beet-patch-with-interfamily-v1.1-2.6.16.5

来自「HIP:Host Identity Protocol」· 5 代码 · 共 1,142 行 · 第 1/3 页

5
1,142
字号
123
+			ph->nexthdr = iph->protocol;+			top_iph->protocol = IPPROTO_BEETPH;+			top_iph->ihl = sizeof(struct iphdr) / 4;+		} -	top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?-		0 : (iph->frag_off & htons(IP_DF));-	if (!top_iph->frag_off)-		__ip_select_ident(top_iph, dst, 0);+		break;+	default:+	case XFRM_MODE_TUNNEL:+		if (x->props.family == AF_INET) {+			top_iph->ihl = 5;+			top_iph->version = 4;+ +			/* DS disclosed */+			top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);+ +			flags = x->props.flags;+			if (flags & XFRM_STATE_NOECN)+				IP_ECN_clear(top_iph);+ +			top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?+				0 : (iph->frag_off & htons(IP_DF));+			if (!top_iph->frag_off)+				__ip_select_ident(top_iph, dst, 0); -	top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);+			top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); -	top_iph->saddr = x->props.saddr.a4;-	top_iph->daddr = x->id.daddr.a4;-	top_iph->protocol = IPPROTO_IPIP;+			top_iph->protocol = IPPROTO_IPIP;+			memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));+		}+		break;+	}++	if (x->props.family == AF_INET) {+		top_iph->saddr = x->props.saddr.a4;+		top_iph->daddr = x->id.daddr.a4;+	} else if (x->props.family == AF_INET6) {+		/* Inner = 4, Outer = 6*/+		struct ipv6hdr *top_iph6;+		int dsfield;+		u8 protocol = top_iph->protocol;++		if (unlikely(optlen))+			protocol = top_iph->protocol;+		else+			protocol = iph->protocol;+		if (x->props.mode == XFRM_MODE_BEET) {+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);++			if (skb_headroom(skb) <=  2*delta){+				if (pskb_expand_head(skb, delta,0, GFP_ATOMIC))+					return;+			}+			+			skb->nh.raw = skb_push(skb, delta);+		} -	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));+		top_iph6 = skb->nh.ipv6h;+		skb->h.ipv6h = top_iph6 + 1;+		/* DS disclosed */+		top_iph6->version = 6;+		top_iph6->priority = 0;+		top_iph6->flow_lbl[0] = 0;+		top_iph6->flow_lbl[1] = 0;+		top_iph6->flow_lbl[2] = 0;+		dsfield = ipv6_get_dsfield(top_iph6);+		dsfield = INET_ECN_encapsulate(dsfield, dsfield);+		flags = x->props.flags;+		if (flags & XFRM_STATE_NOECN)+			dsfield &= ~INET_ECN_MASK;+		ipv6_change_dsfield(top_iph6, 0, dsfield);++		if (x->props.mode == XFRM_MODE_TUNNEL)+			top_iph6->nexthdr = IPPROTO_IPIP;+		else+			top_iph6->nexthdr = protocol;+		top_iph6->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);+		top_iph6->payload_len = htons(skb->len - sizeof(struct ipv6hdr));+		ipv6_addr_copy(&top_iph6->saddr,(struct in6_addr *)&x->props.saddr);+		ipv6_addr_copy(&top_iph6->daddr, (struct in6_addr *)&x->id.daddr);+		skb->nh.raw = &top_iph6->nexthdr;+		//skb->nh.raw = &skb->nh.ipv6h->nexthdr;+	} else+		BUG_ON(1); }  static int xfrm4_tunnel_check_size(struct sk_buff *skb)@@ -102,14 +190,14 @@ 	struct dst_entry *dst = skb->dst; 	struct xfrm_state *x = dst->xfrm; 	int err;-	+ 	if (skb->ip_summed == CHECKSUM_HW) { 		err = skb_checksum_help(skb, 0); 		if (err) 			goto error_nolock; 	} -	if (x->props.mode) {+	if (x->props.mode == XFRM_MODE_TUNNEL) { 		err = xfrm4_tunnel_check_size(skb); 		if (err) 			goto error_nolock;diff -urN linux-2.6.16.5/net/ipv4/xfrm4_policy.c linux-2.6.16.5-beet/net/ipv4/xfrm4_policy.c--- linux-2.6.16.5/net/ipv4/xfrm4_policy.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-beet/net/ipv4/xfrm4_policy.c	2007-09-03 14:12:51.000000000 +0300@@ -19,6 +19,8 @@  static struct xfrm_type_map xfrm4_type_map = { .lock = RW_LOCK_UNLOCKED }; +static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu);+ static int xfrm4_dst_lookup(struct xfrm_dst **dst, struct flowi *fl) { 	return __ip_route_output_key((struct rtable**)dst, fl);@@ -56,17 +58,20 @@ 	struct dst_entry *dst, *dst_prev; 	struct rtable *rt0 = (struct rtable*)(*dst_p); 	struct rtable *rt = rt0;-	u32 remote = fl->fl4_dst;-	u32 local  = fl->fl4_src; 	struct flowi fl_tunnel = { 		.nl_u = { 			.ip4_u = {-				.saddr = local,-				.daddr = remote,+				.saddr = fl->fl4_dst,+				.daddr = fl->fl4_src, 				.tos = fl->fl4_tos 			} 		} 	};+	union {+		struct in6_addr *in6;+		struct in_addr *in;+	} remote, local;+	unsigned short outer_family = 0, beet = 0; 	int i; 	int err; 	int header_len = 0;@@ -78,7 +83,6 @@ 	for (i = 0; i < nx; i++) { 		struct dst_entry *dst1 = dst_alloc(&xfrm4_dst_ops); 		struct xfrm_dst *xdst;-		int tunnel = 0;  		if (unlikely(dst1 == NULL)) { 			err = -ENOBUFS;@@ -99,21 +103,45 @@  		dst1->next = dst_prev; 		dst_prev = dst1;-		if (xfrm[i]->props.mode) {-			remote = xfrm[i]->id.daddr.a4;-			local  = xfrm[i]->props.saddr.a4;-			tunnel = 1;++		if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL || xfrm[i]->props.mode == XFRM_MODE_BEET) {+			outer_family = xfrm[i]->props.family;+			beet = (xfrm[i]->props.mode == XFRM_MODE_BEET);++			if(outer_family == AF_INET6){+				remote.in6 = (struct in6_addr*)&xfrm[i]->id.daddr;+				local.in6 = (struct in6_addr*)&xfrm[i]->props.saddr;+			} else if(outer_family == AF_INET){+				remote.in = (struct in_addr*)&xfrm[i]->id.daddr;+				local.in = (struct in_addr*)&xfrm[i]->props.saddr;+			} else+				BUG_ON(1); 		} 		header_len += xfrm[i]->props.header_len; 		trailer_len += xfrm[i]->props.trailer_len; -		if (tunnel) {-			fl_tunnel.fl4_src = local;-			fl_tunnel.fl4_dst = remote;+		if (outer_family) {+			switch(outer_family) {+			case AF_INET:+				fl_tunnel.fl4_dst = remote.in->s_addr;+				fl_tunnel.fl4_src = local.in->s_addr;+				break;+			case AF_INET6:+				ipv6_addr_copy(&fl_tunnel.fl6_dst, remote.in6);+				ipv6_addr_copy(&fl_tunnel.fl6_src, local.in6);+				break;+			default:+				BUG_ON(1);+			} 			err = xfrm_dst_lookup((struct xfrm_dst **)&rt,-					      &fl_tunnel, AF_INET);+					      &fl_tunnel, outer_family); 			if (err) 				goto error;+			/* Without this, the atomic inc below segfaults */+			if (outer_family == AF_INET6) {+				rt->peer = NULL;+				rt_bind_peer(rt,1);+			} 		} else 			dst_hold(&rt->u.dst); 	}@@ -163,6 +191,11 @@ 	}  	xfrm_init_pmtu(dst);+	if (beet && outer_family == AF_INET6) {+		int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);+		u32 mtu = dst_mtu(dst);+		xfrm4_update_pmtu(dst, mtu - delta);+	} 	return 0;  error:diff -urN linux-2.6.16.5/net/ipv4/xfrm4_tunnel.c linux-2.6.16.5-beet/net/ipv4/xfrm4_tunnel.c--- linux-2.6.16.5/net/ipv4/xfrm4_tunnel.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-beet/net/ipv4/xfrm4_tunnel.c	2007-09-03 14:12:51.000000000 +0300@@ -85,13 +85,20 @@  static int ipip_init_state(struct xfrm_state *x) {-	if (!x->props.mode)-		return -EINVAL;- 	if (x->encap) 		return -EINVAL; -	x->props.header_len = sizeof(struct iphdr);+	switch (x->props.mode) {+	case XFRM_MODE_TRANSPORT:+		return -EINVAL;+	default:+	case XFRM_MODE_TUNNEL:+		x->props.header_len = sizeof(struct iphdr);+		break;+	case XFRM_MODE_BEET:+		x->props.header_len += IPV4_BEET_PHMAXLEN;+		break;+	}  	return 0; }diff -urN linux-2.6.16.5/net/ipv6/ah6.c linux-2.6.16.5-beet/net/ipv6/ah6.c--- linux-2.6.16.5/net/ipv6/ah6.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-beet/net/ipv6/ah6.c	2007-09-03 14:12:51.000000000 +0300@@ -393,8 +393,10 @@ 		goto error; 	 	x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len);-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct ipv6hdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	x->data = ahp;  	return 0;diff -urN linux-2.6.16.5/net/ipv6/esp6.c linux-2.6.16.5-beet/net/ipv6/esp6.c--- linux-2.6.16.5/net/ipv6/esp6.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-beet/net/ipv6/esp6.c	2007-09-03 14:12:51.000000000 +0300@@ -358,8 +358,10 @@ 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) 		goto error; 	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct ipv6hdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	x->data = esp; 	return 0; diff -urN linux-2.6.16.5/net/ipv6/ipcomp6.c linux-2.6.16.5-beet/net/ipv6/ipcomp6.c--- linux-2.6.16.5/net/ipv6/ipcomp6.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-beet/net/ipv6/ipcomp6.c	2007-09-03 14:12:51.000000000 +0300@@ -433,8 +433,10 @@  	memset(ipcd, 0, sizeof(*ipcd)); 	x->props.header_len = 0;-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct ipv6hdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	 	down(&ipcomp6_resource_sem); 	if (!ipcomp6_alloc_scratches())@@ -445,7 +447,7 @@ 		goto error; 	up(&ipcomp6_resource_sem); -	if (x->props.mode) {+	if (x->props.mode == XFRM_MODE_TUNNEL) { 		err = ipcomp6_tunnel_attach(x); 		if (err) 			goto error_tunnel;diff -urN linux-2.6.16.5/net/ipv6/xfrm6_input.c linux-2.6.16.5-beet/net/ipv6/xfrm6_input.c--- linux-2.6.16.5/net/ipv6/xfrm6_input.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-beet/net/ipv6/xfrm6_input.c	2007-09-03 14:12:51.000000000 +0300@@ -82,16 +82,34 @@  		xfrm_vec[xfrm_nr++].xvec = x; -		if (x->props.mode) { /* XXX */-			if (nexthdr != IPPROTO_IPV6)-				goto drop;-			if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))-				goto drop;-			if (skb_cloned(skb) &&-			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))-				goto drop;-			if (x->props.flags & XFRM_STATE_DECAP_DSCP)-				ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);+		if (x->props.mode == XFRM_MODE_TUNNEL) {+			if (x->sel.family == AF_INET6) {++				if (nexthdr != IPPROTO_IPV6)+					goto drop;+				if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))+					goto drop;+				if (skb_cloned(skb) &&+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+					goto drop;+				if (x->props.flags & XFRM_STATE_DECAP_DSCP)+					ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);+			} else if (x->sel.family == AF_INET) {++				if (nexthdr != IPPROTO_IPIP)+					goto drop;+				if (!pskb_may_pull(skb, sizeof(struct iphdr)))+					goto drop;+				if (skb_cloned(skb) &&+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+					goto drop;+				if (x->props.flags & XFRM_STATE_DECAP_DSCP)+					ipv4_copy_dscp(skb->nh.iph, skb->h.ipiph);++				memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));+				skb->protocol = htons(ETH_P_IP);+			}+ 			if (!(x->props.flags & XFRM_STATE_NOECN)) 				ipip6_ecn_decapsulate(skb); 			skb->mac.raw = memmove(skb->data - skb->mac_len,@@ -99,6 +117,79 @@ 			skb->nh.raw = skb->data; 			decaps = 1; 			break;+		} else if (x->props.mode == XFRM_MODE_BEET) {+			struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(skb->h.raw);+			int size = (x->sel.family == AF_INET) ? sizeof(struct iphdr) : sizeof(struct ipv6hdr);+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);+			__u8 proto = skb->nh.ipv6h->nexthdr, hops = skb->nh.ipv6h->hop_limit;+			__u8 ph_nexthdr = 0;+			int phlen = 0;+			int optlen = 0;++			if (x->sel.family == AF_INET) {+				/* Inner = IPv4, therefore the IPhdr must be shrunk */+				/* Inner = 4, Outer = 6 */+				if (unlikely(proto == IPPROTO_BEETPH)) {+					if (!pskb_may_pull(skb, sizeof(*ph)))+						goto drop;+					phlen = ph->hdrlen * 8;+					optlen = phlen - ph->padlen - sizeof(*ph);++					if (optlen < 0 || optlen & 3 || optlen > 250)+						goto drop;+					if (!pskb_may_pull(skb, phlen))+						goto drop;++					proto = ph_nexthdr = ph->nexthdr;
123

beet-patch-with-interfamily-v1.1-2.6.16.5 - 源码说明

本页面展示了「HIP:Host Identity Protocol」中的 beet-patch-with-interfamily-v1.1-2.6.16.5 源码文件,采用 5 编程语言编写,共 1,142 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与Identity相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?