mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-27 10:03:20 +00:00
Code Issues Releases Activity

Submitted by: archie Cobbs (archie@whistle.com)

Browse Source 
updates to make skip port work better, from the original porter.
This commit is contained in:
Julian Elischer 1998-04-13 00:17:45 +00:00
parent 6a9dce55d6
commit b7d69e8bbb
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=10502
5 changed files with 234 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
security/skip/files/patch-au
View File

@ -1,7 +1,7 @@
diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1.0/doc/README.FreeBSD
--- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969
+++ skipsrc-1.0/doc/README.FreeBSD Tue Dec 23 16:23:06 1997
@@ -0,0 +1,64 @@
+++ skipsrc-1.0/doc/README.FreeBSD Sun Apr 12 16:10:32 1998
@@ -0,0 +1,74 @@
+
+Some notes regarding the FreeBSD port of SKIP
+December 8, 1997
@ -13,6 +13,16 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1
+ you set ${PREFIX}). This documentation can be found under
+ /usr/local/share/doc/skip.
+
+- Thanks to S. Wehner, skiphost now takes a new argument for specifying
+ the source address for encrypted packets. This allows encrypted packets
+ that are being tunnelled between two routers to have source and dest
+ IP addresses of only those two routers. This reduces firewall complexity
+ in many cases. From his description:
+
+ This adds another command line option to skiphost, namely
+ -f <source address> . Every packet going out to the other host
+ will then have this source address in the packet.
+
+- SKIP is applied to packets *after* any ipfw(8) filtering is applied.
+ This is true for both incoming and outgoing packets. Note that SKIP
+ has its own access control functionality.

36
security/skip/files/patch-bf
View File

@ -1,6 +1,6 @@
diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skipsrc-1.0/skip/freebsd/skip_es.c
--- skipsrc-1.0.orig/skip/freebsd/skip_es.c Fri Oct 25 13:12:42 1996
+++ skipsrc-1.0/skip/freebsd/skip_es.c Tue Mar 3 16:58:54 1998
+++ skipsrc-1.0/skip/freebsd/skip_es.c Sun Apr 12 15:51:32 1998
@@ -81,6 +81,11 @@
static unsigned short skip_pktid;
static skip_softc_t skip_softc[SKIP_MAX_OPENS];
@ -71,7 +71,21 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skips
decryptbuf->m_len, decryptbuf->m_data);
}
@@ -2005,7 +2026,7 @@
@@ -1910,6 +1931,13 @@
*/
IPADDRCOPY(&params.tunnel_addr, &newip->ip_dst);
+ /*
+ * insert different source address if specified
+ */
+
+ if(params.source != 0)
+ (&newip->ip_src)->s_addr = params.source;
+
encryptbuf->m_len += sizeof (struct ip);
/*
@@ -2005,7 +2033,7 @@
if (params.kp_alg) {
newip->ip_p = SKIP_NEXT_ESP;
} else {
@ -80,7 +94,21 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skips
}
}
skip_if->stats.skip_if_raw_out++;
@@ -2097,7 +2118,7 @@
@@ -2028,6 +2056,13 @@
* insert tunnel address as destination
*/
IPADDRCOPY(&params.tunnel_addr, &newip->ip_dst);
+
+ /*
+ * insert different source address if specified
+ */
+
+ if(params.source != 0)
+ (&newip->ip_src)->s_addr = params.source;
}
if (params.s_nsid == 0) {
@@ -2097,7 +2132,7 @@
register skip_param_t *params = &res->params;
register struct ip *ip = mtod(original, struct ip *);
int rc, s, iphlen;
@ -89,7 +117,7 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skips
SKIP_PRINT("skip_decrypt_done", params);
@@ -2125,7 +2146,7 @@
@@ -2125,7 +2160,7 @@
*/
outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original;

20
security/skip/files/patch-bg
View File

@ -1,6 +1,6 @@
diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skipsrc-1.0/skip/freebsd/skip_os.h
--- skipsrc-1.0.orig/skip/freebsd/skip_os.h Fri Oct 25 13:12:43 1996
+++ skipsrc-1.0/skip/freebsd/skip_os.h Tue Jan 13 11:19:16 1998
+++ skipsrc-1.0/skip/freebsd/skip_os.h Sun Apr 12 15:52:01 1998
@@ -54,7 +54,6 @@
#ifndef KERNEL
#include <stdio.h>
@ -93,7 +93,19 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skips
#define ALIGNED(x) (((unsigned int)(x)&(skip_alignment - 1)) == 0)
@@ -205,26 +225,21 @@
@@ -182,7 +202,11 @@
/*
* 4.x timing defines
*/
+#if __FreeBSD__ >= 3
+#define SKIP_ES_CURRENTTIME ((long)time_second)
+#else
#define SKIP_ES_CURRENTTIME (time.tv_sec)
+#endif
#define SKIP_ES_DELTATIME(then) (SKIP_ES_CURRENTTIME - then)
/*
@@ -205,26 +229,21 @@
}
/*
@ -130,7 +142,7 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skips
#else /* KERNEL */
/*
@@ -251,37 +266,12 @@
@@ -251,37 +270,12 @@
#endif
#define STATIC
@ -170,7 +182,7 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skips
#define KEYMGR "/dev/skip_key"
/*
@@ -306,12 +296,6 @@
@@ -306,12 +300,6 @@
/* General purpose */
typedef unsigned char byte;

13
security/skip/files/patch-cj Normal file
View File

@ -0,0 +1,13 @@
diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_types.h skipsrc-1.0/skip/include/skip_types.h
--- skipsrc-1.0.orig/skip/include/skip_types.h Fri Oct 25 13:12:45 1996
+++ skipsrc-1.0/skip/include/skip_types.h Sun Apr 12 15:29:53 1998
@@ -142,6 +142,7 @@
unsigned char flags; /* ACL info for this system */
struct in_addr mask; /* network/host mask */
struct in_addr tunnel_addr; /* tunneling address */
+ unsigned long source; /* source address */
} skip_param_t;
/*

161
security/skip/files/patch-ck Normal file
View File

@ -0,0 +1,161 @@
diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c skipsrc-1.0/skip/tools/skiphost/skiphost.c
--- skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c Fri Oct 25 13:13:03 1996
+++ skipsrc-1.0/skip/tools/skiphost/skiphost.c Sun Apr 12 15:29:52 1998
@@ -76,6 +76,7 @@
static char *skip_version = NULL;
static char *skip_mode = NULL;
static char *tunnel = NULL;
+static char *srcaddr = NULL;
static int opt, opt_cpt;
static int opt_action, opt_more;
@@ -89,11 +90,14 @@
static int opt_prt, opt_sh, opt_sel;
static int opt_trs, opt_tunnel;
static int opt_msk, opt_nomadic;
+static int opt_source;
boolean_t on_boot = B_FALSE;
#define SKIP_HOST_MASK "255.255.255.255"
+struct in_addr source_addr;
+
static void usage();
/*
@@ -218,6 +222,11 @@
if (params->ip_addr.s_addr != params->tunnel_addr.s_addr) {
printf(" -A %s", inet_ntoa(params->tunnel_addr));
}
+
+ if(params->source != 0) {
+ source_addr.s_addr = params->source;
+ printf(" -f %s", inet_ntoa(source_addr));
+ }
switch (params->version) {
@@ -376,6 +385,11 @@
printf(" tunnel=%s", inet_ntoa(params->tunnel_addr));
}
+ if (params->source != 0) {
+ source_addr.s_addr = params->source;
+ printf(" source=%s", inet_ntoa(source_addr));
+ }
+
switch (params->version) {
case SKIP_NONE:
@@ -907,12 +921,18 @@
}
}
+ if(opt_source) {
+ parms.source = inet_addr(srcaddr);
+ } else {
+ parms.source = 0;
+ }
+
/*
* Check if a cleartext host...
*/
opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
- opt_sel += opt_vers + opt_nomadic + opt_tunnel;
+ opt_sel += opt_vers + opt_nomadic + opt_tunnel + opt_source;
if (!opt_sel) {
/*
@@ -1531,6 +1551,7 @@
"\t\t[-r <receiver NSID>] [-R <receiver key Id>]...\n"
"\t\t[-s <sender NSID>] [-S <sender key Id>]...\n"
"\t\t[-v <SKIP version>] [-A <tunnel address>] [-T]\n"
+ "\t\t[-f <source address>]\n"
"\t%s [-i <interface>] "
"-x <hostname|IP address|\"*\"> [-M <mask>]...\n"
"\t\t[-k <kij algorithm>] [-t <crypt algorithm>]...\n"
@@ -1592,6 +1613,7 @@
opt_trs = opt_msk = 0;
opt_prt = opt_sh = opt_mode = 0;
opt_nomadic = opt_tunnel = 0;
+ opt_source = 0;
ifname = skip_default_if();
@@ -1614,7 +1636,7 @@
*/
optind = 1;
while ((opt = getopt(argc, argv,
- "phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:")) != -1) {
+ "phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:f:")) != -1) {
switch (opt) {
@@ -1761,7 +1783,10 @@
SKIP_ONE(&opt_tunnel);
tunnel = optarg;
break;
-
+ case 'f':
+ SKIP_ONE(&opt_source);
+ srcaddr = optarg;
+ break;
case 'h':
default:
usage();
@@ -1890,7 +1915,7 @@
opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
- opt_sel += opt_tunnel;
+ opt_sel += opt_tunnel + opt_source;
if (opt_sel) {
fprintf(stderr, "%s -u does not take options\n",
@@ -1912,7 +1937,7 @@
opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
- opt_sel += opt_tunnel;
+ opt_sel += opt_tunnel + opt_source;
if (opt_sel) {
fprintf(stderr, "%s -p does not take options\n",
@@ -1941,7 +1966,7 @@
opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
- opt_sel += opt_tunnel;
+ opt_sel += opt_tunnel + opt_source;
if (opt_sel) {
fprintf(stderr, "%s -P does not take options\n",
@@ -1963,7 +1988,7 @@
opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
- opt_sel += opt_tunnel;
+ opt_sel += opt_tunnel + opt_source;
if (opt_sel) {
fprintf(stderr, "%s -V does not take options\n",
@@ -1985,7 +2010,7 @@
opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
opt_sel += opt_vers + opt_trs + opt_msk;
- opt_sel += opt_tunnel;
+ opt_sel += opt_tunnel + opt_source;
if (opt_sel) {
usage();
@@ -2018,7 +2043,7 @@
*/
opt_sel = opt_s_nsid + opt_s_keyid;
opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
- opt_sel += opt_mode + opt_trs + opt_tunnel;
+ opt_sel += opt_mode + opt_trs + opt_tunnel + opt_source;
if (opt_sel) {
usage();