tmp, int seqhilen)
91
{
92
	return crypto_aead_ivsize(aead) ?
93
	       PTR_ALIGN((u8 *)tmp + seqhilen,
94
			 crypto_aead_alignmask(aead) + 1) : tmp + seqhilen;
95
}
96

97
static inline struct aead_givcrypt_request *esp_tmp_givreq(
98
	struct crypto_aead *aead, u8 *iv)
99
{
100
	struct aead_givcrypt_request *req;
101

102
	req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
103
				crypto_tfm_ctx_alignment());
104
	aead_givcrypt_set_tfm(req, aead);
105
	return req;
106
}
107

108
static inline struct aead_request *esp_tmp_req(struct crypto_aead *aead, u8 *iv)
109
{
110
	struct aead_request *req;
111

112
	req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead),
113
				crypto_tfm_ctx_alignment());
114
	aead_request_set_tfm(req, aead);
115
	return req;
116
}
117

118
static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
119
					     struct aead_request *req)
120
{
121
	return (void *)ALIGN((unsigned long)(req + 1) +
122
			     crypto_aead_reqsize(aead),
123
			     __alignof__(struct scatterlist));
124
}
125

126
static inline struct scatterlist *esp_givreq_sg(
127
	struct crypto_aead *aead, struct aead_givcrypt_request *req)
128
{
129
	return (void *)ALIGN((unsigned long)(req + 1) +
130
			     crypto_aead_reqsize(aead),
131
			     __alignof__(struct scatterlist));
132
}
133

134
static void esp_output_done(struct crypto_async_request *base, int err)
135
{
136
	struct sk_buff *skb = base->data;
137

138
	kfree(ESP_SKB_CB(skb)->tmp);
139
	xfrm_output_resume(skb, err);
140
}
141

142
static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
143
{
144
	int err;
145
	struct ip_esp_hdr *esph;
146
	struct crypto_aead *aead;
147
	struct aead_givcrypt_request *req;
148
	struct scatterlist *sg;
149
	struct scatterlist *asg;
150
	struct sk_buff *trailer;
151
	void *tmp;
152
	int blksize;
153
	int clen;
154
	int alen;
155
	int plen;
156
	int tfclen;
157
	int nfrags;
158
	int assoclen;
159
	int sglists;
160
	int seqhilen;
161
	u8 *iv;
162
	u8 *tail;
163
	__be32 *seqhi;
164
	struct esp_data *esp = x->data;
165

166
	/* skb is pure payload to encrypt */
167
	err = -ENOMEM;
168

169
	aead = esp->aead;
170
	alen = crypto_aead_authsize(aead);
171

172
	tfclen = 0;
173
	if (x->tfcpad) {
174
		struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb);
175
		u32 padto;
176

177
		padto = min(x->tfcpad, esp6_get_mtu(x, dst->child_mtu_cached));
178
		if (skb->len < padto)
179
			tfclen = padto - skb->len;
180
	}
181
	blksize = ALIGN(crypto_aead_blocksize(aead), 4);
182
	clen = ALIGN(skb->len + 2 + tfclen, blksize);
183
	if (esp->padlen)
184
		clen = ALIGN(clen, esp->padlen);
185
	plen = clen - skb->len - tfclen;
186

187
	err = skb_cow_data(skb, tfclen + plen + alen, &trailer);
188
	if (err < 0)
189
		goto error;
190
	nfrags = err;
191

192
	assoclen = sizeof(*esph);
193
	sglists = 1;
194
	seqhilen = 0;
195

196
	if (x->props.flags & XFRM_STATE_ESN) {
197
		sglists += 2;
198
		seqhilen += sizeof(__be32);
199
		assoclen += seqhilen;
200
	}
201

202
	tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
203
	if (!tmp)
204
		goto error;
205

206
	seqhi = esp_tmp_seqhi(tmp);
207
	iv = esp_tmp_iv(aead, tmp, seqhilen);
208
	req = esp_tmp_givreq(aead, iv);
209
	asg = esp_givreq_sg(aead, req);
210
	sg = asg + sglists;
211

212
	/* Fill padding... */
213
	tail = skb_tail_pointer(trailer);
214
	if (tfclen) {
215
		memset(tail, 0, tfclen);
216
		tail += tfclen;
217
	}
218
	do {
219
		int i;
220
		for (i = 0; i < plen - 2; i++)
221
			tail[i] = i + 1;
222
	} while (0);
223
	tail[plen - 2] = plen - 2;
224
	tail[plen - 1] = *skb_mac_header(skb);
225
	pskb_put(skb, trailer, clen - skb->len + alen);
226

227
	skb_push(skb, -skb_network_offset(skb));
228
	esph = ip_esp_hdr(skb);
229
	*skb_mac_header(skb) = IPPROTO_ESP;
230

231
	esph->spi = x->id.spi;
232
	esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
233

234
	sg_init_table(sg, nfrags);
235
	skb_to_sgvec(skb, sg,
236
		     esph->enc_data + crypto_aead_ivsize(aead) - skb->data,
237
		     clen + alen);
238

239
	if ((x->props.flags & XFRM_STATE_ESN)) {
240
		sg_init_table(asg, 3);
241
		sg_set_buf(asg, &esph->spi, sizeof(__be32));
242
		*seqhi = htonl(XFRM_SKB_CB(skb)->seq.output.hi);
243
		sg_set_buf(asg + 1, seqhi, seqhilen);
244
		sg_set_buf(asg + 2, &esph->seq_no, sizeof(__be32));
245
	} else
246
		sg_init_one(asg, esph, sizeof(*esph));
247

248
	aead_givcrypt_set_callback(req, 0, esp_output_done, skb);
249
	aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
250
	aead_givcrypt_set_assoc(req, asg, assoclen);
251
	aead_givcrypt_set_giv(req, esph->enc_data,
252
			      XFRM_SKB_CB(skb)->seq.output.low);
253

254
	ESP_SKB_CB(skb)->tmp = tmp;
255
	err = crypto_aead_givencrypt(req);
256
	if (err == -EINPROGRESS)
257
		goto error;
258

259
	if (err == -EBUSY)
260
		err = NET_XMIT_DROP;
261

262
	kfree(tmp);
263

264
error:
265
	return err;
266
}
267

268
static int esp_input_done2(struct sk_buff *skb, int err)
269
{
270
	struct xfrm_state *x = xfrm_input_state(skb);
271
	struct esp_data *esp = x->data;
272
	struct crypto_aead *aead = esp->aead;
273
	int alen = crypto_aead_authsize(aead);
274
	int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead);
275
	int elen = skb->len - hlen;
276
	int hdr_len = skb_network_header_len(skb);
277
	int padlen;
278
	u8 nexthdr[2];
279

280
	kfree(ESP_SKB_CB(skb)->tmp);
281

282
	if (unlikely(err))
283
		goto out;
284

285
	if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2))
286
		BUG();
287

288
	err = -EINVAL;
289
	padlen = nexthdr[0];
290
	if (padlen + 2 + alen >= elen) {
291
		LIMIT_NETDEBUG(KERN_WARNING "ipsec esp packet is garbage "
292
			       "padlen=%d, elen=%d\n", padlen + 2, elen - alen);
293
		goto out;
294
	}
295

296
	/* ... check padding bits here. Silly. :-) */
297

298
	pskb_trim(skb, skb->len - alen - padlen - 2);
299
	__skb_pull(skb, hlen);
300
	skb_set_transport_header(skb, -hdr_len);
301

302
	err = nexthdr[1];
303

304
	/* RFC4303: Drop dummy packets without any error */
305
	if (err == IPPROTO_NONE)
306
		err = -EINVAL;
307

308
out:
309
	return err;
310
}
311

312
static void esp_input_done(struct crypto_async_request *base, int err)
313
{
314
	struct sk_buff *skb = base->data;
315

316
	xfrm_input_resume(skb, esp_input_done2(skb, err));
317
}
318

319
static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
320
{
321
	struct ip_esp_hdr *esph;
322
	struct esp_data *esp = x->data;
323
	struct crypto_aead *aead = esp->aead;
324
	struct aead_request *req;
325
	struct sk_buff *trailer;
326
	int elen = skb->len - sizeof(*esph) - crypto_aead_ivsize(aead);
327
	int nfrags;
328
	int assoclen;
329
	int sglists;
330
	int seqhilen;
331
	int ret = 0;
332
	void *tmp;
333
	__be32 *seqhi;
334
	u8 *iv;
335
	struct scatterlist *sg;
336
	struct scatterlist *asg;
337

338
	if (!pskb_may_pull(skb, sizeof(*esph) + crypto_aead_ivsize(aead))) {
339
		ret = -EINVAL;
340
		goto out;
341
	}
342

343
	if (elen <= 0) {
344
		ret = -EINVAL;
345
		goto out;
346
	}
347

348
	if ((nfrags = skb_cow_data(skb, 0, &trailer)) < 0) {
349
		ret = -EINVAL;
350
		goto out;
351
	}
352

353
	ret = -ENOMEM;
354

355
	assoclen = sizeof(*esph);
356
	sglists = 1;
357
	seqhilen = 0;
358

359
	if (x->props.flags & XFRM_STATE_ESN) {
360
		sglists += 2;
361
		seqhilen += sizeof(__be32);
362
		assoclen += seqhilen;
363
	}
364

365
	tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
366
	if (!tmp)
367
		goto out;
368

369
	ESP_SKB_CB(skb)->tmp = tmp;
370
	seqhi = esp_tmp_seqhi(tmp);
371
	iv = esp_tmp_iv(aead, tmp, seqhilen);
372
	req = esp_tmp_req(aead, iv);
373
	asg = esp_req_sg(aead, req);
374
	sg = asg + sglists;
375

376
	skb->ip_summed = CHECKSUM_NONE;
377

378
	esph = (struct ip_esp_hdr *)skb->data;
379

380
	/* Get ivec. This can be wrong, check against another impls. */
381
	iv = esph->enc_data;
382

383
	sg_init_table(sg, nfrags);
384
	skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen);
385

386
	if ((x->props.flags & XFRM_STATE_ESN)) {
387
		sg_init_table(asg, 3);
388
		sg_set_buf(asg, &esph->spi, sizeof(__be32));
389
		*seqhi = XFRM_SKB_CB(skb)->seq.input.hi;
390
		sg_set_buf(asg + 1, seqhi, seqhilen);
391
		sg_set_buf(asg + 2, &esph->seq_no, sizeof(__be32));
392
	} else
393
		sg_init_one(asg, esph, sizeof(*esph));
394

395
	aead_request_set_callback(req, 0, esp_input_done, skb);
396
	aead_request_set_crypt(req, sg, sg, elen, iv);
397
	aead_request_set_assoc(req, asg, assoclen);
398

399
	ret = crypto_aead_decrypt(req);
400
	if (ret == -EINPROGRESS)
401
		goto out;
402

403
	ret = esp_input_done2(skb, ret);
404

405
out:
406
	return ret;
407
}
408

409
static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
410
{
411
	struct esp_data *esp = x->data;
412
	u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4);
413
	u32 align = max_t(u32, blksize, esp->padlen);
414
	u32 rem;
415

416
	mtu -= x->props.header_len + crypto_aead_authsize(esp->aead);
417
	rem = mtu & (align - 1);
418
	mtu &= ~(align - 1);
419

420
	if (x->props.mode != XFRM_MODE_TUNNEL) {
421
		u32 padsize = ((blksize - 1) & 7) + 1;
422
		mtu -= blksize - padsize;
423
		mtu += min_t(u32, blksize - padsize, rem);
424
	}
425

426
	return mtu - 2;
427
}
428

429
static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
430
		     u8 type, u8 code, int offset, __be32 info)
431
{
432
	struct net *net = dev_net(skb->dev);
433
	const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
434
	struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset);
435
	struct xfrm_state *x;
436

437
	if (type != ICMPV6_DEST_UNREACH &&
438
	    type != ICMPV6_PKT_TOOBIG)
439
		return;
440

441
	x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
442
			      esph->spi, IPPROTO_ESP, AF_INET6);
443
	if (!x)
444
		return;
445
	printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n",
446
			ntohl(esph->spi), &iph->daddr);
447
	xfrm_state_put(x);
448
}
449

450
static void esp6_destroy(struct xfrm_state *x)
451
{
452
	struct esp_data *esp = x->data;
453

454
	if (!esp)
455
		return;
456

457
	crypto_free_aead(esp->aead);
458
	kfree(esp);
459
}
460

461
static int esp_init_aead(struct xfrm_state *x)
462
{
463
	struct esp_data *esp = x->data;
464
	struct crypto_aead *aead;
465
	int err;
466

467
	aead = crypto_alloc_aead(x->aead->alg_name, 0, 0);
468
	err = PTR_ERR(aead);
469
	if (IS_ERR(aead))
470
		goto error;
471

472
	esp->aead = aead;
473

474
	err = crypto_aead_setkey(aead, x->aead->alg_key,
475
				 (x->aead->alg_key_len + 7) / 8);
476
	if (err)
477
		goto error;
478

479
	err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8);
480
	if (err)
481
		goto error;
482

483
error:
484
	return err;
485
}
486

487
static int esp_init_authenc(struct xfrm_state *x)
488
{
489
	struct esp_data *esp = x->data;
490
	struct crypto_aead *aead;
491
	struct crypto_authenc_key_param *param;
492
	struct rtattr *rta;
493
	char *key;
494
	char *p;
495
	char authenc_name[CRYPTO_MAX_ALG_NAME];
496
	unsigned int keylen;
497
	int err;
498

499
	err = -EINVAL;
500
	if (x->ealg == NULL)
501
		goto error;
502

503
	err = -ENAMETOOLONG;
504

505
	if ((x->props.flags & XFRM_STATE_ESN)) {
506
		if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
507
			     "authencesn(%s,%s)",
508
			     x->aalg ? x->aalg->alg_name : "digest_null",
509
			     x->ealg->alg_name) >= CRYPTO_MAX_ALG_NAME)
510
			goto error;
511
	} else {
512
		if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME,
513
			     "authenc(%s,%s)",
514
			     x->aalg ? x->aalg->alg_name : "digest_null",
515
			     x->ealg->alg_name) >= CRYPTO_MAX_ALG_NAME)
516
			goto error;
517
	}
518

519
	aead = crypto_alloc_aead(authenc_name, 0, 0);
520
	err = PTR_ERR(aead);
521
	if (IS_ERR(aead))
522
		goto error;
523

524
	esp->aead = aead;
525

526
	keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) +
527
		 (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param));
528
	err = -ENOMEM;
529
	key = kmalloc(keylen, GFP_KERNEL);
530
	if (!key)
531
		goto error;
532

533
	p = key;
534
	rta = (void *)p;
535
	rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM;
536
	rta->rta_len = RTA_LENGTH(sizeof(*param));
537
	param = RTA_DATA(rta);
538
	p += RTA_SPACE(sizeof(*param));
539

540
	if (x->aalg) {
541
		struct xfrm_algo_desc *aalg_desc;
542

543
		memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8);
544
		p += (x->aalg->alg_key_len + 7) / 8;
545

546
		aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0);
547
		BUG_ON(!aalg_desc);
548

549
		err = -EINVAL;
550
		if (aalg_desc->uinfo.auth.icv_fullbits/8 !=
551
		    crypto_aead_authsize(aead)) {
552
			NETDEBUG(KERN_INFO "ESP: %s digestsize %u != %hu\n",
553
				 x->aalg->alg_name,
554
				 crypto_aead_authsize(aead),
555
				 aalg_desc->uinfo.auth.icv_fullbits/8);
556
			goto free_key;
557
		}
558

559
		err = crypto_aead_setauthsize(
560
			aead, x->aalg->alg_trunc_len / 8);
561
		if (err)
562
			goto free_key;
563
	}
564

565
	param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8);
566
	memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8);
567

568
	err = crypto_aead_setkey(aead, key, keylen);
569

570
free_key:
571
	kfree(key);
572

573
error:
574
	return err;
575
}
576

577
static int esp6_init_state(struct xfrm_state *x)
578
{
579
	struct esp_data *esp;
580
	struct crypto_aead *aead;
581
	u32 align;
582
	int err;
583

584
	if (x->encap)
585
		return -EINVAL;
586

587
	esp = kzalloc(sizeof(*esp), GFP_KERNEL);
588
	if (esp == NULL)
589
		return -ENOMEM;
590

591
	x->data = esp;
592

593
	if (x->aead)
594
		err = esp_init_aead(x);
595
	else
596
		err = esp_init_authenc(x);
597

598
	if (err)
599
		goto error;
600

601
	aead = esp->aead;
602

603
	esp->padlen = 0;
604

605
	x->props.header_len = sizeof(struct ip_esp_hdr) +
606
			      crypto_aead_ivsize(aead);
607
	switch (x->props.mode) {
608
	case XFRM_MODE_BEET:
609
		if (x->sel.family != AF_INET6)
610
			x->props.header_len += IPV4_BEET_PHMAXLEN +
611
				               (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
612
		break;
613
	case XFRM_MODE_TRANSPORT:
614
		break;
615
	case XFRM_MODE_TUNNEL:
616
		x->props.header_len += sizeof(struct ipv6hdr);
617
		break;
618
	default:
619
		goto error;
620
	}
621

622
	align = ALIGN(crypto_aead_blocksize(aead), 4);
623
	if (esp->padlen)
624
		align = max_t(u32, align, esp->padlen);
625
	x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead);
626

627
error:
628
	return err;
629
}
630

631
static const struct xfrm_type esp6_type =
632
{
633
	.description	= "ESP6",
634
	.owner	     	= THIS_MODULE,
635
	.proto	     	= IPPROTO_ESP,
636
	.flags		= XFRM_TYPE_REPLAY_PROT,
637
	.init_state	= esp6_init_state,
638
	.destructor	= esp6_destroy,
639
	.get_mtu	= esp6_get_mtu,
640
	.input		= esp6_input,
641
	.output		= esp6_output,
642
	.hdr_offset	= xfrm6_find_1stfragopt,
643
};
644

645
static const struct inet6_protocol esp6_protocol = {
646
	.handler 	=	xfrm6_rcv,
647
	.err_handler	=	esp6_err,
648
	.flags		=	INET6_PROTO_NOPOLICY,
649
};
650

651
static int __init esp6_init(void)
652
{
653
	if (xfrm_register_type(&esp6_type, AF_INET6) < 0) {
654
		printk(KERN_INFO "ipv6 esp init: can't add xfrm type\n");
655
		return -EAGAIN;
656
	}
657
	if (inet6_add_protocol(&esp6_protocol, IPPROTO_ESP) < 0) {
658
		printk(KERN_INFO "ipv6 esp init: can't add protocol\n");
659
		xfrm_unregister_type(&esp6_type, AF_INET6);
660
		return -EAGAIN;
661
	}
662

663
	return 0;
664
}
665

666
static void __exit esp6_fini(void)
667
{
668
	if (inet6_del_protocol(&esp6_protocol, IPPROTO_ESP) < 0)
669
		printk(KERN_INFO "ipv6 esp close: can't remove protocol\n");
670
	if (xfrm_unregister_type(&esp6_type, AF_INET6) < 0)
671
		printk(KERN_INFO "ipv6 esp close: can't remove xfrm type\n");
672
}
673

674
module_init(esp6_init);
675
module_exit(esp6_fini);
676

677
MODULE_LICENSE("GPL");
678
MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_ESP);
679

680