--- zzzz-none-000/linux-3.10.107/net/xfrm/xfrm_user.c	2017-06-27 09:49:32.000000000 +0000
+++ vr9-7490-729/linux-3.10.107/net/xfrm/xfrm_user.c	2021-11-10 11:53:56.000000000 +0000
@@ -10,6 +10,12 @@
  *
  */
 
+/**
+ * Some part of this file is modified by Ikanos Communications. 
+ *
+ * Copyright (C) 2013-2014 Ikanos Communications.
+ */ 
+
 #include <linux/crypto.h>
 #include <linux/module.h>
 #include <linux/kernel.h>
@@ -32,6 +38,22 @@
 #include <linux/in6.h>
 #endif
 
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if defined(CONFIG_IPSEC_AP_SUPPORT) 
+extern void (*ap2apIPsecRouteFlowDelete_ptr)(struct xfrm_state *x);
+extern void (*ap2apIPsecRouteFlowAdd_ptr)(struct xfrm_state *x);
+#endif
+#endif
+
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if IS_ENABLED(CONFIG_IPSEC_AP_SUPPORT) && IS_ENABLED(CONFIG_L2TP_AP_SUPPORT) 
+int (*ap2apIPsecUpdateapSawithPorts_ptr)(struct xfrm_state *xfrm, struct xfrm_policy *policy) = NULL;
+void get_xfrm_state_from_policy_and_update_apSa(struct xfrm_policy *xp);
+extern int xfrm_tmpl_resolve_wrapper(struct xfrm_policy **pols, int npols, const struct flowi *fl,
+                  struct xfrm_state **xfrm, unsigned short family);
+#endif
+#endif
+
 static inline int aead_len(struct xfrm_algo_aead *alg)
 {
 	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
@@ -632,6 +654,14 @@
 		goto out;
 	}
 
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if defined(CONFIG_IPSEC_AP_SUPPORT) 
+	spin_lock_bh(&x->lock);
+        if(ap2apIPsecRouteFlowAdd_ptr)
+            ap2apIPsecRouteFlowAdd_ptr(x);
+	spin_unlock_bh(&x->lock);
+#endif
+#endif
 	c.seq = nlh->nlmsg_seq;
 	c.portid = nlh->nlmsg_pid;
 	c.event = nlh->nlmsg_type;
@@ -1401,6 +1431,55 @@
 	return NULL;
 }
 
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if IS_ENABLED(CONFIG_IPSEC_AP_SUPPORT) && IS_ENABLED(CONFIG_L2TP_AP_SUPPORT)
+void get_xfrm_state_from_policy_and_update_apSa(struct xfrm_policy *xp)
+{
+	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
+	struct xfrm_state *xfrms[XFRM_MAX_DEPTH];
+	struct xfrm_state *xs = NULL;
+	struct flowi fl;
+	int num_pols = 0;
+	int num_xfrms = -1;
+	int i=0;
+	unsigned short family = xp->selector.family;
+
+	pols[0] = xp;
+	num_pols = 1;   /* No of policies updated in pols */
+
+	memset(&fl, 0, sizeof(struct flowi));
+	fl.u.ip4.saddr = xp->selector.saddr.a4;
+	fl.u.ip4.daddr = xp->selector.daddr.a4;
+	fl.u.ip4.fl4_sport = xp->selector.sport;    //1701;
+	fl.u.ip4.fl4_dport = xp->selector.dport;    //1701;
+	fl.u.ip4.flowi4_proto = xp->selector.proto; //17;
+	
+        /* num_xfrms contains no of xfrm states matched to this xfrm policy, and
+	 * xfrms[] contains the xfrm states*/
+#ifdef CONFIG_XFRM
+	num_xfrms = xfrm_tmpl_resolve_wrapper(pols, num_pols, &fl, xfrms, family);
+#endif
+	if (num_xfrms < 0) {
+		printk("\n %s: xfrm state not found from policy", __FUNCTION__);
+		return;
+	}
+	for (i = 0; i < num_xfrms; i++) {
+	     xs = xfrms[i];
+             if (xs) {
+                spin_lock_bh(&xs->lock);
+                if(ap2apIPsecUpdateapSawithPorts_ptr)
+                   ap2apIPsecUpdateapSawithPorts_ptr(xs, xp);
+                spin_unlock_bh(&xs->lock);
+                xfrm_state_put(xs);
+                xs = NULL;
+             }
+	}
+
+	return;
+}
+#endif
+#endif
+
 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
 		struct nlattr **attrs)
 {
@@ -1445,6 +1524,18 @@
 	c.portid = nlh->nlmsg_pid;
 	km_policy_notify(xp, p->dir, &c);
 
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if IS_ENABLED(CONFIG_IPSEC_AP_SUPPORT) && IS_ENABLED(CONFIG_L2TP_AP_SUPPORT)
+
+	if ( (xp->action == XFRM_POLICY_ALLOW) &&
+	     (xp->xfrm_vec[0].mode == XFRM_MODE_TRANSPORT) && 
+	     (xp->selector.proto == 17) )  {  //IANA_UDP_PROTO_NUM) ) {
+
+	     get_xfrm_state_from_policy_and_update_apSa(xp);
+	}
+#endif
+#endif
+
 	xfrm_pol_put(xp);
 
 	return 0;
@@ -1705,6 +1796,12 @@
 	audit_info.loginuid = audit_get_loginuid(current);
 	audit_info.sessionid = audit_get_sessionid(current);
 	security_task_getsecid(current, &audit_info.secid);
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if defined(CONFIG_IPSEC_AP_SUPPORT) 
+                if(ap2apIPsecRouteFlowDelete_ptr)
+                    ap2apIPsecRouteFlowDelete_ptr(NULL);
+#endif
+#endif
 	err = xfrm_state_flush(net, p->proto, &audit_info);
 	if (err) {
 		if (err == -ESRCH) /* empty table */
@@ -3060,4 +3157,9 @@
 module_exit(xfrm_user_exit);
 MODULE_LICENSE("GPL");
 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM);
+#if IS_ENABLED(CONFIG_FUSIV_KERNEL_AP_2_AP)
+#if IS_ENABLED(CONFIG_IPSEC_AP_SUPPORT) && IS_ENABLED(CONFIG_L2TP_AP_SUPPORT)
+EXPORT_SYMBOL(ap2apIPsecUpdateapSawithPorts_ptr);
+#endif
+#endif