freebsd-ports/security/skip/files/patch-bl

--- skipsrc.orig/skip/freebsd/skip_es.c	Fri Oct 25 13:12:42 1996
+++ work/skip/freebsd/skip_es.c	Sat May 15 17:05:09 1999
@@ -81,6 +81,11 @@
 static unsigned short	skip_pktid;
 static skip_softc_t	skip_softc[SKIP_MAX_OPENS];
 
+static struct callout_handle
+	skip_timeout_handle = CALLOUT_HANDLE_INITIALIZER(&skip_timeout_handle);
+
+MALLOC_DEFINE(M_SKIP, "skip", "SKIP control structures and buffers");
+
 /*
  * statistics
  */
@@ -116,11 +121,13 @@
 static int		skip_ifoutput(struct ifnet *, struct mbuf *,
 				struct sockaddr *, struct rtentry *rtp);
 static int		skip_ifinput(struct mbuf *, int);
-static void		skip_inittimers();
-static void		skip_uninittimers();
-static void		skip_timer();
+static void		skip_inittimers(void);
+static void		skip_uninittimers(void);
+static void		skip_timer(void *);
 static int		skip_add_interface(char *);
 static int		skip_del_interface(char *);
+static void		skip_ifwakeup(skip_softc_t *);
+static int		skip_bufextend(struct mbuf *, int);
 
 static void	     skip_encrypt_done(void *, struct mbuf *, struct mbuf *,
 				void *, skip_arg_t *);
@@ -136,14 +143,14 @@
 /*
  * From Crypt/MAC system...
  */
-extern int		skip_es_bypass_init();
-extern void		skip_es_bypass_uninit();
-extern void		skip_key_initstore();
-extern void		skip_key_uninitstore();
-extern void		skip_key_initcryptors();
-extern void		skip_key_uninitcryptors();
-extern void		skip_mac_init();
-extern void		skip_mac_uninit();
+extern int		skip_es_bypass_init(void);
+extern void		skip_es_bypass_uninit(void);
+extern void		skip_key_initstore(void);
+extern void		skip_key_uninitstore(void);
+extern void		skip_key_initcryptors(void);
+extern void		skip_key_uninitcryptors(void);
+extern void		skip_mac_init(void);
+extern void		skip_mac_uninit(void);
 extern int		skip_fmt_kmgr(union skip_messages *, skip_keycb_t *);
 
 extern struct cdevsw skipdevsw;
@@ -157,7 +164,7 @@
  * Returns: 0 on success, errno otherwise.
  */
 int
-skip_init()
+skip_init(void)
 {
 	register int		s, rc;
 	register struct protosw	*pr;
@@ -252,7 +259,10 @@
 		for (pr = inetdomain.dom_protosw;
 			pr < inetdomain.dom_protoswNPROTOSW; pr++) {
 
-			pr->pr_input = skip_ifinput;
+			if (pr->pr_protocol == IPPROTO_DIVERT)
+				continue;
+			pr->pr_input =
+				(void (*)(struct mbuf *, int)) skip_ifinput;
 		}
 		splx(s);
 	}
@@ -266,7 +276,7 @@
  * Returns: 0 on success, errno otherwise.
  */
 int
-skip_uninit()
+skip_uninit(void)
 {
 	register int		s;
 	if (skip_busy || skip_keys_stats.skip_encrypt_keys_active 
@@ -319,7 +329,11 @@
 						major(dev), flags);
 #endif
 
+#if __FreeBSD_version < 400005
 	if (suser(p->p_ucred, &p->p_acflag )) {
+#else
+	if (suser(p)) {
+#endif
 		return (EPERM);
 	}
 	if (minor(dev) >= SKIP_MAX_OPENS) {
@@ -422,27 +436,30 @@
  * Returns: 0 if no data available, 1 otherwise
  */
 int
-skip_ifselect(dev, rw, p)
+skip_ifpoll(dev, events, p)
 	dev_t		dev;
-	int		rw;
+	int		events;
 	struct proc 	*p;
 {
 	register skip_softc_t	*sp = &skip_softc[minor(dev)];
 	register int		s;
+	int revents = 0;
 
-	if (rw == FWRITE) {
-		return (1);
-	}
+	/* Check readable */
 	s = splimp();
-	if (sp->q.ifq_len > 0) {
-		splx(s);
-		return (1);
+	if (events & (POLLIN | POLLRDNORM)) {
+		if (sp->q.ifq_len > 0)
+			revents |= (events & (POLLIN | POLLRDNORM));
+		else
+			selrecord(p, &sp->sp_si);
 	}
 
-	selrecord(p, &sp->sp_si);
+	/* Always writable */
+	if (events & (POLLOUT | POLLWRNORM))
+		revents |= (events & (POLLOUT | POLLWRNORM));
 
 	splx(s);
-	return(0);
+	return(revents);
 }
 
 /* skip_ifread()
@@ -786,9 +803,9 @@
  * Returns: None
  */
 static void
-skip_inittimers()
+skip_inittimers(void)
 {
-	timeout(skip_timer, NULL, skip_key_tick * hz);
+	skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz);
 }
  
 /* skip_uninittimers()
@@ -798,9 +815,10 @@
  * Returns: None
  */
 static void
-skip_uninittimers()
+skip_uninittimers(void)
 {
-	untimeout(skip_timer, NULL);
+	untimeout(skip_timer, NULL, skip_timeout_handle);
+	callout_handle_init(&skip_timeout_handle);
 }
  
 /* skip_timer()
@@ -812,14 +830,13 @@
  */
 /*ARGSUSED*/
 static void
-skip_timer(arg)
-	caddr_t		arg;
+skip_timer(void *arg)
 {
 	/*
 	 * run through the key store
 	 */
 	skip_key_iterate(skip_key_check, NULL);
-	timeout(skip_timer, NULL, skip_key_tick * hz);
+	skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz);
 }
 
 #ifdef notdef
@@ -846,6 +863,7 @@
 }
 #endif
 
+#ifdef notdef
 void
 skip_dump_buf(char *what, unsigned char *p, int len) 
 {
@@ -857,7 +875,9 @@
 	}
 	printf("].\n");
 }
+#endif
 
+#ifdef notdef
 void
 skip_dump_ip(struct ip *ip)
 {
@@ -878,6 +898,7 @@
 			ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum));
 
 }
+#endif
 
 /*
  * SKIP Ioctl and Interface management routines
@@ -1107,7 +1128,7 @@
 int
 skip_ifioctl(dev, cmd, data, fflag, p)
 	dev_t		dev;
-	int		cmd;
+	u_long		cmd;
 	caddr_t		data;
 	int		fflag;
 	struct		proc *p;
@@ -1390,7 +1411,6 @@
 	skip_es_t		*skip_if;
 	int			iphlen, hdrlen = 0;
 	struct mbuf		*decryptbuf = NULL;
-	extern u_char		ip_protox[];
 	skip_param_t		params;
 	skip_hdr_t		skip_hdr;
 	skip_es_hash_t          *entry, **acl;
@@ -1718,7 +1738,7 @@
 		 */
 		decryptbuf->m_data += iphlen;
 	
-                SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%d\n",
+                SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%p\n",
                                         decryptbuf->m_len, decryptbuf->m_data);
 
 	} 
@@ -1745,7 +1765,7 @@
 	ip->ip_id = ntohs(ip->ip_id);
 	ip->ip_off = ntohs(ip->ip_off);
 pass:
-	m->m_flags &= ~ M_EOR;
+	m->m_flags &= ~ M_PROTO1;
 	(*inetsw_default[ip_protox[ip->ip_p]].pr_input)(m, hlen);
 	return (0);
 }
@@ -1910,6 +1930,13 @@
 		 */
                 IPADDRCOPY(&params.tunnel_addr, &newip->ip_dst);
 
+		/* 
+		 * insert different source address if specified 
+		 */
+
+		if(params.source != 0)
+			(&newip->ip_src)->s_addr = params.source;
+
 		encryptbuf->m_len += sizeof (struct ip);
 
 		/*
@@ -2005,7 +2032,7 @@
 			if (params.kp_alg) {
 				newip->ip_p = SKIP_NEXT_ESP;
 			} else {
-				newip->ip_p = IPPROTO_ENCAP;
+				newip->ip_p = IPPROTO_IPIP;
 			}
 		}
 		skip_if->stats.skip_if_raw_out++;
@@ -2028,6 +2055,13 @@
 		 * insert tunnel address as destination
 		 */
 		IPADDRCOPY(&params.tunnel_addr, &newip->ip_dst);
+
+		/* 
+		 * insert different source address if specified 
+		 */
+
+		if(params.source != 0) 
+			(&newip->ip_src)->s_addr = params.source;
 	}
 
 	if (params.s_nsid == 0) {
@@ -2097,7 +2131,7 @@
 	register skip_param_t   *params = &res->params;
 	register struct ip      *ip = mtod(original, struct ip *);
 	int                     rc, s, iphlen;
-	struct mbuf             *outbuf, *new_hdr;
+	struct mbuf             *outbuf;
 
 	SKIP_PRINT("skip_decrypt_done", params);
 
@@ -2125,7 +2159,7 @@
 	 */
 	outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original;
 
-	if (res->proto != IPPROTO_ENCAP) {
+	if (res->proto != IPPROTO_IPIP) {
 		/*
 		 * transport mode, need to copy original IP header
 		 */
@@ -2195,7 +2229,7 @@
 	/*
 	 * tag the start of the header buffer so SKIP can recognise it
 	 */
-	outbuf->m_flags |= M_EOR | M_PKTHDR;
+	outbuf->m_flags |= M_PROTO1 | M_PKTHDR;
     
 	s = splimp();
 	if (IF_QFULL(&ipintrq)) {