mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-29 08:08:37 +00:00
Understand IPPROTO_ESP and IPPROTO_AH packets
Submitted by: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
This commit is contained in:
parent
fb90f7b3aa
commit
2231246bb3
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=65846
@ -32,6 +32,8 @@
|
||||
#ifdef IPPROTO_GRE
|
||||
#define P_GRE 6
|
||||
#endif
|
||||
#define P_ESP 7
|
||||
#define P_AH 8
|
||||
|
||||
/* Operations - f_srcop, f_dstop */
|
||||
#define OP_NONE 0
|
||||
|
@ -269,6 +269,16 @@ FilterCheck(const struct ip *pip, const struct filter *filter, unsigned *psecs)
|
||||
sport = ntohs(0);
|
||||
break;
|
||||
#endif
|
||||
case IPPROTO_ESP:
|
||||
cproto = P_ESP;
|
||||
estab = syn = finrst = -1;
|
||||
sport = ntohs(0);
|
||||
break;
|
||||
case IPPROTO_AH:
|
||||
cproto = P_AH;
|
||||
estab = syn = finrst = -1;
|
||||
sport = ntohs(0);
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
case IPPROTO_IPIP:
|
||||
cproto = P_UDP;
|
||||
@ -636,6 +646,30 @@ PacketCheck(struct bundle *bundle, unsigned char *cp, int nb,
|
||||
}
|
||||
break;
|
||||
|
||||
case IPPROTO_ESP:
|
||||
if (logit && loglen < sizeof logbuf) {
|
||||
snprintf(logbuf + loglen, sizeof logbuf - loglen,
|
||||
"ESP: %s ---> ", inet_ntoa(pip->ip_src));
|
||||
loglen += strlen(logbuf + loglen);
|
||||
snprintf(logbuf + loglen, sizeof logbuf - loglen,
|
||||
"%s, spi %08x", inet_ntoa(pip->ip_dst),
|
||||
(u_int32_t) ptop);
|
||||
loglen += strlen(logbuf + loglen);
|
||||
}
|
||||
break;
|
||||
|
||||
case IPPROTO_AH:
|
||||
if (logit && loglen < sizeof logbuf) {
|
||||
snprintf(logbuf + loglen, sizeof logbuf - loglen,
|
||||
"AH: %s ---> ", inet_ntoa(pip->ip_src));
|
||||
loglen += strlen(logbuf + loglen);
|
||||
snprintf(logbuf + loglen, sizeof logbuf - loglen,
|
||||
"%s, spi %08x", inet_ntoa(pip->ip_dst),
|
||||
(u_int32_t) (ptop + sizeof(u_int32_t)));
|
||||
loglen += strlen(logbuf + loglen);
|
||||
}
|
||||
break;
|
||||
|
||||
case IPPROTO_IGMP:
|
||||
if (logit && loglen < sizeof logbuf) {
|
||||
uh = (struct udphdr *) ptop;
|
||||
|
Loading…
Reference in New Issue
Block a user