2000-01-26 01:55:28 +00:00
|
|
|
diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c work.new/skip/freebsd/skip_es.c
|
|
|
|
|
--- skipsrc-1.0.orig/skip/freebsd/skip_es.c Fri Oct 25 13:12:42 1996
|
|
|
|
|
+++ work.new/skip/freebsd/skip_es.c Mon Jan 24 12:35:39 2000
|
|
|
|
|
@@ -81,6 +81,11 @@
|
|
|
|
|
static unsigned short skip_pktid;
|
|
|
|
|
static skip_softc_t skip_softc[SKIP_MAX_OPENS];
|
|
|
|
|
|
|
|
|
|
+static struct callout_handle
|
|
|
|
|
+ skip_timeout_handle = CALLOUT_HANDLE_INITIALIZER(&skip_timeout_handle);
|
|
|
|
|
+
|
|
|
|
|
+MALLOC_DEFINE(M_SKIP, "skip", "SKIP control structures and buffers");
|
|
|
|
|
+
|
|
|
|
|
/*
|
|
|
|
|
* statistics
|
|
|
|
|
*/
|
|
|
|
|
@@ -116,11 +121,13 @@
|
|
|
|
|
static int skip_ifoutput(struct ifnet *, struct mbuf *,
|
|
|
|
|
struct sockaddr *, struct rtentry *rtp);
|
|
|
|
|
static int skip_ifinput(struct mbuf *, int);
|
|
|
|
|
-static void skip_inittimers();
|
|
|
|
|
-static void skip_uninittimers();
|
|
|
|
|
-static void skip_timer();
|
|
|
|
|
+static void skip_inittimers(void);
|
|
|
|
|
+static void skip_uninittimers(void);
|
|
|
|
|
+static void skip_timer(void *);
|
|
|
|
|
static int skip_add_interface(char *);
|
|
|
|
|
static int skip_del_interface(char *);
|
|
|
|
|
+static void skip_ifwakeup(skip_softc_t *);
|
|
|
|
|
+static int skip_bufextend(struct mbuf *, int);
|
|
|
|
|
|
|
|
|
|
static void skip_encrypt_done(void *, struct mbuf *, struct mbuf *,
|
|
|
|
|
void *, skip_arg_t *);
|
|
|
|
|
@@ -136,14 +143,14 @@
|
|
|
|
|
/*
|
|
|
|
|
* From Crypt/MAC system...
|
|
|
|
|
*/
|
|
|
|
|
-extern int skip_es_bypass_init();
|
|
|
|
|
-extern void skip_es_bypass_uninit();
|
|
|
|
|
-extern void skip_key_initstore();
|
|
|
|
|
-extern void skip_key_uninitstore();
|
|
|
|
|
-extern void skip_key_initcryptors();
|
|
|
|
|
-extern void skip_key_uninitcryptors();
|
|
|
|
|
-extern void skip_mac_init();
|
|
|
|
|
-extern void skip_mac_uninit();
|
|
|
|
|
+extern int skip_es_bypass_init(void);
|
|
|
|
|
+extern void skip_es_bypass_uninit(void);
|
|
|
|
|
+extern void skip_key_initstore(void);
|
|
|
|
|
+extern void skip_key_uninitstore(void);
|
|
|
|
|
+extern void skip_key_initcryptors(void);
|
|
|
|
|
+extern void skip_key_uninitcryptors(void);
|
|
|
|
|
+extern void skip_mac_init(void);
|
|
|
|
|
+extern void skip_mac_uninit(void);
|
|
|
|
|
extern int skip_fmt_kmgr(union skip_messages *, skip_keycb_t *);
|
|
|
|
|
|
|
|
|
|
extern struct cdevsw skipdevsw;
|
|
|
|
|
@@ -157,7 +164,7 @@
|
|
|
|
|
* Returns: 0 on success, errno otherwise.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
-skip_init()
|
|
|
|
|
+skip_init(void)
|
|
|
|
|
{
|
|
|
|
|
register int s, rc;
|
|
|
|
|
register struct protosw *pr;
|
|
|
|
|
@@ -252,7 +259,10 @@
|
|
|
|
|
for (pr = inetdomain.dom_protosw;
|
|
|
|
|
pr < inetdomain.dom_protoswNPROTOSW; pr++) {
|
|
|
|
|
|
|
|
|
|
- pr->pr_input = skip_ifinput;
|
|
|
|
|
+ if (pr->pr_protocol == IPPROTO_DIVERT)
|
|
|
|
|
+ continue;
|
|
|
|
|
+ pr->pr_input =
|
|
|
|
|
+ (void (*)(struct mbuf *, int)) skip_ifinput;
|
|
|
|
|
}
|
|
|
|
|
splx(s);
|
|
|
|
|
}
|
|
|
|
|
@@ -266,7 +276,7 @@
|
|
|
|
|
* Returns: 0 on success, errno otherwise.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
-skip_uninit()
|
|
|
|
|
+skip_uninit(void)
|
|
|
|
|
{
|
|
|
|
|
register int s;
|
|
|
|
|
if (skip_busy || skip_keys_stats.skip_encrypt_keys_active
|
|
|
|
|
@@ -319,7 +329,11 @@
|
|
|
|
|
major(dev), flags);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
+#if __FreeBSD_version < 400005
|
|
|
|
|
if (suser(p->p_ucred, &p->p_acflag )) {
|
|
|
|
|
+#else
|
|
|
|
|
+ if (suser(p)) {
|
|
|
|
|
+#endif
|
|
|
|
|
return (EPERM);
|
|
|
|
|
}
|
|
|
|
|
if (minor(dev) >= SKIP_MAX_OPENS) {
|
|
|
|
|
@@ -422,27 +436,30 @@
|
|
|
|
|
* Returns: 0 if no data available, 1 otherwise
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
-skip_ifselect(dev, rw, p)
|
|
|
|
|
+skip_ifpoll(dev, events, p)
|
|
|
|
|
dev_t dev;
|
|
|
|
|
- int rw;
|
|
|
|
|
+ int events;
|
|
|
|
|
struct proc *p;
|
|
|
|
|
{
|
|
|
|
|
register skip_softc_t *sp = &skip_softc[minor(dev)];
|
|
|
|
|
register int s;
|
|
|
|
|
+ int revents = 0;
|
|
|
|
|
|
|
|
|
|
- if (rw == FWRITE) {
|
|
|
|
|
- return (1);
|
|
|
|
|
- }
|
|
|
|
|
+ /* Check readable */
|
|
|
|
|
s = splimp();
|
|
|
|
|
- if (sp->q.ifq_len > 0) {
|
|
|
|
|
- splx(s);
|
|
|
|
|
- return (1);
|
|
|
|
|
+ if (events & (POLLIN | POLLRDNORM)) {
|
|
|
|
|
+ if (sp->q.ifq_len > 0)
|
|
|
|
|
+ revents |= (events & (POLLIN | POLLRDNORM));
|
|
|
|
|
+ else
|
|
|
|
|
+ selrecord(p, &sp->sp_si);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- selrecord(p, &sp->sp_si);
|
|
|
|
|
+ /* Always writable */
|
|
|
|
|
+ if (events & (POLLOUT | POLLWRNORM))
|
|
|
|
|
+ revents |= (events & (POLLOUT | POLLWRNORM));
|
|
|
|
|
|
|
|
|
|
splx(s);
|
|
|
|
|
- return(0);
|
|
|
|
|
+ return(revents);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* skip_ifread()
|
|
|
|
|
@@ -786,9 +803,9 @@
|
|
|
|
|
* Returns: None
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
-skip_inittimers()
|
|
|
|
|
+skip_inittimers(void)
|
|
|
|
|
{
|
|
|
|
|
- timeout(skip_timer, NULL, skip_key_tick * hz);
|
|
|
|
|
+ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* skip_uninittimers()
|
|
|
|
|
@@ -798,9 +815,10 @@
|
|
|
|
|
* Returns: None
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
-skip_uninittimers()
|
|
|
|
|
+skip_uninittimers(void)
|
|
|
|
|
{
|
|
|
|
|
- untimeout(skip_timer, NULL);
|
|
|
|
|
+ untimeout(skip_timer, NULL, skip_timeout_handle);
|
|
|
|
|
+ callout_handle_init(&skip_timeout_handle);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* skip_timer()
|
|
|
|
|
@@ -812,14 +830,13 @@
|
|
|
|
|
*/
|
|
|
|
|
/*ARGSUSED*/
|
|
|
|
|
static void
|
|
|
|
|
-skip_timer(arg)
|
|
|
|
|
- caddr_t arg;
|
|
|
|
|
+skip_timer(void *arg)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* run through the key store
|
|
|
|
|
*/
|
|
|
|
|
skip_key_iterate(skip_key_check, NULL);
|
|
|
|
|
- timeout(skip_timer, NULL, skip_key_tick * hz);
|
|
|
|
|
+ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef notdef
|
|
|
|
|
@@ -846,6 +863,7 @@
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
+#ifdef notdef
|
|
|
|
|
void
|
|
|
|
|
skip_dump_buf(char *what, unsigned char *p, int len)
|
|
|
|
|
{
|
|
|
|
|
@@ -857,7 +875,9 @@
|
|
|
|
|
}
|
|
|
|
|
printf("].\n");
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
+#ifdef notdef
|
|
|
|
|
void
|
|
|
|
|
skip_dump_ip(struct ip *ip)
|
|
|
|
|
{
|
|
|
|
|
@@ -878,6 +898,7 @@
|
|
|
|
|
ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum));
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* SKIP Ioctl and Interface management routines
|
|
|
|
|
@@ -1107,7 +1128,7 @@
|
|
|
|
|
int
|
|
|
|
|
skip_ifioctl(dev, cmd, data, fflag, p)
|
|
|
|
|
dev_t dev;
|
|
|
|
|
- int cmd;
|
|
|
|
|
+ u_long cmd;
|
|
|
|
|
caddr_t data;
|
|
|
|
|
int fflag;
|
|
|
|
|
struct proc *p;
|
|
|
|
|
@@ -1390,7 +1411,6 @@
|
|
|
|
|
skip_es_t *skip_if;
|
|
|
|
|
int iphlen, hdrlen = 0;
|
|
|
|
|
struct mbuf *decryptbuf = NULL;
|
|
|
|
|
- extern u_char ip_protox[];
|
|
|
|
|
skip_param_t params;
|
|
|
|
|
skip_hdr_t skip_hdr;
|
|
|
|
|
skip_es_hash_t *entry, **acl;
|
|
|
|
|
@@ -1718,7 +1738,7 @@
|
|
|
|
|
*/
|
|
|
|
|
decryptbuf->m_data += iphlen;
|
|
|
|
|
|
|
|
|
|
- SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%d\n",
|
|
|
|
|
+ SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%p\n",
|
|
|
|
|
decryptbuf->m_len, decryptbuf->m_data);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
@@ -1745,7 +1765,7 @@
|
|
|
|
|
ip->ip_id = ntohs(ip->ip_id);
|
|
|
|
|
ip->ip_off = ntohs(ip->ip_off);
|
|
|
|
|
pass:
|
|
|
|
|
- m->m_flags &= ~ M_EOR;
|
|
|
|
|
+ m->m_flags &= ~ M_PROTO1;
|
|
|
|
|
(*inetsw_default[ip_protox[ip->ip_p]].pr_input)(m, hlen);
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
@@ -1910,6 +1930,13 @@
|
|
|
|
|
*/
|
|
|
|
|
IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst);
|
|
|
|
|
|
|
|
|
|
+ /*
|
|
|
|
|
+ * insert different source address if specified
|
|
|
|
|
+ */
|
|
|
|
|
+
|
|
|
|
|
+ if(params.source != 0)
|
|
|
|
|
+ (&newip->ip_src)->s_addr = params.source;
|
|
|
|
|
+
|
|
|
|
|
encryptbuf->m_len += sizeof (struct ip);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
@@ -2005,7 +2032,7 @@
|
|
|
|
|
if (params.kp_alg) {
|
|
|
|
|
newip->ip_p = SKIP_NEXT_ESP;
|
|
|
|
|
} else {
|
|
|
|
|
- newip->ip_p = IPPROTO_ENCAP;
|
|
|
|
|
+ newip->ip_p = IPPROTO_IPIP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
skip_if->stats.skip_if_raw_out++;
|
|
|
|
|
@@ -2028,6 +2055,13 @@
|
|
|
|
|
* insert tunnel address as destination
|
|
|
|
|
*/
|
|
|
|
|
IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst);
|
|
|
|
|
+
|
|
|
|
|
+ /*
|
|
|
|
|
+ * insert different source address if specified
|
|
|
|
|
+ */
|
|
|
|
|
+
|
|
|
|
|
+ if(params.source != 0)
|
|
|
|
|
+ (&newip->ip_src)->s_addr = params.source;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (params.s_nsid == 0) {
|
|
|
|
|
@@ -2097,7 +2131,7 @@
|
|
|
|
|
register skip_param_t *params = &res->params;
|
|
|
|
|
register struct ip *ip = mtod(original, struct ip *);
|
|
|
|
|
int rc, s, iphlen;
|
|
|
|
|
- struct mbuf *outbuf, *new_hdr;
|
|
|
|
|
+ struct mbuf *outbuf;
|
|
|
|
|
|
|
|
|
|
SKIP_PRINT("skip_decrypt_done", params);
|
|
|
|
|
|
|
|
|
|
@@ -2125,7 +2159,7 @@
|
|
|
|
|
*/
|
|
|
|
|
outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original;
|
|
|
|
|
|
|
|
|
|
- if (res->proto != IPPROTO_ENCAP) {
|
|
|
|
|
+ if (res->proto != IPPROTO_IPIP) {
|
|
|
|
|
/*
|
|
|
|
|
* transport mode, need to copy original IP header
|
|
|
|
|
*/
|
|
|
|
|
@@ -2195,7 +2229,7 @@
|
|
|
|
|
/*
|
|
|
|
|
* tag the start of the header buffer so SKIP can recognise it
|
|
|
|
|
*/
|
|
|
|
|
- outbuf->m_flags |= M_EOR | M_PKTHDR;
|
|
|
|
|
+ outbuf->m_flags |= M_PROTO1 | M_PKTHDR;
|
|
|
|
|
|
|
|
|
|
s = splimp();
|
|
|
|
|
if (IF_QFULL(&ipintrq)) {
|
