ia64/linux-2.6.18-xen.hg

view drivers/net/ppp_mppe.c @ 897:329ea0ccb344

balloon: try harder to balloon up under memory pressure.

Currently if the balloon driver is unable to increase the guest's
reservation it assumes the failure was due to reaching its full
allocation, gives up on the ballooning operation and records the limit
it reached as the "hard limit". The driver will not try again until
the target is set again (even to the same value).

However it is possible that ballooning has in fact failed due to
memory pressure in the host and therefore it is desirable to keep
attempting to reach the target in case memory becomes available. The
most likely scenario is that some guests are ballooning down while
others are ballooning up and therefore there is temporary memory
pressure while things stabilise. You would not expect a well behaved
toolstack to ask a domain to balloon to more than its allocation nor
would you expect it to deliberately over-commit memory by setting
balloon targets which exceed the total host memory.

This patch drops the concept of a hard limit and causes the balloon
driver to retry increasing the reservation on a timer in the same
manner as when decreasing the reservation.

Also if we partially succeed in increasing the reservation
(i.e. receive less pages than we asked for) then we may as well keep
those pages rather than returning them to Xen.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Fri Jun 05 14:01:20 2009 +0100 (2009-06-05)
parents 831230e53067
children
line source
1 /*
2 * ppp_mppe.c - interface MPPE to the PPP code.
3 * This version is for use with Linux kernel 2.6.14+
4 *
5 * By Frank Cusack <fcusack@fcusack.com>.
6 * Copyright (c) 2002,2003,2004 Google, Inc.
7 * All rights reserved.
8 *
9 * License:
10 * Permission to use, copy, modify, and distribute this software and its
11 * documentation is hereby granted, provided that the above copyright
12 * notice appears in all copies. This software is provided without any
13 * warranty, express or implied.
14 *
15 * ALTERNATIVELY, provided that this notice is retained in full, this product
16 * may be distributed under the terms of the GNU General Public License (GPL),
17 * in which case the provisions of the GPL apply INSTEAD OF those given above.
18 *
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at your option) any later version.
23 *
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
28 *
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
32 *
33 *
34 * Changelog:
35 * 08/12/05 - Matt Domsch <Matt_Domsch@dell.com>
36 * Only need extra skb padding on transmit, not receive.
37 * 06/18/04 - Matt Domsch <Matt_Domsch@dell.com>, Oleg Makarenko <mole@quadra.ru>
38 * Use Linux kernel 2.6 arc4 and sha1 routines rather than
39 * providing our own.
40 * 2/15/04 - TS: added #include <version.h> and testing for Kernel
41 * version before using
42 * MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
43 * deprecated in 2.6
44 */
46 #include <linux/module.h>
47 #include <linux/kernel.h>
48 #include <linux/version.h>
49 #include <linux/init.h>
50 #include <linux/types.h>
51 #include <linux/slab.h>
52 #include <linux/string.h>
53 #include <linux/crypto.h>
54 #include <linux/mm.h>
55 #include <linux/ppp_defs.h>
56 #include <linux/ppp-comp.h>
57 #include <asm/scatterlist.h>
59 #include "ppp_mppe.h"
61 MODULE_AUTHOR("Frank Cusack <fcusack@fcusack.com>");
62 MODULE_DESCRIPTION("Point-to-Point Protocol Microsoft Point-to-Point Encryption support");
63 MODULE_LICENSE("Dual BSD/GPL");
64 MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
65 MODULE_VERSION("1.0.2");
67 static void
68 setup_sg(struct scatterlist *sg, const void *address, unsigned int length)
69 {
70 sg[0].page = virt_to_page(address);
71 sg[0].offset = offset_in_page(address);
72 sg[0].length = length;
73 }
75 #define SHA1_PAD_SIZE 40
77 /*
78 * kernel crypto API needs its arguments to be in kmalloc'd memory, not in the module
79 * static data area. That means sha_pad needs to be kmalloc'd.
80 */
82 struct sha_pad {
83 unsigned char sha_pad1[SHA1_PAD_SIZE];
84 unsigned char sha_pad2[SHA1_PAD_SIZE];
85 };
86 static struct sha_pad *sha_pad;
88 static inline void sha_pad_init(struct sha_pad *shapad)
89 {
90 memset(shapad->sha_pad1, 0x00, sizeof(shapad->sha_pad1));
91 memset(shapad->sha_pad2, 0xF2, sizeof(shapad->sha_pad2));
92 }
94 /*
95 * State for an MPPE (de)compressor.
96 */
97 struct ppp_mppe_state {
98 struct crypto_tfm *arc4;
99 struct crypto_tfm *sha1;
100 unsigned char *sha1_digest;
101 unsigned char master_key[MPPE_MAX_KEY_LEN];
102 unsigned char session_key[MPPE_MAX_KEY_LEN];
103 unsigned keylen; /* key length in bytes */
104 /* NB: 128-bit == 16, 40-bit == 8! */
105 /* If we want to support 56-bit, */
106 /* the unit has to change to bits */
107 unsigned char bits; /* MPPE control bits */
108 unsigned ccount; /* 12-bit coherency count (seqno) */
109 unsigned stateful; /* stateful mode flag */
110 int discard; /* stateful mode packet loss flag */
111 int sanity_errors; /* take down LCP if too many */
112 int unit;
113 int debug;
114 struct compstat stats;
115 };
117 /* struct ppp_mppe_state.bits definitions */
118 #define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
119 #define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
120 #define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
121 #define MPPE_BIT_D 0x10 /* This is an encrypted frame */
123 #define MPPE_BIT_FLUSHED MPPE_BIT_A
124 #define MPPE_BIT_ENCRYPTED MPPE_BIT_D
126 #define MPPE_BITS(p) ((p)[4] & 0xf0)
127 #define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
128 #define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
130 #define MPPE_OVHD 2 /* MPPE overhead/packet */
131 #define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
133 /*
134 * Key Derivation, from RFC 3078, RFC 3079.
135 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
136 */
137 static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
138 {
139 struct scatterlist sg[4];
141 setup_sg(&sg[0], state->master_key, state->keylen);
142 setup_sg(&sg[1], sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1));
143 setup_sg(&sg[2], state->session_key, state->keylen);
144 setup_sg(&sg[3], sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2));
146 crypto_digest_digest (state->sha1, sg, 4, state->sha1_digest);
148 memcpy(InterimKey, state->sha1_digest, state->keylen);
149 }
151 /*
152 * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
153 * Well, not what's written there, but rather what they meant.
154 */
155 static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
156 {
157 unsigned char InterimKey[MPPE_MAX_KEY_LEN];
158 struct scatterlist sg_in[1], sg_out[1];
160 get_new_key_from_sha(state, InterimKey);
161 if (!initial_key) {
162 crypto_cipher_setkey(state->arc4, InterimKey, state->keylen);
163 setup_sg(sg_in, InterimKey, state->keylen);
164 setup_sg(sg_out, state->session_key, state->keylen);
165 if (crypto_cipher_encrypt(state->arc4, sg_out, sg_in,
166 state->keylen) != 0) {
167 printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
168 }
169 } else {
170 memcpy(state->session_key, InterimKey, state->keylen);
171 }
172 if (state->keylen == 8) {
173 /* See RFC 3078 */
174 state->session_key[0] = 0xd1;
175 state->session_key[1] = 0x26;
176 state->session_key[2] = 0x9e;
177 }
178 crypto_cipher_setkey(state->arc4, state->session_key, state->keylen);
179 }
181 /*
182 * Allocate space for a (de)compressor.
183 */
184 static void *mppe_alloc(unsigned char *options, int optlen)
185 {
186 struct ppp_mppe_state *state;
187 unsigned int digestsize;
189 if (optlen != CILEN_MPPE + sizeof(state->master_key)
190 || options[0] != CI_MPPE || options[1] != CILEN_MPPE)
191 goto out;
193 state = (struct ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL);
194 if (state == NULL)
195 goto out;
197 memset(state, 0, sizeof(*state));
199 state->arc4 = crypto_alloc_tfm("arc4", 0);
200 if (!state->arc4)
201 goto out_free;
203 state->sha1 = crypto_alloc_tfm("sha1", 0);
204 if (!state->sha1)
205 goto out_free;
207 digestsize = crypto_tfm_alg_digestsize(state->sha1);
208 if (digestsize < MPPE_MAX_KEY_LEN)
209 goto out_free;
211 state->sha1_digest = kmalloc(digestsize, GFP_KERNEL);
212 if (!state->sha1_digest)
213 goto out_free;
215 /* Save keys. */
216 memcpy(state->master_key, &options[CILEN_MPPE],
217 sizeof(state->master_key));
218 memcpy(state->session_key, state->master_key,
219 sizeof(state->master_key));
221 /*
222 * We defer initial key generation until mppe_init(), as mppe_alloc()
223 * is called frequently during negotiation.
224 */
226 return (void *)state;
228 out_free:
229 if (state->sha1_digest)
230 kfree(state->sha1_digest);
231 if (state->sha1)
232 crypto_free_tfm(state->sha1);
233 if (state->arc4)
234 crypto_free_tfm(state->arc4);
235 kfree(state);
236 out:
237 return NULL;
238 }
240 /*
241 * Deallocate space for a (de)compressor.
242 */
243 static void mppe_free(void *arg)
244 {
245 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
246 if (state) {
247 if (state->sha1_digest)
248 kfree(state->sha1_digest);
249 if (state->sha1)
250 crypto_free_tfm(state->sha1);
251 if (state->arc4)
252 crypto_free_tfm(state->arc4);
253 kfree(state);
254 }
255 }
257 /*
258 * Initialize (de)compressor state.
259 */
260 static int
261 mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
262 const char *debugstr)
263 {
264 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
265 unsigned char mppe_opts;
267 if (optlen != CILEN_MPPE
268 || options[0] != CI_MPPE || options[1] != CILEN_MPPE)
269 return 0;
271 MPPE_CI_TO_OPTS(&options[2], mppe_opts);
272 if (mppe_opts & MPPE_OPT_128)
273 state->keylen = 16;
274 else if (mppe_opts & MPPE_OPT_40)
275 state->keylen = 8;
276 else {
277 printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr,
278 unit);
279 return 0;
280 }
281 if (mppe_opts & MPPE_OPT_STATEFUL)
282 state->stateful = 1;
284 /* Generate the initial session key. */
285 mppe_rekey(state, 1);
287 if (debug) {
288 int i;
289 char mkey[sizeof(state->master_key) * 2 + 1];
290 char skey[sizeof(state->session_key) * 2 + 1];
292 printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n",
293 debugstr, unit, (state->keylen == 16) ? 128 : 40,
294 (state->stateful) ? "stateful" : "stateless");
296 for (i = 0; i < sizeof(state->master_key); i++)
297 sprintf(mkey + i * 2, "%02x", state->master_key[i]);
298 for (i = 0; i < sizeof(state->session_key); i++)
299 sprintf(skey + i * 2, "%02x", state->session_key[i]);
300 printk(KERN_DEBUG
301 "%s[%d]: keys: master: %s initial session: %s\n",
302 debugstr, unit, mkey, skey);
303 }
305 /*
306 * Initialize the coherency count. The initial value is not specified
307 * in RFC 3078, but we can make a reasonable assumption that it will
308 * start at 0. Setting it to the max here makes the comp/decomp code
309 * do the right thing (determined through experiment).
310 */
311 state->ccount = MPPE_CCOUNT_SPACE - 1;
313 /*
314 * Note that even though we have initialized the key table, we don't
315 * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
316 */
317 state->bits = MPPE_BIT_ENCRYPTED;
319 state->unit = unit;
320 state->debug = debug;
322 return 1;
323 }
325 static int
326 mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
327 int hdrlen, int debug)
328 {
329 /* ARGSUSED */
330 return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
331 }
333 /*
334 * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
335 * tell the compressor to rekey. Note that we MUST NOT rekey for
336 * every CCP Reset-Request; we only rekey on the next xmit packet.
337 * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
338 * So, rekeying for every CCP Reset-Request is broken as the peer will not
339 * know how many times we've rekeyed. (If we rekey and THEN get another
340 * CCP Reset-Request, we must rekey again.)
341 */
342 static void mppe_comp_reset(void *arg)
343 {
344 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
346 state->bits |= MPPE_BIT_FLUSHED;
347 }
349 /*
350 * Compress (encrypt) a packet.
351 * It's strange to call this a compressor, since the output is always
352 * MPPE_OVHD + 2 bytes larger than the input.
353 */
354 static int
355 mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
356 int isize, int osize)
357 {
358 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
359 int proto;
360 struct scatterlist sg_in[1], sg_out[1];
362 /*
363 * Check that the protocol is in the range we handle.
364 */
365 proto = PPP_PROTOCOL(ibuf);
366 if (proto < 0x0021 || proto > 0x00fa)
367 return 0;
369 /* Make sure we have enough room to generate an encrypted packet. */
370 if (osize < isize + MPPE_OVHD + 2) {
371 /* Drop the packet if we should encrypt it, but can't. */
372 printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
373 "(have: %d need: %d)\n", state->unit,
374 osize, osize + MPPE_OVHD + 2);
375 return -1;
376 }
378 osize = isize + MPPE_OVHD + 2;
380 /*
381 * Copy over the PPP header and set control bits.
382 */
383 obuf[0] = PPP_ADDRESS(ibuf);
384 obuf[1] = PPP_CONTROL(ibuf);
385 obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */
386 obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */
387 obuf += PPP_HDRLEN;
389 state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
390 if (state->debug >= 7)
391 printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
392 state->ccount);
393 obuf[0] = state->ccount >> 8;
394 obuf[1] = state->ccount & 0xff;
396 if (!state->stateful || /* stateless mode */
397 ((state->ccount & 0xff) == 0xff) || /* "flag" packet */
398 (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
399 /* We must rekey */
400 if (state->debug && state->stateful)
401 printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n",
402 state->unit);
403 mppe_rekey(state, 0);
404 state->bits |= MPPE_BIT_FLUSHED;
405 }
406 obuf[0] |= state->bits;
407 state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
409 obuf += MPPE_OVHD;
410 ibuf += 2; /* skip to proto field */
411 isize -= 2;
413 /* Encrypt packet */
414 setup_sg(sg_in, ibuf, isize);
415 setup_sg(sg_out, obuf, osize);
416 if (crypto_cipher_encrypt(state->arc4, sg_out, sg_in, isize) != 0) {
417 printk(KERN_DEBUG "crypto_cypher_encrypt failed\n");
418 return -1;
419 }
421 state->stats.unc_bytes += isize;
422 state->stats.unc_packets++;
423 state->stats.comp_bytes += osize;
424 state->stats.comp_packets++;
426 return osize;
427 }
429 /*
430 * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
431 * to look bad ... and the longer the link is up the worse it will get.
432 */
433 static void mppe_comp_stats(void *arg, struct compstat *stats)
434 {
435 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
437 *stats = state->stats;
438 }
440 static int
441 mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
442 int hdrlen, int mru, int debug)
443 {
444 /* ARGSUSED */
445 return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
446 }
448 /*
449 * We received a CCP Reset-Ack. Just ignore it.
450 */
451 static void mppe_decomp_reset(void *arg)
452 {
453 /* ARGSUSED */
454 return;
455 }
457 /*
458 * Decompress (decrypt) an MPPE packet.
459 */
460 static int
461 mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
462 int osize)
463 {
464 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
465 unsigned ccount;
466 int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
467 int sanity = 0;
468 struct scatterlist sg_in[1], sg_out[1];
470 if (isize <= PPP_HDRLEN + MPPE_OVHD) {
471 if (state->debug)
472 printk(KERN_DEBUG
473 "mppe_decompress[%d]: short pkt (%d)\n",
474 state->unit, isize);
475 return DECOMP_ERROR;
476 }
478 /*
479 * Make sure we have enough room to decrypt the packet.
480 * Note that for our test we only subtract 1 byte whereas in
481 * mppe_compress() we added 2 bytes (+MPPE_OVHD);
482 * this is to account for possible PFC.
483 */
484 if (osize < isize - MPPE_OVHD - 1) {
485 printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
486 "(have: %d need: %d)\n", state->unit,
487 osize, isize - MPPE_OVHD - 1);
488 return DECOMP_ERROR;
489 }
490 osize = isize - MPPE_OVHD - 2; /* assume no PFC */
492 ccount = MPPE_CCOUNT(ibuf);
493 if (state->debug >= 7)
494 printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n",
495 state->unit, ccount);
497 /* sanity checks -- terminate with extreme prejudice */
498 if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
499 printk(KERN_DEBUG
500 "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
501 state->unit);
502 state->sanity_errors += 100;
503 sanity = 1;
504 }
505 if (!state->stateful && !flushed) {
506 printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
507 "stateless mode!\n", state->unit);
508 state->sanity_errors += 100;
509 sanity = 1;
510 }
511 if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
512 printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
513 "flag packet!\n", state->unit);
514 state->sanity_errors += 100;
515 sanity = 1;
516 }
518 if (sanity) {
519 if (state->sanity_errors < SANITY_MAX)
520 return DECOMP_ERROR;
521 else
522 /*
523 * Take LCP down if the peer is sending too many bogons.
524 * We don't want to do this for a single or just a few
525 * instances since it could just be due to packet corruption.
526 */
527 return DECOMP_FATALERROR;
528 }
530 /*
531 * Check the coherency count.
532 */
534 if (!state->stateful) {
535 /* RFC 3078, sec 8.1. Rekey for every packet. */
536 while (state->ccount != ccount) {
537 mppe_rekey(state, 0);
538 state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
539 }
540 } else {
541 /* RFC 3078, sec 8.2. */
542 if (!state->discard) {
543 /* normal state */
544 state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
545 if (ccount != state->ccount) {
546 /*
547 * (ccount > state->ccount)
548 * Packet loss detected, enter the discard state.
549 * Signal the peer to rekey (by sending a CCP Reset-Request).
550 */
551 state->discard = 1;
552 return DECOMP_ERROR;
553 }
554 } else {
555 /* discard state */
556 if (!flushed) {
557 /* ccp.c will be silent (no additional CCP Reset-Requests). */
558 return DECOMP_ERROR;
559 } else {
560 /* Rekey for every missed "flag" packet. */
561 while ((ccount & ~0xff) !=
562 (state->ccount & ~0xff)) {
563 mppe_rekey(state, 0);
564 state->ccount =
565 (state->ccount +
566 256) % MPPE_CCOUNT_SPACE;
567 }
569 /* reset */
570 state->discard = 0;
571 state->ccount = ccount;
572 /*
573 * Another problem with RFC 3078 here. It implies that the
574 * peer need not send a Reset-Ack packet. But RFC 1962
575 * requires it. Hopefully, M$ does send a Reset-Ack; even
576 * though it isn't required for MPPE synchronization, it is
577 * required to reset CCP state.
578 */
579 }
580 }
581 if (flushed)
582 mppe_rekey(state, 0);
583 }
585 /*
586 * Fill in the first part of the PPP header. The protocol field
587 * comes from the decrypted data.
588 */
589 obuf[0] = PPP_ADDRESS(ibuf); /* +1 */
590 obuf[1] = PPP_CONTROL(ibuf); /* +1 */
591 obuf += 2;
592 ibuf += PPP_HDRLEN + MPPE_OVHD;
593 isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */
594 /* net osize: isize-4 */
596 /*
597 * Decrypt the first byte in order to check if it is
598 * a compressed or uncompressed protocol field.
599 */
600 setup_sg(sg_in, ibuf, 1);
601 setup_sg(sg_out, obuf, 1);
602 if (crypto_cipher_decrypt(state->arc4, sg_out, sg_in, 1) != 0) {
603 printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
604 return DECOMP_ERROR;
605 }
607 /*
608 * Do PFC decompression.
609 * This would be nicer if we were given the actual sk_buff
610 * instead of a char *.
611 */
612 if ((obuf[0] & 0x01) != 0) {
613 obuf[1] = obuf[0];
614 obuf[0] = 0;
615 obuf++;
616 osize++;
617 }
619 /* And finally, decrypt the rest of the packet. */
620 setup_sg(sg_in, ibuf + 1, isize - 1);
621 setup_sg(sg_out, obuf + 1, osize - 1);
622 if (crypto_cipher_decrypt(state->arc4, sg_out, sg_in, isize - 1) != 0) {
623 printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
624 return DECOMP_ERROR;
625 }
627 state->stats.unc_bytes += osize;
628 state->stats.unc_packets++;
629 state->stats.comp_bytes += isize;
630 state->stats.comp_packets++;
632 /* good packet credit */
633 state->sanity_errors >>= 1;
635 return osize;
636 }
638 /*
639 * Incompressible data has arrived (this should never happen!).
640 * We should probably drop the link if the protocol is in the range
641 * of what should be encrypted. At the least, we should drop this
642 * packet. (How to do this?)
643 */
644 static void mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
645 {
646 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
648 if (state->debug &&
649 (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
650 printk(KERN_DEBUG
651 "mppe_incomp[%d]: incompressible (unencrypted) data! "
652 "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
654 state->stats.inc_bytes += icnt;
655 state->stats.inc_packets++;
656 state->stats.unc_bytes += icnt;
657 state->stats.unc_packets++;
658 }
660 /*************************************************************
661 * Module interface table
662 *************************************************************/
664 /*
665 * Procedures exported to if_ppp.c.
666 */
667 static struct compressor ppp_mppe = {
668 .compress_proto = CI_MPPE,
669 .comp_alloc = mppe_alloc,
670 .comp_free = mppe_free,
671 .comp_init = mppe_comp_init,
672 .comp_reset = mppe_comp_reset,
673 .compress = mppe_compress,
674 .comp_stat = mppe_comp_stats,
675 .decomp_alloc = mppe_alloc,
676 .decomp_free = mppe_free,
677 .decomp_init = mppe_decomp_init,
678 .decomp_reset = mppe_decomp_reset,
679 .decompress = mppe_decompress,
680 .incomp = mppe_incomp,
681 .decomp_stat = mppe_comp_stats,
682 .owner = THIS_MODULE,
683 .comp_extra = MPPE_PAD,
684 };
686 /*
687 * ppp_mppe_init()
688 *
689 * Prior to allowing load, try to load the arc4 and sha1 crypto
690 * libraries. The actual use will be allocated later, but
691 * this way the module will fail to insmod if they aren't available.
692 */
694 static int __init ppp_mppe_init(void)
695 {
696 int answer;
697 if (!(crypto_alg_available("arc4", 0) &&
698 crypto_alg_available("sha1", 0)))
699 return -ENODEV;
701 sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);
702 if (!sha_pad)
703 return -ENOMEM;
704 sha_pad_init(sha_pad);
706 answer = ppp_register_compressor(&ppp_mppe);
708 if (answer == 0)
709 printk(KERN_INFO "PPP MPPE Compression module registered\n");
710 else
711 kfree(sha_pad);
713 return answer;
714 }
716 static void __exit ppp_mppe_cleanup(void)
717 {
718 ppp_unregister_compressor(&ppp_mppe);
719 kfree(sha_pad);
720 }
722 module_init(ppp_mppe_init);
723 module_exit(ppp_mppe_cleanup);