⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 beet-and-sleep-patch-2.6.17.14.patch

📁 HIP:Host Identity Protocol
💻 PATCH
📖 第 1 页 / 共 3 页
字号:
🔍
123 
 -	skb_push(skb, x->props.header_len);+	hdrlen = x->props.header_len - IPV4_BEET_PHMAXLEN;+	skb_push(skb, hdrlen); 	iph = skb->nh.ipv6h; -	if (!x->props.mode) {+	if (x->props.mode == XFRM_MODE_TRANSPORT ||+	    (x->props.mode == XFRM_MODE_BEET && x->props.family == AF_INET6)) { 		u8 *prevhdr; 		int hdr_len;  		hdr_len = ip6_find_1stfragopt(skb, &prevhdr);-		skb->nh.raw = prevhdr - x->props.header_len;+		skb->nh.raw = prevhdr - hdrlen; 		skb->h.raw = skb->data + hdr_len; 		memmove(skb->data, iph, hdr_len);-		return;+		if (x->props.mode == XFRM_MODE_TRANSPORT)+			return; 	}  	skb->nh.raw = skb->data; 	top_iph = skb->nh.ipv6h;-	skb->nh.raw = &top_iph->nexthdr;-	skb->h.ipv6h = top_iph + 1;--	top_iph->version = 6;-	top_iph->priority = iph->priority;-	top_iph->flow_lbl[0] = iph->flow_lbl[0];-	top_iph->flow_lbl[1] = iph->flow_lbl[1];-	top_iph->flow_lbl[2] = iph->flow_lbl[2];-	dsfield = ipv6_get_dsfield(top_iph);-	dsfield = INET_ECN_encapsulate(dsfield, dsfield);-	if (x->props.flags & XFRM_STATE_NOECN)-		dsfield &= ~INET_ECN_MASK;-	ipv6_change_dsfield(top_iph, 0, dsfield);-	top_iph->nexthdr = IPPROTO_IPV6; -	top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);-	ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);-	ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);+	if (x->props.family == AF_INET6) {+		skb->nh.raw = &top_iph->nexthdr;+		skb->h.ipv6h = top_iph + 1;+		ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);+		ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);+		if (x->props.mode == XFRM_MODE_TUNNEL) {+			top_iph->version = 6;+			top_iph->priority = iph->priority;+			top_iph->flow_lbl[0] = iph->flow_lbl[0];+			top_iph->flow_lbl[1] = iph->flow_lbl[1];+			top_iph->flow_lbl[2] = iph->flow_lbl[2];+			dsfield = ipv6_get_dsfield(top_iph);+			dsfield = INET_ECN_encapsulate(dsfield, dsfield);+			if (x->props.flags & XFRM_STATE_NOECN)+				dsfield &= ~INET_ECN_MASK;+			ipv6_change_dsfield(top_iph, 0, dsfield);+			top_iph->nexthdr = IPPROTO_IPV6; +			top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);+		}+	} else if (x->props.family == AF_INET) {+		/* Inner = 6, Outer = 4 : changing the external IP hdr+		 * to the outer addresses+		 */+		struct iphdr *top_iphv4;+		u8 protocol = iph->nexthdr;+		if (x->props.mode == XFRM_MODE_BEET) {+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);+			skb->nh.raw = skb_pull(skb, delta);+		}+		top_iphv4 = skb->nh.iph;+		skb->h.raw = skb->data + hdrlen;+		top_iphv4->ihl = (sizeof(struct iphdr) >> 2);+		top_iphv4->version = 4;+		top_iphv4->id = 0;+		top_iphv4->frag_off = htons(IP_DF);+		top_iphv4->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);+		top_iphv4->saddr = x->props.saddr.a4;+		top_iphv4->daddr = x->id.daddr.a4;+		if (x->props.mode == XFRM_MODE_TUNNEL)+			top_iphv4->protocol = IPPROTO_IPV6;+		else {+			skb->h.raw += top_iphv4->ihl*4;+			top_iphv4->protocol = protocol;+		}+	} else+		BUG_ON(1); }  static int xfrm6_tunnel_check_size(struct sk_buff *skb)@@ -106,7 +140,7 @@ 			goto error_nolock; 	} -	if (x->props.mode) {+	if (x->props.mode == XFRM_MODE_TUNNEL) { 		err = xfrm6_tunnel_check_size(skb); 		if (err) 			goto error_nolock;diff -urN  a/net/ipv6/udp.c b/net/ipv6/udp.c--- a/net/ipv6/udp.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/ipv6/udp.c 2007-05-18 15:21:39.000000000 +0300@@ -789,7 +789,7 @@ 	if (final_p) 		ipv6_addr_copy(&fl->fl6_dst, final_p); -	if ((err = xfrm_lookup(&dst, fl, sk, 0)) < 0)+	if ((err = xfrm_lookup(&dst, fl, sk, 1)) < 0) 		goto out;  	if (hlimit < 0) {diff -urN  a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c--- a/net/ipv6/tcp_ipv6.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/ipv6/tcp_ipv6.c 2007-05-18 15:21:39.000000000 +0300@@ -258,7 +258,7 @@ 	if (final_p) 		ipv6_addr_copy(&fl.fl6_dst, final_p); -	if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)+	if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) 		goto failure;  	if (saddr == NULL) {diff -urN  a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c--- a/net/ipv6/ipcomp6.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/ipv6/ipcomp6.c 2007-05-18 15:21:39.000000000 +0300@@ -438,8 +438,10 @@ 		goto out;  	x->props.header_len = 0;-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct ipv6hdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	 	mutex_lock(&ipcomp6_resource_mutex); 	if (!ipcomp6_alloc_scratches())@@ -450,7 +452,7 @@ 		goto error; 	mutex_unlock(&ipcomp6_resource_mutex); -	if (x->props.mode) {+	if (x->props.mode == XFRM_MODE_TUNNEL) { 		err = ipcomp6_tunnel_attach(x); 		if (err) 			goto error_tunnel;diff -urN  a/net/ipv6/esp6.c b/net/ipv6/esp6.c--- a/net/ipv6/esp6.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/ipv6/esp6.c 2007-05-18 15:21:39.000000000 +0300@@ -357,8 +357,10 @@ 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) 		goto error; 	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct ipv6hdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	x->data = esp; 	return 0; diff -urN  a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c--- a/net/ipv6/xfrm6_input.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/ipv6/xfrm6_input.c 2007-05-18 15:21:39.000000000 +0300@@ -81,16 +81,34 @@  		xfrm_vec[xfrm_nr++] = x; -		if (x->props.mode) { /* XXX */-			if (nexthdr != IPPROTO_IPV6)-				goto drop;-			if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))-				goto drop;-			if (skb_cloned(skb) &&-			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))-				goto drop;-			if (x->props.flags & XFRM_STATE_DECAP_DSCP)-				ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);+		if (x->props.mode == XFRM_MODE_TUNNEL) {+			if (x->sel.family == AF_INET6) {++				if (nexthdr != IPPROTO_IPV6)+					goto drop;+				if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))+					goto drop;+				if (skb_cloned(skb) &&+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+					goto drop;+				if (x->props.flags & XFRM_STATE_DECAP_DSCP)+					ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);+			} else if (x->sel.family == AF_INET) {++				if (nexthdr != IPPROTO_IPIP)+					goto drop;+				if (!pskb_may_pull(skb, sizeof(struct iphdr)))+					goto drop;+				if (skb_cloned(skb) &&+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+					goto drop;+				if (x->props.flags & XFRM_STATE_DECAP_DSCP)+					ipv4_copy_dscp(skb->nh.iph, skb->h.ipiph);++				memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));+				skb->protocol = htons(ETH_P_IP);+			}+ 			if (!(x->props.flags & XFRM_STATE_NOECN)) 				ipip6_ecn_decapsulate(skb); 			skb->mac.raw = memmove(skb->data - skb->mac_len,@@ -98,6 +116,79 @@ 			skb->nh.raw = skb->data; 			decaps = 1; 			break;+		} else if (x->props.mode == XFRM_MODE_BEET) {+			struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(skb->h.raw);+			int size = (x->sel.family == AF_INET) ? sizeof(struct iphdr) : sizeof(struct ipv6hdr);+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);+			__u8 proto = skb->nh.ipv6h->nexthdr, hops = skb->nh.ipv6h->hop_limit;+			__u8 ph_nexthdr = 0;+			int phlen = 0;+			int optlen = 0;++			if (x->sel.family == AF_INET) {+				/* Inner = IPv4, therefore the IPhdr must be shrunk */+				/* Inner = 4, Outer = 6 */+				if (unlikely(proto == IPPROTO_BEETPH)) {+					if (!pskb_may_pull(skb, sizeof(*ph)))+						goto drop;+					phlen = ph->hdrlen * 8;+					optlen = phlen - ph->padlen - sizeof(*ph);++					if (optlen < 0 || optlen & 3 || optlen > 250)+						goto drop;+					if (!pskb_may_pull(skb, phlen))+						goto drop;++					proto = ph_nexthdr = ph->nexthdr;+				}+				skb->nh.raw += delta;+			}++			if (skb_cloned(skb) &&+			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+				goto drop;++			skb_push(skb, size);+			memmove(skb->data, skb->nh.raw, size);+			skb->nh.raw = skb->data;++			skb->mac.raw = memmove(skb->data - skb->mac_len,+					       skb->mac.raw, skb->mac_len);+			if (unlikely(phlen)) {+				skb_pull(skb, phlen - optlen);+				skb->nh.raw = skb->data;+			}++			if (x->sel.family == AF_INET6) {+				struct ipv6hdr *ip6h = skb->nh.ipv6h;+				ip6h->payload_len = htons(skb->len - size);+				ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);+				ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);+			} else if (x->sel.family == AF_INET) {+				struct iphdr *iph = skb->nh.iph;+				iph->ihl = (sizeof(*iph) + optlen) / 4;+				iph->version = 4;+				iph->tos = 0;+				iph->id = 0;+				iph->frag_off = 0;+				iph->ttl = hops;+				iph->protocol = proto;+				iph->daddr = x->sel.daddr.a4;+				iph->saddr = x->sel.saddr.a4;+				iph->tot_len = htons(skb->len);+				ip_send_check(iph);+				skb->protocol = htons(ETH_P_IP);+				if (unlikely(!optlen)) {+					skb->h.raw = skb->nh.raw;+				}+				dst_release(skb->dst);+				skb->dst = NULL;+			} else+				BUG_ON(1);++			decaps = 1;+			break;+ 		}  		if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) < 0)diff -urN  a/net/ipv6/raw.c b/net/ipv6/raw.c--- a/net/ipv6/raw.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/ipv6/raw.c 2007-05-18 15:21:39.000000000 +0300@@ -765,7 +765,7 @@ 	if (final_p) 		ipv6_addr_copy(&fl.fl6_dst, final_p); -	if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)+	if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0) 		goto out;  	if (hlimit < 0) {diff -urN  a/net/key/af_key.c b/net/key/af_key.c--- a/net/key/af_key.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/key/af_key.c 2007-05-18 15:21:39.000000000 +0300@@ -1167,7 +1167,8 @@ 		/* Nobody uses this, but we try. */ 		x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); 		x->sel.prefixlen_s = addr->sadb_address_prefixlen;-	}+	} else+		x->sel.family = x->props.family; /* Conservative */  	if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { 		struct sadb_x_nat_t_type* n_type;@@ -1762,14 +1763,13 @@ 		if (!t->reqid && !(t->reqid = gen_reqid())) 			return -ENOBUFS; 	}--	/* addresses present only in tunnel mode */-	if (t->mode) {-		switch (xp->family) {+/* addresses present in any mode */+	{+		struct sockaddr *sa;+		sa = (struct sockaddr *)(rq+1);+		switch(sa->sa_family) { 		case AF_INET:-			sin = (void*)(rq+1);-			if (sin->sin_family != AF_INET)-				return -EINVAL;+			sin = (struct sockaddr_in *)sa; 			t->saddr.a4 = sin->sin_addr.s_addr; 			sin++; 			if (sin->sin_family != AF_INET)@@ -1778,9 +1778,7 @@ 			break; #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 		case AF_INET6:-			sin6 = (void *)(rq+1);-			if (sin6->sin6_family != AF_INET6)-				return -EINVAL;+			sin6 = (struct sockaddr_in6 *)sa; 			memcpy(t->saddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr)); 			sin6++; 			if (sin6->sin6_family != AF_INET6)@@ -1791,6 +1789,7 @@ 		default: 			return -EINVAL; 		}+		t->outer_family = sa->sa_family; 	} 	/* No way to set this via kame pfkey */ 	t->aalgos = t->ealgos = t->calgos = ~0;diff -urN  a/net/dccp/ipv4.c b/net/dccp/ipv4.c--- a/net/dccp/ipv4.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/dccp/ipv4.c 2007-05-18 15:21:39.000000000 +0300@@ -76,7 +76,7 @@ 	tmp = ip_route_connect(&rt, nexthop, inet->saddr, 			       RT_CONN_FLAGS(sk), sk->sk_bound_dev_if, 			       IPPROTO_DCCP,-			       inet->sport, usin->sin_port, sk);+			       inet->sport, usin->sin_port, sk, 0); 	if (tmp < 0) 		return tmp; diff -urN  a/net/dccp/ipv6.c b/net/dccp/ipv6.c--- a/net/dccp/ipv6.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/dccp/ipv6.c 2007-05-18 15:21:39.000000000 +0300@@ -217,7 +217,7 @@ 	if (final_p) 		ipv6_addr_copy(&fl.fl6_dst, final_p); -	err = xfrm_lookup(&dst, &fl, sk, 0);+	err = xfrm_lookup(&dst, &fl, sk, 1); 	if (err < 0) 		goto failure; diff -urN  a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c--- a/net/xfrm/xfrm_user.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/xfrm/xfrm_user.c 2007-05-18 15:21:39.000000000 +0300@@ -173,8 +173,9 @@  	err = -EINVAL; 	switch (p->mode) {-	case 0:-	case 1:+	case XFRM_MODE_TRANSPORT:+	case XFRM_MODE_TUNNEL:+	case XFRM_MODE_BEET: 		break;  	default:@@ -761,6 +762,7 @@ 		t->aalgos = ut->aalgos; 		t->ealgos = ut->ealgos; 		t->calgos = ut->calgos;+		t->outer_family = ut->family; 	} } diff -urN  a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c--- a/net/xfrm/xfrm_policy.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/xfrm/xfrm_policy.c 2007-05-18 15:21:39.000000000 +0300@@ -705,6 +705,7 @@ 		if (tmpl->mode) { 			remote = &tmpl->id.daddr; 			local = &tmpl->saddr;+			family = tmpl->outer_family; 		}  		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);diff -urN  a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c--- a/net/xfrm/xfrm_state.c 2007-05-18 15:21:39.000000000 +0300+++ b/net/xfrm/xfrm_state.c 2007-05-18 15:21:39.000000000 +0300@@ -365,7 +365,7 @@ 			      selector. 			 */ 			if (x->km.state == XFRM_STATE_VALID) {-				if (!xfrm_selector_match(&x->sel, fl, family) ||+				if (!xfrm_selector_match(&x->sel, fl, x->sel.family) || 				    !xfrm_sec_ctx_match(pol->security, x->security)) 					continue; 				if (!best ||@@ -377,7 +377,7 @@ 				acquire_in_progress = 1; 			} else if (x->km.state == XFRM_STATE_ERROR || 				   x->km.state == XFRM_STATE_EXPIRED) {- 				if (xfrm_selector_match(&x->sel, fl, family) &&+ 				if (xfrm_selector_match(&x->sel, fl, x->sel.family) && 				    xfrm_sec_ctx_match(pol->security, x->security)) 					error = -ESRCH; 			}
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -