9 files changed, 913 insertions, 203 deletions
diff --git a/src/libfreeswan/Makefile b/src/libfreeswan/Makefile
deleted file mode 100644
index 50a98b40d..000000000
--- a/src/libfreeswan/Makefile
+++ /dev/null
@@ -1,174 +0,0 @@
-# FreeS/WAN library
-# Copyright (C) 1998-2001  Henry Spencer.
-# 
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: Makefile,v 1.2 2004/03/22 21:53:17 as Exp $
-
-
-FREESWANSRCDIR=../..
-
-include ${FREESWANSRCDIR}/Makefile.inc
-include ${FREESWANSRCDIR}/Makefile.ver
-
-
-MANDIR=$(MANTREE)/man3
-
-SRCS=addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c \
-	atoasr.c atosa.c atosubnet.c atoul.c copyright.c datatot.c \
-	goodmask.c initaddr.c initsaid.c initsubnet.c keyblobtoid.c \
-	optionsfrom.c pfkey_v2_build.c pfkey_v2_ext_bits.c pfkey_v2_parse.c \
-	pfkey_v2_debug.c prng.c \
-	portof.c rangetoa.c rangetosubnet.c sameaddr.c \
-	satoa.c satot.c subnetof.c subnettoa.c subnettot.c \
-	subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c \
-	ttosa.c ttosubnet.c ttoul.c ultoa.c ultot.c 
-
-OBJS=${SRCS:.c=.o} version.o
-
-KLIPSD=${FREESWANSRCDIR}/linux/include
-SRCDIR=${FREESWANSRCDIR}/linux/lib/libfreeswan
-
-VPATH = ${SRCDIR}
-
-HDRS=${KLIPSD}/freeswan.h ${SRCDIR}/internal.h
-
-LIB=libfreeswan.a
-# Original flags
-CFLAGS=-I. -I${SRCDIR} -I${KLIPSD} -I${FREESWANSRCDIR} $(USERCOMPILE)
-CFLAGS+= -Wall
-#CFLAGS+= -Wconversion
-#CFLAGS+= -Wmissing-prototypes
-CFLAGS+= -Wpointer-arith
-CFLAGS+= -Wcast-qual
-#CFLAGS+= -Wmissing-declarations
-CFLAGS+= -Wstrict-prototypes
-#CFLAGS+= -pedantic
-#CFLAGS+= -W
-#CFLAGS+= -Wwrite-strings
-CFLAGS+= -Wbad-function-cast 
-CFLAGS+= -DNAT_TRAVERSAL
-
-
-ARFLAGS=crvs
-EXTHDRS=des.h
-EXTLIBS=libdes.a
-MANS=anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 \
-	initaddr.3 initsubnet.3 optionsfrom.3 portof.3 rangetosubnet.3 \
-	sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3
-
-.PHONY:	all install clean l t lt tar check depend checkprograms
-
-all:	$(LIB) 
-programs: $(LIB)
-
-install:
-	@mkdir -p $(MANDIR)
-	@for f in $(MANS) ; \
-	do \
-		$(INSTALL) $(INSTMANFLAGS) $(SRCDIR)/$$f $(MANDIR)/ipsec_$$f || exit 1 ; \
-	done
-	@$(FREESWANSRCDIR)/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \
-	while read from to; \
-	do \
-		ln -s -f ipsec_$$from $(MANDIR)/$$to; \
-	done
-
-
-install_file_list:
-	@for f in $(MANS) ; \
-	do \
-		echo $(MANDIR)/ipsec_$$f;\
-	done;
-	@$(FREESWANSRCDIR)/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \
-	while read from to; \
-	do \
-		echo $(MANDIR)/$$to; \
-	done
-
-$(LIB):	$(OBJS)
-	$(AR) $(ARFLAGS) $(LIB) $(OBJS)
-
-$(OBJS):	$(HDRS)
-
-# build version.c using version number from Makefile.ver
-version.c:	${SRCDIR}/version.in.c ${FREESWANSRCDIR}/Makefile.ver
-	sed '/"/s/xxx/$(IPSECVERSION)/' ${SRCDIR}/version.in.c >$@
-
-#libdes.a:	../libdes/libdes.a
-#	ln -f -s ../libdes/libdes.a
-#
-# yes, that's CFLAG=, not CFLAGS=
-#../libdes/libdes.a:
-#	cd ../libdes ; \
-#	if test " `arch | sed 's/^i[3456]/x/'`" = " x86" ; \
-#	then $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' TESTING='' x86-elf ; \
-#	else $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' libdes.a ; \
-#	fi
-
-clean:
-	rm -f $(LIB) *.o try* core *.core $(EXTHDRS) $(EXTLIBS) version.c
-
-
-# developer-only stuff
-l:
-	$(MAKE) $(LIB) ARFLAGS=crv CFLAGS=-O
-	$(RANLIB) $(LIB)
-
-t:	$(LIB) 
-	ln -f -s ${SRCDIR}/atosubnet.c try.c
-	${CC} ${CFLAGS} -DATOSUBNET_MAIN try.c $(LIB) -o try
-	./try -r
-	ln -f -s ${SRCDIR}/ttosubnet.c try1a.c
-	${CC} ${CFLAGS} -DTTOSUBNET_MAIN try1a.c $(LIB) -o try1a
-	./try1a -r
-	ln -f -s ${SRCDIR}/ttodata.c try2.c
-	${CC} ${CFLAGS} -DTTODATA_MAIN try2.c $(LIB) -o try2
-	./try2 -r
-	ln -f -s ${SRCDIR}/atoasr.c try3.c
-	${CC} ${CFLAGS} -DATOASR_MAIN try3.c $(LIB) -o try3
-	./try3 -r
-	ln -f -s ${SRCDIR}/atosa.c try4.c
-	${CC} ${CFLAGS} -DATOSA_MAIN try4.c $(LIB) -o try4
-	./try4 -r
-	ln -f -s ${SRCDIR}/ttosa.c try4a.c
-	${CC} ${CFLAGS} -DTTOSA_MAIN try4a.c $(LIB) -o try4a
-	./try4a -r
-	ln -f -s ${SRCDIR}/rangetosubnet.c try6.c
-	${CC} ${CFLAGS} -DRANGETOSUBNET_MAIN try6.c $(LIB) -o try6
-	./try6 -r
-	ln -f -s ${SRCDIR}/addrtot.c try7.c
-	${CC} ${CFLAGS} -DADDRTOT_MAIN try7.c $(LIB) -o try7
-	./try7 -r
-
-lt:	$(LIB)
-	$(MAKE) t
-	cp optionsfrom.c try5.c
-	cc -DTEST try5.c $(LIB) -o try5
-	echo --foo --bar >try5in1
-	echo --optionsfrom >>try5in1
-	echo try5in2 >>try5in1
-	echo --foo >try5in2
-	./try5 --foo --bar --optionsfrom try5in1 --bar something
-
-tar:	clean
-	tar -cvf /tmp/lib.tar Makefile [a-z]*
-
-check:
-	echo no checks in lib right now.
-
-depend:
-	makedepend -Y -- $(CFLAGS) -- $(SRCS)
-
-checkprograms:
-
-# DO NOT DELETE
-
diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am
new file mode 100644
index 000000000..83f439574
--- /dev/null
+++ b/src/libfreeswan/Makefile.am
@@ -0,0 +1,20 @@
+noinst_LIBRARIES = libfreeswan.a
+libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \
+			atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \
+			goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipcomp.h \
+			ipsec_ah.h ipsec_alg.h ipsec_encap.h ipsec_eroute.h ipsec_errs.h \
+			ipsec_esp.h ipsec_ipe4.h ipsec_kversion.h ipsec_life.h ipsec_md5h.h \
+			ipsec_param.h ipsec_policy.h ipsec_proto.h ipsec_radij.h ipsec_rcv.h \
+			ipsec_sa.h ipsec_sha1.h ipsec_stats.h ipsec_tunnel.h ipsec_xform.h \
+			ipsec_xmit.h  keyblobtoid.c optionsfrom.c pfkey_v2_build.c pfkey_v2_debug.c \
+			pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c radij.h rangetoa.c \
+			pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \
+			satot.c subnetof.c subnettoa.c subnettot.c \
+			subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \
+			ultoa.c ultot.c version.c
+INCLUDES = -I$(top_srcdir)/src/pluto
+AM_CFLAGS = -DNAT_TRAVERSAL
+dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \
+                 keyblobtoid.3 optionsfrom.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
+                 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3
+
diff --git a/src/libfreeswan/Makefile.objs b/src/libfreeswan/Makefile.objs
deleted file mode 100644
index 41a89dba9..000000000
--- a/src/libfreeswan/Makefile.objs
+++ /dev/null
@@ -1,18 +0,0 @@
-obj-y += ultoa.o 
-obj-y += addrtoa.o 
-obj-y += subnettoa.o 
-obj-y += subnetof.o 
-obj-y += goodmask.o 
-obj-y += datatot.o 
-obj-y += rangetoa.o 
-obj-y += satoa.o 
-obj-y += prng.o 
-obj-y += pfkey_v2_parse.o 
-obj-y += pfkey_v2_build.o 
-obj-y += pfkey_v2_debug.o 
-obj-y += pfkey_v2_ext_bits.o 
-obj-y += version.o
-
-
-version.c:	${LIBFREESWANDIR}/version.in.c ${FREESWANSRCDIR}/Makefile.ver
-	sed '/"/s/xxx/$(IPSECVERSION)/' ${LIBFREESWANDIR}/version.in.c >$@
diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h
index 4ef948b0a..ee2182554 100644
--- a/src/libfreeswan/freeswan.h
+++ b/src/libfreeswan/freeswan.h
@@ -43,7 +43,7 @@
 
 #endif /* __KERNEL__ */
 
-#include <freeswan/ipsec_param.h>
+#include <ipsec_param.h>
 
 
 /*
diff --git a/src/libfreeswan/pfkey.h b/src/libfreeswan/pfkey.h
new file mode 100644
index 000000000..f858cd95e
--- /dev/null
+++ b/src/libfreeswan/pfkey.h
@@ -0,0 +1,498 @@
+/*
+ * FreeS/WAN specific PF_KEY headers
+ * Copyright (C) 1999, 2000, 2001  Richard Guy Briggs.
+ * 
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: pfkey.h,v 1.2 2004/03/22 21:53:18 as Exp $
+ */
+
+#ifndef __NET_IPSEC_PF_KEY_H
+#define __NET_IPSEC_PF_KEY_H
+#ifdef __KERNEL__
+extern struct proto_ops pfkey_proto_ops;
+typedef struct sock pfkey_sock;
+extern int debug_pfkey;
+
+extern /* void */ int pfkey_init(void);
+extern /* void */ int pfkey_cleanup(void);
+
+extern struct sock *pfkey_sock_list;
+struct socket_list
+{
+	struct socket *socketp;
+	struct socket_list *next;
+};
+extern int pfkey_list_insert_socket(struct socket*, struct socket_list**);
+extern int pfkey_list_remove_socket(struct socket*, struct socket_list**);
+extern struct socket_list *pfkey_open_sockets;
+extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1];
+
+/* 
+ *	There is a field-by-field copy in klips/net/ipsec/ipsec_alg.h
+ *	please keep in sync until we migrate all support stuff
+ *	to ipsec_alg objects
+ */
+struct supported
+{
+	uint16_t supported_alg_exttype;
+	uint8_t supported_alg_id;
+	uint8_t supported_alg_ivlen;
+	uint16_t supported_alg_minbits;
+	uint16_t supported_alg_maxbits;
+};
+extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
+struct supported_list
+{
+	struct supported *supportedp;
+	struct supported_list *next;
+};
+extern int pfkey_list_insert_supported(struct supported*, struct supported_list**);
+extern int pfkey_list_remove_supported(struct supported*, struct supported_list**);
+
+struct sockaddr_key
+{
+	uint16_t	key_family;	/* PF_KEY */
+	uint16_t	key_pad;	/* not used */
+	uint32_t	key_pid;	/* process ID */
+};
+
+struct pfkey_extracted_data
+{
+	struct ipsec_sa* ips;
+	struct ipsec_sa* ips2;
+	struct eroute *eroute;
+};
+
+extern int
+pfkey_alloc_eroute(struct eroute** eroute);
+
+extern int
+pfkey_sa_process(struct sadb_ext *pfkey_ext,
+		 struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_lifetime_process(struct sadb_ext *pfkey_ext,
+		       struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_address_process(struct sadb_ext *pfkey_ext,
+		      struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_key_process(struct sadb_ext *pfkey_ext,
+		  struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_ident_process(struct sadb_ext *pfkey_ext,
+		    struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_sens_process(struct sadb_ext *pfkey_ext,
+		   struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_prop_process(struct sadb_ext *pfkey_ext,
+		   struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_supported_process(struct sadb_ext *pfkey_ext,
+			struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_spirange_process(struct sadb_ext *pfkey_ext,
+		       struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext,
+			  struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_x_satype_process(struct sadb_ext *pfkey_ext,
+		       struct pfkey_extracted_data* extr);
+
+extern int
+pfkey_x_debug_process(struct sadb_ext *pfkey_ext,
+		      struct pfkey_extracted_data* extr);
+
+extern int pfkey_register_reply(int satype, struct sadb_msg *);
+extern int pfkey_upmsg(struct socket *, struct sadb_msg *);
+extern int pfkey_expire(struct ipsec_sa *, int);
+extern int pfkey_acquire(struct ipsec_sa *);
+#else /* ! __KERNEL__ */
+
+extern void (*pfkey_debug_func)(const char *message, ...);
+
+#endif /* __KERNEL__ */
+
+extern uint8_t satype2proto(uint8_t satype);
+extern uint8_t proto2satype(uint8_t proto);
+extern char* satype2name(uint8_t satype);
+extern char* proto2name(uint8_t proto);
+
+struct key_opt
+{
+	uint32_t	key_pid;	/* process ID */
+	struct sock	*sk;
+};
+
+#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid
+
+#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t))
+#define BITS_PER_OCTET 8
+#define OCTETBITS 8
+#define PFKEYBITS 64
+#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */
+#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */
+
+#define PFKEYv2_MAX_MSGSIZE 4096
+
+/*
+ * PF_KEYv2 permitted and required extensions in and out bitmaps
+ */
+struct pf_key_ext_parsers_def {
+	int  (*parser)(struct sadb_ext*);
+	char  *parser_name;
+};
+
+
+extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/];
+#define EXT_BITS_IN 0
+#define EXT_BITS_OUT 1
+#define EXT_BITS_PERM 0
+#define EXT_BITS_REQ 1
+
+extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
+extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]);
+extern void pfkey_msg_free(struct sadb_msg **pfkey_msg);
+
+extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg,
+			   struct pf_key_ext_parsers_def *ext_parsers[],
+			   struct sadb_ext **extensions,
+			   int dir);
+
+/*
+ * PF_KEYv2 build function prototypes
+ */
+
+int
+pfkey_msg_hdr_build(struct sadb_ext**	pfkey_ext,
+		    uint8_t		msg_type,
+		    uint8_t		satype,
+		    uint8_t		msg_errno,
+		    uint32_t		seq,
+		    uint32_t		pid);
+
+int
+pfkey_sa_ref_build(struct sadb_ext **	pfkey_ext,
+	       uint16_t			exttype,
+	       uint32_t			spi, /* in network order */
+	       uint8_t			replay_window,
+	       uint8_t			sa_state,
+	       uint8_t			auth,
+	       uint8_t			encrypt,
+	       uint32_t			flags,
+	       uint32_t/*IPsecSAref_t*/	ref);
+
+int
+pfkey_sa_build(struct sadb_ext **	pfkey_ext,
+	       uint16_t			exttype,
+	       uint32_t			spi, /* in network order */
+	       uint8_t			replay_window,
+	       uint8_t			sa_state,
+	       uint8_t			auth,
+	       uint8_t			encrypt,
+	       uint32_t			flags);
+
+int
+pfkey_lifetime_build(struct sadb_ext **	pfkey_ext,
+		     uint16_t		exttype,
+		     uint32_t		allocations,
+		     uint64_t		bytes,
+		     uint64_t		addtime,
+		     uint64_t		usetime,
+		     uint32_t		packets);
+
+int
+pfkey_address_build(struct sadb_ext**	pfkey_ext,
+		    uint16_t		exttype,
+		    uint8_t		proto,
+		    uint8_t		prefixlen,
+		    struct sockaddr*	address);
+
+int
+pfkey_key_build(struct sadb_ext**	pfkey_ext,
+		uint16_t		exttype,
+		uint16_t		key_bits,
+		char*			key);
+
+int
+pfkey_ident_build(struct sadb_ext**	pfkey_ext,
+		  uint16_t		exttype,
+		  uint16_t		ident_type,
+		  uint64_t		ident_id,
+		  uint8_t               ident_len,
+		  char*			ident_string);
+
+#ifdef NAT_TRAVERSAL
+#ifdef __KERNEL__
+extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16);
+extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
+extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr);
+#endif /* __KERNEL__ */
+int
+pfkey_x_nat_t_type_build(struct sadb_ext**  pfkey_ext,
+            uint8_t         type);
+int
+pfkey_x_nat_t_port_build(struct sadb_ext**  pfkey_ext,
+            uint16_t         exttype,
+            uint16_t         port);
+#endif
+
+int
+pfkey_sens_build(struct sadb_ext**	pfkey_ext,
+		 uint32_t		dpd,
+		 uint8_t		sens_level,
+		 uint8_t		sens_len,
+		 uint64_t*		sens_bitmap,
+		 uint8_t		integ_level,
+		 uint8_t		integ_len,
+		 uint64_t*		integ_bitmap);
+
+int pfkey_x_protocol_build(struct sadb_ext **, uint8_t);
+
+
+int
+pfkey_prop_build(struct sadb_ext**	pfkey_ext,
+		 uint8_t		replay,
+		 unsigned int		comb_num,
+		 struct sadb_comb*	comb);
+
+int
+pfkey_supported_build(struct sadb_ext**	pfkey_ext,
+		      uint16_t		exttype,
+		      unsigned int	alg_num,
+		      struct sadb_alg*	alg);
+
+int
+pfkey_spirange_build(struct sadb_ext**	pfkey_ext,
+		     uint16_t		exttype,
+		     uint32_t		min,
+		     uint32_t		max);
+
+int
+pfkey_x_kmprivate_build(struct sadb_ext**	pfkey_ext);
+
+int
+pfkey_x_satype_build(struct sadb_ext**	pfkey_ext,
+		     uint8_t		satype);
+
+int
+pfkey_x_debug_build(struct sadb_ext**	pfkey_ext,
+		    uint32_t            tunnel,
+		    uint32_t		netlink,
+		    uint32_t		xform,
+		    uint32_t		eroute,
+		    uint32_t		spi,
+		    uint32_t		radij,
+		    uint32_t		esp,
+		    uint32_t		ah,
+		    uint32_t		rcv,
+		    uint32_t            pfkey,
+		    uint32_t            ipcomp,
+		    uint32_t            verbose);
+
+int
+pfkey_msg_build(struct sadb_msg**	pfkey_msg,
+		struct sadb_ext*	extensions[],
+		int			dir);
+
+/* in pfkey_v2_debug.c - routines to decode numbers -> strings */
+const char *
+pfkey_v2_sadb_ext_string(int extnum);
+
+const char *
+pfkey_v2_sadb_type_string(int sadb_type);
+
+
+#endif /* __NET_IPSEC_PF_KEY_H */
+
+/*
+ * $Log: pfkey.h,v $
+ * Revision 1.2  2004/03/22 21:53:18  as
+ * merged alg-0.8.1 branch with HEAD
+ *
+ * Revision 1.1.2.1.2.1  2004/03/16 09:48:18  as
+ * alg-0.8.1rc12 patch merged
+ *
+ * Revision 1.1.2.1  2004/03/15 22:30:06  as
+ * nat-0.6c patch merged
+ *
+ * Revision 1.1  2004/03/15 20:35:25  as
+ * added files from freeswan-2.04-x509-1.5.3
+ *
+ * Revision 1.42  2003/08/25 22:08:19  mcr
+ * 	removed pfkey_proto_init() from pfkey.h for 2.6 support.
+ *
+ * Revision 1.41  2003/05/07 17:28:57  mcr
+ * 	new function pfkey_debug_func added for us in debugging from
+ * 	pfkey library.
+ *
+ * Revision 1.40  2003/01/30 02:31:34  rgb
+ *
+ * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
+ *
+ * Revision 1.39  2002/09/20 15:40:21  rgb
+ * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc().
+ * Added ref parameter to pfkey_sa_build().
+ * Cleaned out unused cruft.
+ *
+ * Revision 1.38  2002/05/14 02:37:24  rgb
+ * Change all references to tdb, TDB or Tunnel Descriptor Block to ips,
+ * ipsec_sa or ipsec_sa.
+ * Added function prototypes for the functions moved to
+ * pfkey_v2_ext_process.c.
+ *
+ * Revision 1.37  2002/04/24 07:36:49  mcr
+ * Moved from ./lib/pfkey.h,v
+ *
+ * Revision 1.36  2002/01/20 20:34:49  mcr
+ * 	added pfkey_v2_sadb_type_string to decode sadb_type to string.
+ *
+ * Revision 1.35  2001/11/27 05:27:47  mcr
+ * 	pfkey parses are now maintained by a structure
+ * 	that includes their name for debug purposes.
+ *
+ * Revision 1.34  2001/11/26 09:23:53  rgb
+ * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
+ *
+ * Revision 1.33  2001/11/06 19:47:47  rgb
+ * Added packet parameter to lifetime and comb structures.
+ *
+ * Revision 1.32  2001/09/08 21:13:34  rgb
+ * Added pfkey ident extension support for ISAKMPd. (NetCelo)
+ *
+ * Revision 1.31  2001/06/14 19:35:16  rgb
+ * Update copyright date.
+ *
+ * Revision 1.30  2001/02/27 07:04:52  rgb
+ * Added satype2name prototype.
+ *
+ * Revision 1.29  2001/02/26 19:59:33  rgb
+ * Ditch unused sadb_satype2proto[], replaced by satype2proto().
+ *
+ * Revision 1.28  2000/10/10 20:10:19  rgb
+ * Added support for debug_ipcomp and debug_verbose to klipsdebug.
+ *
+ * Revision 1.27  2000/09/21 04:20:45  rgb
+ * Fixed array size off-by-one error.  (Thanks Svenning!)
+ *
+ * Revision 1.26  2000/09/12 03:26:05  rgb
+ * Added pfkey_acquire prototype.
+ *
+ * Revision 1.25  2000/09/08 19:21:28  rgb
+ * Fix pfkey_prop_build() parameter to be only single indirection.
+ *
+ * Revision 1.24  2000/09/01 18:46:42  rgb
+ * Added a supported algorithms array lists, one per satype and registered
+ * existing algorithms.
+ * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
+ * list.
+ *
+ * Revision 1.23  2000/08/27 01:55:26  rgb
+ * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code.
+ *
+ * Revision 1.22  2000/08/20 21:39:23  rgb
+ * Added kernel prototypes for kernel funcitions pfkey_upmsg() and
+ * pfkey_expire().
+ *
+ * Revision 1.21  2000/08/15 17:29:23  rgb
+ * Fixes from SZI to untested pfkey_prop_build().
+ *
+ * Revision 1.20  2000/05/10 20:14:19  rgb
+ * Fleshed out sensitivity, proposal and supported extensions.
+ *
+ * Revision 1.19  2000/03/16 14:07:23  rgb
+ * Renamed ALIGN macro to avoid fighting with others in kernel.
+ *
+ * Revision 1.18  2000/01/22 23:24:06  rgb
+ * Added prototypes for proto2satype(), satype2proto() and proto2name().
+ *
+ * Revision 1.17  2000/01/21 06:26:59  rgb
+ * Converted from double tdb arguments to one structure (extr)
+ * containing pointers to all temporary information structures.
+ * Added klipsdebug switching capability.
+ * Dropped unused argument to pfkey_x_satype_build().
+ *
+ * Revision 1.16  1999/12/29 21:17:41  rgb
+ * Changed pfkey_msg_build() I/F to include a struct sadb_msg**
+ * parameter for cleaner manipulation of extensions[] and to guard
+ * against potential memory leaks.
+ * Changed the I/F to pfkey_msg_free() for the same reason.
+ *
+ * Revision 1.15  1999/12/09 23:12:54  rgb
+ * Added macro for BITS_PER_OCTET.
+ * Added argument to pfkey_sa_build() to do eroutes.
+ *
+ * Revision 1.14  1999/12/08 20:33:25  rgb
+ * Changed sa_family_t to uint16_t for 2.0.xx compatibility.
+ *
+ * Revision 1.13  1999/12/07 19:53:40  rgb
+ * Removed unused first argument from extension parsers.
+ * Changed __u* types to uint* to avoid use of asm/types.h and
+ * sys/types.h in userspace code.
+ * Added function prototypes for pfkey message and extensions
+ * initialisation and cleanup.
+ *
+ * Revision 1.12  1999/12/01 22:19:38  rgb
+ * Change pfkey_sa_build to accept an SPI in network byte order.
+ *
+ * Revision 1.11  1999/11/27 11:55:26  rgb
+ * Added extern sadb_satype2proto to enable moving protocol lookup table
+ * to lib/pfkey_v2_parse.c.
+ * Delete unused, moved typedefs.
+ * Add argument to pfkey_msg_parse() for direction.
+ * Consolidated the 4 1-d extension bitmap arrays into one 4-d array.
+ *
+ * Revision 1.10  1999/11/23 22:29:21  rgb
+ * This file has been moved in the distribution from klips/net/ipsec to
+ * lib.
+ * Add macros for dealing with alignment and rounding up more opaquely.
+ * The uint<n>_t type defines have been moved to freeswan.h to avoid
+ * chicken-and-egg problems.
+ * Add macros for dealing with alignment and rounding up more opaque.
+ * Added prototypes for using extention header bitmaps.
+ * Added prototypes of all the build functions.
+ *
+ * Revision 1.9  1999/11/20 21:59:48  rgb
+ * Moved socketlist type declarations and prototypes for shared use.
+ * Slightly modified scope of sockaddr_key declaration.
+ *
+ * Revision 1.8  1999/11/17 14:34:25  rgb
+ * Protect sa_family_t from being used in userspace with GLIBC<2.
+ *
+ * Revision 1.7  1999/10/27 19:40:35  rgb
+ * Add a maximum PFKEY packet size macro.
+ *
+ * Revision 1.6  1999/10/26 16:58:58  rgb
+ * Created a sockaddr_key and key_opt socket extension structures.
+ *
+ * Revision 1.5  1999/06/10 05:24:41  rgb
+ * Renamed variables to reduce confusion.
+ *
+ * Revision 1.4  1999/04/29 15:21:11  rgb
+ * Add pfkey support to debugging.
+ * Add return values to init and cleanup functions.
+ *
+ * Revision 1.3  1999/04/15 17:58:07  rgb
+ * Add RCSID labels.
+ *
+ */
diff --git a/src/libfreeswan/pfkey_v2_build.c b/src/libfreeswan/pfkey_v2_build.c
index be58c552f..195add1c4 100644
--- a/src/libfreeswan/pfkey_v2_build.c
+++ b/src/libfreeswan/pfkey_v2_build.c
@@ -87,7 +87,7 @@ void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1);
          KLIPS_PRINT(debug_pfkey, "klips_debug:" args)
 #endif /* __KERNEL__ */
 
-#include "freeswan/ipsec_sa.h"  /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */
+#include "ipsec_sa.h"  /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */
 
 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
 
diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c
index 5d1f5a3d8..9025654a2 100644
--- a/src/libfreeswan/pfkey_v2_parse.c
+++ b/src/libfreeswan/pfkey_v2_parse.c
@@ -49,9 +49,9 @@ char pfkey_v2_parse_c_version[] = "$Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:
 # endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
 extern int debug_pfkey;
 
-# include <freeswan.h>
+# include freeswan.h"
 
-#include "freeswan/ipsec_encap.h"
+#include "ipsec_encap.h"
 
 #else /* __KERNEL__ */
 
@@ -60,9 +60,9 @@ extern int debug_pfkey;
 # include <linux/errno.h>
 
 # include <freeswan.h>
-# include "src/pluto/constants.h" 
-# include "src/pluto/defs.h"  /* for PRINTF_LIKE */
-# include "src/pluto/log.h"  /* for debugging and DBG_log */
+# include <constants.h>
+# include <defs.h>  /* for PRINTF_LIKE */
+# include <log.h>  /* for debugging and DBG_log */
 
 /* #define PLUTO */
 
@@ -86,7 +86,7 @@ extern int sysctl_ipsec_debug_verbose;
 		 || (sysctl_ipsec_debug_verbose && (debug_pfkey & level & PF_KEY_DEBUG_PARSE_FLOW))) \
  		, "klips_debug:" args)
 #endif /* __KERNEL__ */
-#include "freeswan/ipsec_sa.h"  /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */
+#include "ipsec_sa.h"  /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */
 
 
 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h
new file mode 100644
index 000000000..48579e27a
--- /dev/null
+++ b/src/libfreeswan/pfkeyv2.h
@@ -0,0 +1,385 @@
+/*
+ * RCSID $Id: pfkeyv2.h,v 1.5 2004/10/04 22:43:56 as Exp $
+ */
+
+/*
+RFC 2367               PF_KEY Key Management API               July 1998
+
+
+Appendix D: Sample Header File
+
+This file defines structures and symbols for the PF_KEY Version 2
+key management interface. It was written at the U.S. Naval Research
+Laboratory. This file is in the public domain. The authors ask that
+you leave this credit intact on any copies of this file.
+*/
+#ifndef __PFKEY_V2_H
+#define __PFKEY_V2_H 1
+
+#define PF_KEY_V2 2
+#define PFKEYV2_REVISION        199806L
+
+#define SADB_RESERVED    0
+#define SADB_GETSPI      1
+#define SADB_UPDATE      2
+#define SADB_ADD         3
+#define SADB_DELETE      4
+#define SADB_GET         5
+#define SADB_ACQUIRE     6
+#define SADB_REGISTER    7
+#define SADB_EXPIRE      8
+#define SADB_FLUSH       9
+#define SADB_DUMP       10
+#define SADB_X_PROMISC  11
+#define SADB_X_PCHANGE  12
+#define SADB_X_GRPSA    13
+#define SADB_X_ADDFLOW	14
+#define SADB_X_DELFLOW	15
+#define SADB_X_DEBUG	16
+#ifdef NAT_TRAVERSAL
+#define SADB_X_NAT_T_NEW_MAPPING  17
+#define SADB_MAX                  17
+#else
+#define SADB_MAX        16
+#endif
+
+struct sadb_msg {
+  uint8_t sadb_msg_version;
+  uint8_t sadb_msg_type;
+  uint8_t sadb_msg_errno;
+  uint8_t sadb_msg_satype;
+  uint16_t sadb_msg_len;
+  uint16_t sadb_msg_reserved;
+  uint32_t sadb_msg_seq;
+  uint32_t sadb_msg_pid;
+};
+
+struct sadb_ext {
+  uint16_t sadb_ext_len;
+  uint16_t sadb_ext_type;
+};
+
+struct sadb_sa {
+  uint16_t sadb_sa_len;
+  uint16_t sadb_sa_exttype;
+  uint32_t sadb_sa_spi;
+  uint8_t sadb_sa_replay;
+  uint8_t sadb_sa_state;
+  uint8_t sadb_sa_auth;
+  uint8_t sadb_sa_encrypt;
+  uint32_t sadb_sa_flags;
+  uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */
+  uint8_t sadb_x_reserved[4];
+};
+
+struct sadb_sa_v1 {
+  uint16_t sadb_sa_len;
+  uint16_t sadb_sa_exttype;
+  uint32_t sadb_sa_spi;
+  uint8_t sadb_sa_replay;
+  uint8_t sadb_sa_state;
+  uint8_t sadb_sa_auth;
+  uint8_t sadb_sa_encrypt;
+  uint32_t sadb_sa_flags;
+};
+
+struct sadb_lifetime {
+  uint16_t sadb_lifetime_len;
+  uint16_t sadb_lifetime_exttype;
+  uint32_t sadb_lifetime_allocations;
+  uint64_t sadb_lifetime_bytes;
+  uint64_t sadb_lifetime_addtime;
+  uint64_t sadb_lifetime_usetime;
+  uint32_t sadb_x_lifetime_packets;
+  uint32_t sadb_x_lifetime_reserved;
+};
+
+struct sadb_address {
+  uint16_t sadb_address_len;
+  uint16_t sadb_address_exttype;
+  uint8_t sadb_address_proto;
+  uint8_t sadb_address_prefixlen;
+  uint16_t sadb_address_reserved;
+};
+
+struct sadb_key {
+  uint16_t sadb_key_len;
+  uint16_t sadb_key_exttype;
+  uint16_t sadb_key_bits;
+  uint16_t sadb_key_reserved;
+};
+
+struct sadb_ident {
+  uint16_t sadb_ident_len;
+  uint16_t sadb_ident_exttype;
+  uint16_t sadb_ident_type;
+  uint16_t sadb_ident_reserved;
+  uint64_t sadb_ident_id;
+};
+
+struct sadb_sens {
+  uint16_t sadb_sens_len;
+  uint16_t sadb_sens_exttype;
+  uint32_t sadb_sens_dpd;
+  uint8_t sadb_sens_sens_level;
+  uint8_t sadb_sens_sens_len;
+  uint8_t sadb_sens_integ_level;
+  uint8_t sadb_sens_integ_len;
+  uint32_t sadb_sens_reserved;
+};
+
+struct sadb_prop {
+  uint16_t sadb_prop_len;
+  uint16_t sadb_prop_exttype;
+  uint8_t sadb_prop_replay;
+  uint8_t sadb_prop_reserved[3];
+};
+
+struct sadb_comb {
+  uint8_t sadb_comb_auth;
+  uint8_t sadb_comb_encrypt;
+  uint16_t sadb_comb_flags;
+  uint16_t sadb_comb_auth_minbits;
+  uint16_t sadb_comb_auth_maxbits;
+  uint16_t sadb_comb_encrypt_minbits;
+  uint16_t sadb_comb_encrypt_maxbits;
+  uint32_t sadb_comb_reserved;
+  uint32_t sadb_comb_soft_allocations;
+  uint32_t sadb_comb_hard_allocations;
+  uint64_t sadb_comb_soft_bytes;
+  uint64_t sadb_comb_hard_bytes;
+  uint64_t sadb_comb_soft_addtime;
+  uint64_t sadb_comb_hard_addtime;
+  uint64_t sadb_comb_soft_usetime;
+  uint64_t sadb_comb_hard_usetime;
+  uint32_t sadb_x_comb_soft_packets;
+  uint32_t sadb_x_comb_hard_packets;
+};
+
+struct sadb_supported {
+  uint16_t sadb_supported_len;
+  uint16_t sadb_supported_exttype;
+  uint32_t sadb_supported_reserved;
+};
+
+struct sadb_alg {
+  uint8_t sadb_alg_id;
+  uint8_t sadb_alg_ivlen;
+  uint16_t sadb_alg_minbits;
+  uint16_t sadb_alg_maxbits;
+  uint16_t sadb_alg_reserved;
+};
+
+struct sadb_spirange {
+  uint16_t sadb_spirange_len;
+  uint16_t sadb_spirange_exttype;
+  uint32_t sadb_spirange_min;
+  uint32_t sadb_spirange_max;
+  uint32_t sadb_spirange_reserved;
+};
+
+struct sadb_x_kmprivate {
+  uint16_t sadb_x_kmprivate_len;
+  uint16_t sadb_x_kmprivate_exttype;
+  uint32_t sadb_x_kmprivate_reserved;
+};
+
+struct sadb_x_satype {
+  uint16_t sadb_x_satype_len;
+  uint16_t sadb_x_satype_exttype;
+  uint8_t sadb_x_satype_satype;
+  uint8_t sadb_x_satype_reserved[3];
+};
+  
+struct sadb_x_policy {
+  uint16_t sadb_x_policy_len;
+  uint16_t sadb_x_policy_exttype;
+  uint16_t sadb_x_policy_type;
+  uint8_t sadb_x_policy_dir;
+  uint8_t sadb_x_policy_reserved;
+  uint32_t sadb_x_policy_id;
+  uint32_t sadb_x_policy_reserved2;
+};
+ 
+struct sadb_x_debug {
+  uint16_t sadb_x_debug_len;
+  uint16_t sadb_x_debug_exttype;
+  uint32_t sadb_x_debug_tunnel;
+  uint32_t sadb_x_debug_netlink;
+  uint32_t sadb_x_debug_xform;
+  uint32_t sadb_x_debug_eroute;
+  uint32_t sadb_x_debug_spi;
+  uint32_t sadb_x_debug_radij;
+  uint32_t sadb_x_debug_esp;
+  uint32_t sadb_x_debug_ah;
+  uint32_t sadb_x_debug_rcv;
+  uint32_t sadb_x_debug_pfkey;
+  uint32_t sadb_x_debug_ipcomp;
+  uint32_t sadb_x_debug_verbose;
+  uint8_t sadb_x_debug_reserved[4];
+};
+
+#ifdef NAT_TRAVERSAL
+struct sadb_x_nat_t_type {
+  uint16_t sadb_x_nat_t_type_len;
+  uint16_t sadb_x_nat_t_type_exttype;
+  uint8_t sadb_x_nat_t_type_type;
+  uint8_t sadb_x_nat_t_type_reserved[3];
+};
+struct sadb_x_nat_t_port {
+  uint16_t sadb_x_nat_t_port_len;
+  uint16_t sadb_x_nat_t_port_exttype;
+  uint16_t sadb_x_nat_t_port_port;
+  uint16_t sadb_x_nat_t_port_reserved;
+};
+#endif
+  
+/*
+ * A protocol structure for passing through the transport level
+ * protocol.  It contains more fields than are actually used/needed
+ * but it is this way to be compatible with the structure used in
+ * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h)
+ */
+struct sadb_protocol {
+  uint16_t sadb_protocol_len;
+  uint16_t sadb_protocol_exttype;
+  uint8_t  sadb_protocol_proto;
+  uint8_t  sadb_protocol_direction;
+  uint8_t  sadb_protocol_flags;
+  uint8_t  sadb_protocol_reserved2;
+};
+
+#define SADB_EXT_RESERVED             0
+#define SADB_EXT_SA                   1
+#define SADB_EXT_LIFETIME_CURRENT     2
+#define SADB_EXT_LIFETIME_HARD        3
+#define SADB_EXT_LIFETIME_SOFT        4
+#define SADB_EXT_ADDRESS_SRC          5
+#define SADB_EXT_ADDRESS_DST          6
+#define SADB_EXT_ADDRESS_PROXY        7
+#define SADB_EXT_KEY_AUTH             8
+#define SADB_EXT_KEY_ENCRYPT          9
+#define SADB_EXT_IDENTITY_SRC         10
+#define SADB_EXT_IDENTITY_DST         11
+#define SADB_EXT_SENSITIVITY          12
+#define SADB_EXT_PROPOSAL             13
+#define SADB_EXT_SUPPORTED_AUTH       14
+#define SADB_EXT_SUPPORTED_ENCRYPT    15
+#define SADB_EXT_SPIRANGE             16
+#define SADB_X_EXT_KMPRIVATE          17
+#define SADB_X_EXT_SATYPE2            18
+#ifdef KERNEL26_HAS_KAME_DUPLICATES
+#define SADB_X_EXT_POLICY             18
+#endif
+#define SADB_X_EXT_SA2                19
+#define SADB_X_EXT_ADDRESS_DST2       20
+#define SADB_X_EXT_ADDRESS_SRC_FLOW   21
+#define SADB_X_EXT_ADDRESS_DST_FLOW   22
+#define SADB_X_EXT_ADDRESS_SRC_MASK   23
+#define SADB_X_EXT_ADDRESS_DST_MASK   24
+#define SADB_X_EXT_DEBUG              25
+#define SADB_X_EXT_PROTOCOL           26
+#ifdef NAT_TRAVERSAL
+#define SADB_X_EXT_NAT_T_TYPE         27
+#define SADB_X_EXT_NAT_T_SPORT        28
+#define SADB_X_EXT_NAT_T_DPORT        29
+#define SADB_X_EXT_NAT_T_OA           30
+#define SADB_EXT_MAX                  30
+#else
+#define SADB_EXT_MAX                  26
+#endif
+
+/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */
+#define SADB_X_EXT_ADDRESS_DELFLOW \
+	( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \
+	| (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \
+	| (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \
+	| (1<<SADB_X_EXT_ADDRESS_DST_MASK))
+
+#define SADB_SATYPE_UNSPEC    0
+#define SADB_SATYPE_AH        2
+#define SADB_SATYPE_ESP       3
+#define SADB_SATYPE_RSVP      5
+#define SADB_SATYPE_OSPFV2    6
+#define SADB_SATYPE_RIPV2     7
+#define SADB_SATYPE_MIP       8
+#define SADB_X_SATYPE_IPIP    9
+#ifdef KERNEL26_HAS_KAME_DUPLICATES
+#define SADB_X_SATYPE_IPCOMP  9   /* ICK! */
+#endif
+#define SADB_X_SATYPE_COMP    10
+#define SADB_X_SATYPE_INT     11
+#define SADB_SATYPE_MAX       11
+
+#define SADB_SASTATE_LARVAL   0
+#define SADB_SASTATE_MATURE   1
+#define SADB_SASTATE_DYING    2
+#define SADB_SASTATE_DEAD     3
+#define SADB_SASTATE_MAX      3
+
+#define SADB_SAFLAGS_PFS		1
+#define SADB_X_SAFLAGS_REPLACEFLOW	2
+#define SADB_X_SAFLAGS_CLEARFLOW	4
+#define SADB_X_SAFLAGS_INFLOW		8
+
+/* not obvious, but these are the same values as used in isakmp,
+ * and in freeswan/ipsec_policy.h. If you need to add any, they
+ * should be added as according to
+ *   http://www.iana.org/assignments/isakmp-registry
+ *
+ * and if not, then please try to use a private-use value, and
+ * consider asking IANA to assign a value.
+ */
+#define SADB_AALG_NONE                  0
+#define SADB_AALG_MD5_HMAC		2
+#define SADB_AALG_SHA1_HMAC		3
+#define SADB_AALG_DES_MAC		4
+#define SADB_AALG_SHA2_256_HMAC		5
+#define SADB_AALG_SHA2_384_HMAC		6
+#define SADB_AALG_SHA2_512_HMAC		7
+#define SADB_AALG_RIPEMD_160_HMAC	8
+#define SADB_AALG_AES_XCBC_MAC		9
+#define SADB_X_AALG_NULL		251	/* kame */
+#define SADB_AALG_MAX			251
+
+#define SADB_EALG_NONE			0
+#define SADB_EALG_DES_CBC		2
+#define SADB_EALG_3DES_CBC		3
+#define SADB_EALG_RC5_CBC		4
+#define SADB_EALG_IDEA_CBC		5
+#define SADB_EALG_CAST_CBC		6
+#define SADB_EALG_BLOWFISH_CBC		7
+#define SADB_EALG_NULL			11
+#define SADB_EALG_AES_CBC		12
+#define SADB_EALG_AES_CTR		13
+#define SADB_X_EALG_SERPENT_CBC		252
+#define SADB_X_EALG_TWOFISH_CBC		253
+#define SADB_EALG_MAX			253
+
+#define SADB_X_CALG_NONE          0
+#define SADB_X_CALG_OUI           1
+#define SADB_X_CALG_DEFLATE       2
+#define SADB_X_CALG_LZS           3
+#define SADB_X_CALG_V42BIS        4
+#ifdef KERNEL26_HAS_KAME_DUPLICATES
+#define SADB_X_CALG_LZJH          4
+#endif
+#define SADB_X_CALG_MAX           4
+
+#define SADB_X_TALG_NONE          0
+#define SADB_X_TALG_IPv4_in_IPv4  1
+#define SADB_X_TALG_IPv6_in_IPv4  2
+#define SADB_X_TALG_IPv4_in_IPv6  3
+#define SADB_X_TALG_IPv6_in_IPv6  4
+#define SADB_X_TALG_MAX           4
+
+
+#define SADB_IDENTTYPE_RESERVED   0
+#define SADB_IDENTTYPE_PREFIX     1
+#define SADB_IDENTTYPE_FQDN       2
+#define SADB_IDENTTYPE_USERFQDN   3
+#define SADB_X_IDENTTYPE_CONNECTION 4
+#define SADB_IDENTTYPE_MAX        4
+
+#define SADB_KEY_FLAGS_MAX     0
+#endif /* __PFKEY_V2_H */
diff --git a/src/libfreeswan/version.in.c b/src/libfreeswan/version.c
index b3556f721..3a947b1b9 100644
--- a/src/libfreeswan/version.in.c
+++ b/src/libfreeswan/version.c
@@ -21,9 +21,8 @@
 
 #include "freeswan.h"
 
-#define	V	"xxx"		/* substituted in by Makefile */
-static const char strongswan_number[] = V;
-static const char strongswan_string[] = "Linux strongSwan " V;
+static const char strongswan_number[] = VERSION;
+static const char strongswan_string[] = "Linux strongSwan " VERSION;
 
 /*
  - ipsec_version_code - return IPsec version number/code, as string