📄 simple-beet-ph-patch-v1.0-2.6.16.5

📁 Host Identity Protocol on Linux is an implemetation of the Host Identity Protocol (HIP) and the rela
💻 5
📖 第 1 页 / 共 2 页
字号:
12 下一页
diff -urN linux-2.6.16.5/include/linux/in.h linux-2.6.16.5-patched/include/linux/in.h--- linux-2.6.16.5/include/linux/in.h	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/include/linux/in.h	2006-04-14 12:50:30.000000000 +0300@@ -40,6 +40,7 @@    IPPROTO_ESP = 50,            /* Encapsulation Security Payload protocol */   IPPROTO_AH = 51,             /* Authentication Header protocol       */+  IPPROTO_BEETPH = 94,		/* IP option pseudo header for BEET */   IPPROTO_PIM    = 103,		/* Protocol Independent Multicast	*/    IPPROTO_COMP   = 108,                /* Compression Header protocol */diff -urN linux-2.6.16.5/include/linux/ip.h linux-2.6.16.5-patched/include/linux/ip.h--- linux-2.6.16.5/include/linux/ip.h	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/include/linux/ip.h	2006-04-14 12:55:47.000000000 +0300@@ -79,6 +79,8 @@ #define	IPOPT_TS_TSANDADDR	1		/* timestamps and addresses */ #define	IPOPT_TS_PRESPEC	3		/* specified modules only */ +#define IPV4_BEET_PHMAXLEN 8+ struct iphdr { #if defined(__LITTLE_ENDIAN_BITFIELD) 	__u8	ihl:4,@@ -122,4 +124,11 @@ 	__u16 cpi; }; +struct ip_beet_phdr {+	__u8 nexthdr;+	__u8 hdrlen;+	__u8 padlen;+	__u8 reserved;+};+ #endif	/* _LINUX_IP_H */diff -urN linux-2.6.16.5/include/linux/ipsec.h linux-2.6.16.5-patched/include/linux/ipsec.h--- linux-2.6.16.5/include/linux/ipsec.h	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/include/linux/ipsec.h	2006-04-14 12:50:30.000000000 +0300@@ -12,7 +12,8 @@ enum { 	IPSEC_MODE_ANY		= 0,	/* We do not support this for SA */ 	IPSEC_MODE_TRANSPORT	= 1,-	IPSEC_MODE_TUNNEL	= 2+	IPSEC_MODE_TUNNEL	= 2,+	IPSEC_MODE_BEET         = 3 };  enum {diff -urN linux-2.6.16.5/include/linux/xfrm.h linux-2.6.16.5-patched/include/linux/xfrm.h--- linux-2.6.16.5/include/linux/xfrm.h	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/include/linux/xfrm.h	2006-04-14 12:50:30.000000000 +0300@@ -118,6 +118,13 @@ 	XFRM_SHARE_UNIQUE	/* Use once */ }; +enum+{+	XFRM_MODE_TRANSPORT = 0,+	XFRM_MODE_TUNNEL,+	XFRM_MODE_BEET+};+ /* Netlink configuration messages.  */ enum { 	XFRM_MSG_BASE = 0x10,diff -urN linux-2.6.16.5/net/ipv4/ah4.c linux-2.6.16.5-patched/net/ipv4/ah4.c--- linux-2.6.16.5/net/ipv4/ah4.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/net/ipv4/ah4.c	2006-04-14 12:50:30.000000000 +0300@@ -256,8 +256,10 @@ 		goto error; 	 	x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct iphdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	x->data = ahp;  	return 0;diff -urN linux-2.6.16.5/net/ipv4/esp4.c linux-2.6.16.5-patched/net/ipv4/esp4.c--- linux-2.6.16.5/net/ipv4/esp4.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/net/ipv4/esp4.c	2006-04-14 13:01:49.000000000 +0300@@ -242,7 +242,8 @@ 		 *    as per draft-ietf-ipsec-udp-encaps-06, 		 *    section 3.1.2 		 */-		if (!x->props.mode)+		if (x->props.mode == XFRM_MODE_TRANSPORT ||+		    x->props.mode == XFRM_MODE_BEET) 			skb->ip_summed = CHECKSUM_UNNECESSARY; 	} @@ -264,17 +265,27 @@ { 	struct esp_data *esp = x->data; 	u32 blksize = ALIGN(crypto_tfm_alg_blocksize(esp->conf.tfm), 4);+	int enclen = 0; -	if (x->props.mode) {-		mtu = ALIGN(mtu + 2, blksize);-	} else {-		/* The worst case. */+	switch (x->props.mode) {+	default:+	case XFRM_MODE_TUNNEL:+		mtu = ALIGN(mtu +2, blksize);+		break;+	case XFRM_MODE_TRANSPORT:+		/* The worst case */ 		mtu = ALIGN(mtu + 2, 4) + blksize - 4;+		break;+	case XFRM_MODE_BEET:+		/* The worst case. */+		enclen = IPV4_BEET_PHMAXLEN;+		mtu = ALIGN(mtu + enclen + 2, blksize);+		break; 	} 	if (esp->conf.padlen) 		mtu = ALIGN(mtu, esp->conf.padlen); -	return mtu + x->props.header_len + esp->auth.icv_trunc_len;+	return mtu + x->props.header_len + esp->auth.icv_trunc_len - enclen; }  static void esp4_err(struct sk_buff *skb, u32 info)@@ -379,8 +390,10 @@ 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len)) 		goto error; 	x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct iphdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	if (x->encap) { 		struct xfrm_encap_tmpl *encap = x->encap; diff -urN linux-2.6.16.5/net/ipv4/ipcomp.c linux-2.6.16.5-patched/net/ipv4/ipcomp.c--- linux-2.6.16.5/net/ipv4/ipcomp.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/net/ipv4/ipcomp.c	2006-04-14 12:50:30.000000000 +0300@@ -194,7 +194,7 @@ 	return 0;  out_ok:-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		ip_send_check(iph); 	return 0; }@@ -234,7 +234,7 @@ 	t->id.daddr.a4 = x->id.daddr.a4; 	memcpy(&t->sel, &x->sel, sizeof(t->sel)); 	t->props.family = AF_INET;-	t->props.mode = 1;+	t->props.mode = x->props.mode; 	t->props.saddr.a4 = x->props.saddr.a4; 	t->props.flags = x->props.flags; @@ -437,8 +437,10 @@  	memset(ipcd, 0, sizeof(*ipcd)); 	x->props.header_len = 0;-	if (x->props.mode)+	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct iphdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN;  	down(&ipcomp_resource_sem); 	if (!ipcomp_alloc_scratches())@@ -449,7 +451,7 @@ 		goto error; 	up(&ipcomp_resource_sem); -	if (x->props.mode) {+	if (x->props.mode == XFRM_MODE_TUNNEL) { 		err = ipcomp_tunnel_attach(x); 		if (err) 			goto error_tunnel;diff -urN linux-2.6.16.5/net/ipv4/xfrm4_input.c linux-2.6.16.5-patched/net/ipv4/xfrm4_input.c--- linux-2.6.16.5/net/ipv4/xfrm4_input.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/net/ipv4/xfrm4_input.c	2006-04-14 12:50:30.000000000 +0300@@ -115,7 +115,7 @@  		iph = skb->nh.iph; -		if (x->props.mode) {+		if (x->props.mode == XFRM_MODE_TUNNEL) { 			if (iph->protocol != IPPROTO_IPIP) 				goto drop; 			if (!pskb_may_pull(skb, sizeof(struct iphdr)))@@ -133,6 +133,55 @@ 			memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); 			decaps = 1; 			break;+		} else if (x->props.mode == XFRM_MODE_BEET) {+			struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(iph + 1);+			int phlen = 0;+			int optlen = 0;+			__u8 ph_nexthdr = 0, protocol = 0;++			protocol = iph->protocol;+			if (unlikely(iph->protocol == IPPROTO_BEETPH)) {+				if (!pskb_may_pull(skb, sizeof(*ph)))+					goto drop;+				phlen = ph->hdrlen * 8;+				optlen = phlen - ph->padlen - sizeof(*ph);++				if (optlen < 0 || optlen & 3 || optlen > 250)+					goto drop;+				if (!pskb_may_pull(skb, phlen))+					goto drop;++				ph_nexthdr = ph->nexthdr;+			}++			if (skb_cloned(skb) &&+			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+				goto drop;++			skb_push(skb, sizeof(struct iphdr));+			memmove(skb->data, skb->nh.raw, sizeof(struct iphdr));+			skb->nh.raw = skb->data;++			if (unlikely(phlen)) {+				skb_pull(skb, phlen - optlen);+				memmove(skb->data, skb->nh.raw, sizeof(*iph));+				skb->nh.raw = skb->data;+				iph = skb->nh.iph;+			}++			iph = skb->nh.iph;+			iph->ihl = (sizeof(*iph) + optlen) / 4;+			iph->tot_len = htons(skb->len);+			iph->daddr = x->sel.daddr.a4;+			iph->saddr = x->sel.saddr.a4;+			if (ph_nexthdr)+				iph->protocol = ph_nexthdr;+			else+				iph->protocol = protocol;+			iph->check = 0;+			iph->check = ip_fast_csum(skb->nh.raw, iph->ihl);+			decaps = 1;+			break; 		}  		if ((err = xfrm_parse_spi(skb, skb->nh.iph->protocol, &spi, &seq)) < 0)diff -urN linux-2.6.16.5/net/ipv4/xfrm4_output.c linux-2.6.16.5-patched/net/ipv4/xfrm4_output.c--- linux-2.6.16.5/net/ipv4/xfrm4_output.c	2006-04-12 23:27:57.000000000 +0300+++ linux-2.6.16.5-patched/net/ipv4/xfrm4_output.c	2006-04-14 12:50:30.000000000 +0300@@ -36,41 +36,76 @@ 	struct xfrm_state *x = dst->xfrm; 	struct iphdr *iph, *top_iph; 	int flags;--	iph = skb->nh.iph;-	skb->h.ipiph = iph;--	skb->nh.raw = skb_push(skb, x->props.header_len);-	top_iph = skb->nh.iph;--	if (!x->props.mode) {-		skb->h.raw += iph->ihl*4;-		memmove(top_iph, iph, iph->ihl*4);-		return;+	int hdrlen, optlen;+ + 	iph = skb->nh.iph;+ 	skb->h.ipiph = iph;+ +	hdrlen = x->props.header_len;+	optlen = iph->ihl * 4 - sizeof(*iph);+	if (x->props.mode == XFRM_MODE_BEET) {+		if (!optlen) {+			hdrlen -= IPV4_BEET_PHMAXLEN;+		}+		else {+			skb->h.raw -= (IPV4_BEET_PHMAXLEN - (optlen & 4));+			hdrlen -= optlen & 4;+		} 	} -	top_iph->ihl = 5;-	top_iph->version = 4;--	/* DS disclosed */-	top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);--	flags = x->props.flags;-	if (flags & XFRM_STATE_NOECN)-		IP_ECN_clear(top_iph);--	top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?-		0 : (iph->frag_off & htons(IP_DF));
12 下一页
💿 文件大小 2897 K
👤 上传用户 yangbaochun
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#Identity #Protocol #Host #implemetation
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -