webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changed openswan to 2.4.12

Browse Source 
add dnsmasq to updater
fix removal of obsolete packages
some cleanings
This commit is contained in:
Arne Fitzenreiter
2008-07-25 09:18:15 +02:00
parent bebcd1b38a
commit 45ff5fa6dc
14 changed files with 12 additions and 215569 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/rootfiles/updater/filelists/dnsmasq Normal file
View File

@@ -0,0 +1,2 @@
usr/sbin/dnsmasq
#usr/share/man/man8/dnsmasq.8

10
config/rootfiles/updater/update.sh
View File

@@ -40,9 +40,9 @@ echo
#
# check if we the backup file already exist
if [ -e /var/ipfire/backup/update_$OLDVERSION-$NEWVERSION.tar.bz2 ]; then
echo Error! The backupfile of this update already exist!!!
echo Have you already installed this update?
exit 3
echo Moving backup to backup-old ...
mv -f /var/ipfire/backup/update_$OLDVERSION-$NEWVERSION.tar.bz2 \
/var/ipfire/backup/update_$OLDVERSION-$NEWVERSION-old.tar.bz2
fi
echo First we made a backup of all files that was inside of the
echo update archive. This may take a while ...
@@ -116,14 +116,14 @@ perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
#
# Remove obsolete packages
#
echo '#!/bin/sh' > /tmp/remove_obsolete_paks
echo '#!/bin/bash' > /tmp/remove_obsolete_paks
echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/remove_obsolete_paks
echo ' sleep 2' >> /tmp/remove_obsolete_paks
echo 'done' >> /tmp/remove_obsolete_paks
echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/remove_obsolete_paks
echo ' sleep 2' >> /tmp/remove_obsolete_paks
echo 'done' >> /tmp/remove_obsolete_paks
echo 'pakfire remove zaptel -y' >> /tmp/remove_obsolete_paks
echo '/opt/pakfire/pakfire remove zaptel -y' >> /tmp/remove_obsolete_paks
echo 'echo' >> /tmp/remove_obsolete_paks
echo 'echo Update to IPFire $NEWVERSION finished. Please reboot... ' >> /tmp/remove_obsolete_paks
echo 'echo' >> /tmp/remove_obsolete_paks

4
doc/packages-list.txt
View File

@@ -216,8 +216,8 @@
* openmailadmin-1.0.0
* openssh-4.7p1
* openssl-0.9.8g
* openswan-2.4.13
* openswan-2.4.13-kmod
* openswan-2.4.12
* openswan-2.4.12-kmod
* openvpn-2.0.9
* pam_mysql-0.7RC1
* patch-2.5.4

90
lfs/atl1
View File

@@ -1,90 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.2.40.2
THISAPP = atl1-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-smp
else
TARGET = $(DIR_INFO)/$(THISAPP)
endif
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = b9f30f9d3c9ab2e98309f8d229713b27
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(SMP)" "1"
cd $(DIR_APP)/src && make -C /lib/modules/$(KVER)-ipfire-smp/build/ SUBDIRS=$(DIR_APP)/src modules
cd $(DIR_APP)/src && install -m 644 atl1.ko /lib/modules/$(KVER)-ipfire-smp/kernel/drivers/net
else
cd $(DIR_APP)/src && make -C /lib/modules/$(KVER)-ipfire/build/ SUBDIRS=$(DIR_APP)/src modules
cd $(DIR_APP)/src && install -m 644 atl1.ko /lib/modules/$(KVER)-ipfire/kernel/drivers/net
endif
@rm -rf $(DIR_APP)
@$(POSTBUILD)

2
lfs/linux
View File

@@ -97,7 +97,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Security fix for CIFS & Netfilter SNMP
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.20.21-additional_check_on_BER_decoding.patch
# Openswan nat-t
# Openswan
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openswan-2.4.x.kernel-2.6.23-natt.patch
# Reiser4

4
lfs/openswan
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.4.13
VER = 2.4.12
THISAPP = openswan-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 0c2505cf2639a7de051e815f41e8e1f4
$(DL_FILE)_MD5 = 0bca0cc205d2d83eff64a7cea825ce7a
install : $(TARGET)

122
src/patches/openswan-2.4.12.kernel-2.6.20.21-natt.patch
View File

@@ -1,122 +0,0 @@
packaging/utils/nattpatch 2.6
--- /dev/null Tue Mar 11 13:02:56 2003
+++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004
@@ -0,0 +1,10 @@
+/*
+ * pointer to function for type that xfrm4_input wants, to permit
+ * decoupling of XFRM from udp.c
+ */
+#define HAVE_XFRM4_UDP_REGISTER
+
+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc);
+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig 2005-03-09 03:12:33.000000000 -0500
+++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
@@ -351,2 +351,8 @@
+config IPSEC_NAT_TRAVERSAL
+ bool "IPSEC NAT-Traversal (KLIPS compatible)"
+ depends on INET
+ ---help---
+ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
+
config IP_TCPDIAG
--- plain26/net/ipv4/udp.c.orig 2006-01-02 22:21:10.000000000 -0500
+++ plain26/net/ipv4/udp.c 2006-01-12 20:18:57.000000000 -0500
@@ -108,6 +108,7 @@
*/
DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
+#include <net/xfrmudp.h>
struct hlist_head udp_hash[UDP_HTABLE_SIZE];
DEFINE_RWLOCK(udp_hash_lock);
@@ -914,6 +915,44 @@
return 0;
}
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+
+/* if XFRM isn't a module, then register it directly. */
+#if !defined(CONFIG_XFRM_MODULE)
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
+#else
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
+#endif
+
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
+
+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc)
+{
+ if(oldfunc != NULL) {
+ *oldfunc = xfrm4_rcv_encap_func;
+ }
+
+#if 0
+ if(xfrm4_rcv_encap_func != NULL)
+ return -1;
+#endif
+
+ xfrm4_rcv_encap_func = func;
+ return 0;
+}
+
+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
+{
+ if(xfrm4_rcv_encap_func != func)
+ return -1;
+
+ xfrm4_rcv_encap_func = NULL;
+ return 0;
+}
+#endif /* CONFIG_XFRM || defined(CONFIG_IPSEC_NAT_TRAVERSAL)*/
+
+
/* return:
* 1 if the the UDP system should process it
* 0 if we should drop this packet
@@ -921,9 +960,9 @@
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
-#ifndef CONFIG_XFRM
+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
return 1;
-#else
+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
struct udp_sock *up = udp_sk(sk);
struct udphdr *uh;
struct iphdr *iph;
@@ -1049,11 +1088,15 @@
kfree_skb(skb);
return 0;
}
- if (ret < 0) {
- /* process the ESP packet */
- ret = xfrm4_rcv_encap(skb, up->encap_type);
- UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
- return -ret;
+ if (ret < 0) {
+ if(xfrm4_rcv_encap_func != NULL) {
+ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
+ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
+ } else {
+ UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
+ ret = 1;
+ }
+ return ret;
}
/* FALLTHROUGH -- it's a UDP Packet */
}
@@ -1732,3 +1775,8 @@
EXPORT_SYMBOL(udp_proc_register);
EXPORT_SYMBOL(udp_proc_unregister);
#endif
+
+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+#endif

129
src/patches/openswan-2.6.14-kernel-2.6.24.7-natt.patch
View File

@@ -1,129 +0,0 @@
--- /dev/null Tue Mar 11 13:02:56 2003
+++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004
@@ -0,0 +1,10 @@
+/*
+ * pointer to function for type that xfrm4_input wants, to permit
+ * decoupling of XFRM from udp.c
+ */
+#define HAVE_XFRM4_UDP_REGISTER
+
+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc);
+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig 2005-03-09 03:12:33.000000000 -0500
+++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
@@ -351,2 +351,8 @@
+config IPSEC_NAT_TRAVERSAL
+ bool "IPSEC NAT-Traversal (KLIPS compatible)"
+ depends on INET
+ ---help---
+ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
+
config IP_TCPDIAG
--- plain26/net/ipv4/udp.c.orig 2006-12-28 20:53:17.000000000 -0500
+++ plain26/net/ipv4/udp.c 2007-05-11 10:22:50.000000000 -0400
@@ -108,6 +108,7 @@
#include <net/inet_common.h>
#include <net/checksum.h>
#include <net/xfrm.h>
+#include <net/xfrmudp.h>
/*
* Snmp MIB for the UDP layer
@@ -881,6 +882,31 @@
sk_common_release(sk);
}
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc)
+{
+ if(oldfunc != NULL) {
+ *oldfunc = xfrm4_rcv_encap_func;
+ }
+
+ xfrm4_rcv_encap_func = func;
+ return 0;
+}
+
+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
+{
+ if(xfrm4_rcv_encap_func != func)
+ return -1;
+
+ xfrm4_rcv_encap_func = NULL;
+ return 0;
+}
+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
+
+
/* return:
* 1 if the the UDP system should process it
* 0 if we should drop this packet
@@ -888,9 +914,9 @@
*/
static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
{
-#ifndef CONFIG_XFRM
+#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
return 1;
-#else
+#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
struct udp_sock *up = udp_sk(sk);
struct udphdr *uh;
struct iphdr *iph;
@@ -1018,10 +1044,27 @@
return 0;
}
if (ret < 0) {
- /* process the ESP packet */
- ret = xfrm4_rcv_encap(skb, up->encap_type);
- UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
- return -ret;
+ if(xfrm4_rcv_encap_func != NULL)
+ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
+
+ switch(ret) {
+ case 1:
+ /* FALLTHROUGH to send-up */;
+ break;
+
+ case 0:
+ /* PROCESSED, free it */
+ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+ return 0;
+
+ case -1:
+ /* PACKET wasn't for _func, or no func, pass it
+ * to stock function
+ */
+ ret = xfrm4_rcv_encap(skb, up->encap_type);
+ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+ return -ret;
+ }
}
/* FALLTHROUGH -- it's a UDP Packet */
}
@@ -1110,7 +1153,6 @@
/*
* All we need to do is get the socket, and then do a checksum.
*/
-
int udp_rcv(struct sk_buff *skb)
{
struct sock *sk;
@@ -1599,3 +1641,9 @@
EXPORT_SYMBOL(udp_proc_register);
EXPORT_SYMBOL(udp_proc_unregister);
#endif
+
+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+#endif
+
make[1]: Leaving directory `/usr/src/openswan-2.6.14'

55
src/patches/openswan-2.6.14-startklips-1.patch
View File

@@ -1,55 +0,0 @@
--- _startklips.orig 2008-07-11 01:55:19.000000000 +0200
+++ _startklips 2008-07-12 09:11:56.000000000 +0200
@@ -149,23 +149,35 @@
# figure out ifconfig for interface
addr=
- eval `ifconfig $phys |
- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
- gsub(/:/, " ", $0)
- print "addr=" $3
- other = $5
- if ($4 == "Bcast")
- print "type=broadcast"
- else if ($4 == "P-t-P")
- print "type=pointopoint"
- else if (NF == 5) {
- print "type="
- other = ""
- } else
- print "type=unknown"
- print "otheraddr=" other
- print "mask=" $NF
- }'`
+ eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ {
+ if ($3 ~ /BROADCAST/)
+ print "type=broadcast";
+ else if ($3 ~ /POINTOPOINT/)
+ print "type=pointopoint";
+ else {
+ print "type=";
+ }
+ }'`
+
+ if [ "$type" == "broadcast" ]; then
+ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " ");
+ print "addr=" $2;
+ print "mask=" $3;
+ print "otheraddr=" $5;
+ }'`
+ elif [ "$type" == "pointopoint" ]; then
+ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " ");
+ print "addr=" $2;
+ print "mask=" $5;
+ print "otheraddr=" $4;
+ }'`
+ else
+ type="unknown"
+ otheraddr=
+ fi
+
+ eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'`
+
if test " $addr" = " "
then
echo "unable to determine address of \`$phys'"

30
src/patches/openswan-2.6.14-updown-1.patch
View File

@@ -1,30 +0,0 @@
--- _updown.klips.orig 2008-07-11 01:55:19.000000000 +0200
+++ _updown.klips 2008-07-12 09:20:26.000000000 +0200
@@ -407,8 +407,8 @@
# opportunistic encryption work around
# need to provide route that eclipses default, without
# replacing it.
- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
- ip route $1 128.0.0.0/1 $parms2 $parms3"
+ #it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+ # ip route $1 128.0.0.0/1 $parms2 $parms3"
;;
*) it="ip route $1 $parms $parms2 $parms3"
;;
@@ -432,13 +432,13 @@
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT" in
- "0.0.0.0/0")
+ "0.0.0.0/0")
# need to provide route that eclipses default, without
# replacing it.
parms1="0.0.0.0/1"
parms2="128.0.0.0/1"
- it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
- oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+ # it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+ # oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
;;
*)
parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"

56013
src/patches/openswan-2.6.16dr2-2.6.24-kernel.patch
View File

File diff suppressed because it is too large Load Diff

204
src/patches/openswan-2.6.16dr2-2.6.24-natt.patch
View File

@@ -1,204 +0,0 @@
Index: linux-2.6.x/net/ipv4/Kconfig
===================================================================
RCS file: /cvs/sw/linux-2.6.x/net/ipv4/Kconfig,v
retrieving revision 1.1.1.28
retrieving revision 1.10
diff -u -r1.1.1.28 -r1.10
--- linux-2.6.x/net/ipv4/Kconfig 10 Oct 2007 00:54:30 -0000 1.1.1.28
+++ linux-2.6.x/net/ipv4/Kconfig 10 Oct 2007 04:53:57 -0000 1.10
@@ -367,6 +367,12 @@
tristate
default n
+config IPSEC_NAT_TRAVERSAL
+ bool "IPSEC NAT-Traversal (KLIPS compatible)"
+ depends on INET
+ ---help---
+ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
+
config INET_XFRM_MODE_TRANSPORT
tristate "IP: IPsec transport mode"
default y
Index: linux-2.6.x/net/ipv4/udp.c
===================================================================
RCS file: /cvs/sw/linux-2.6.x/net/ipv4/udp.c,v
retrieving revision 1.1.1.46
diff -u -r1.1.1.46 udp.c
--- linux-2.6.x/net/ipv4/udp.c 10 Oct 2007 00:54:30 -0000 1.1.1.46
+++ linux-2.6.x/net/ipv4/udp.c 9 Nov 2007 00:11:33 -0000
@@ -102,6 +102,7 @@
#include <net/route.h>
#include <net/checksum.h>
#include <net/xfrm.h>
+#include <net/xfrmudp.h>
#include "udp_impl.h"
/*
@@ -920,6 +921,128 @@
return 0;
}
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+
+static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
+
+/*
+ * de-encapsulate and pass to the registered xfrm4_rcv_encap_func function.
+ * Most of this code stolen from net/ipv4/xfrm4_input.c
+ * which is attributed to YOSHIFUJI Hideaki @USAGI, and
+ * Derek Atkins <derek@ihtfp.com>
+ */
+
+static int xfrm4_udp_encap_rcv_wrapper(struct sock *sk, struct sk_buff *skb)
+{
+ struct udp_sock *up = udp_sk(sk);
+ struct udphdr *uh;
+ struct iphdr *iph;
+ int iphlen, len;
+ int ret;
+
+ __u8 *udpdata;
+ __be32 *udpdata32;
+ __u16 encap_type = up->encap_type;
+
+ /* if this is not encapsulated socket, then just return now */
+ if (!encap_type && !xfrm4_rcv_encap_func)
+ return 1;
+
+ /* If this is a paged skb, make sure we pull up
+ * whatever data we need to look at. */
+ len = skb->len - sizeof(struct udphdr);
+ if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
+ return 1;
+
+ /* Now we can get the pointers */
+ uh = udp_hdr(skb);
+ udpdata = (__u8 *)uh + sizeof(struct udphdr);
+ udpdata32 = (__be32 *)udpdata;
+
+ switch (encap_type) {
+ default:
+ case UDP_ENCAP_ESPINUDP:
+ /* Check if this is a keepalive packet. If so, eat it. */
+ if (len == 1 && udpdata[0] == 0xff) {
+ goto drop;
+ } else if (len > sizeof(struct ip_esp_hdr) && udpdata32[0] != 0) {
+ /* ESP Packet without Non-ESP header */
+ len = sizeof(struct udphdr);
+ } else
+ /* Must be an IKE packet.. pass it through */
+ return 1;
+ break;
+ case UDP_ENCAP_ESPINUDP_NON_IKE:
+ /* Check if this is a keepalive packet. If so, eat it. */
+ if (len == 1 && udpdata[0] == 0xff) {
+ goto drop;
+ } else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
+ udpdata32[0] == 0 && udpdata32[1] == 0) {
+
+ /* ESP Packet with Non-IKE marker */
+ len = sizeof(struct udphdr) + 2 * sizeof(u32);
+ } else
+ /* Must be an IKE packet.. pass it through */
+ return 1;
+ break;
+ }
+
+ /* At this point we are sure that this is an ESPinUDP packet,
+ * so we need to remove 'len' bytes from the packet (the UDP
+ * header and optional ESP marker bytes) and then modify the
+ * protocol to ESP, and then call into the transform receiver.
+ */
+ if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+ goto drop;
+
+ /* Now we can update and verify the packet length... */
+ iph = ip_hdr(skb);
+ iphlen = iph->ihl << 2;
+ iph->tot_len = htons(ntohs(iph->tot_len) - len);
+ if (skb->len < iphlen + len) {
+ /* packet is too small!?! */
+ goto drop;
+ }
+
+ /* pull the data buffer up to the ESP header and set the
+ * transport header to point to ESP. Keep UDP on the stack
+ * for later.
+ */
+ __skb_pull(skb, len);
+ skb_reset_transport_header(skb);
+
+ /* modify the protocol (it's ESP!) */
+ iph->protocol = IPPROTO_ESP;
+
+ /* process ESP */
+ ret = (*xfrm4_rcv_encap_func)(skb, encap_type);
+ return ret;
+
+drop:
+ kfree_skb(skb);
+ return 0;
+}
+
+int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func,
+ xfrm4_rcv_encap_t *oldfunc)
+{
+ if (oldfunc != NULL)
+ *oldfunc = xfrm4_rcv_encap_func;
+ xfrm4_rcv_encap_func = func;
+ return 0;
+}
+
+int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
+{
+ if (xfrm4_rcv_encap_func != func)
+ return -1;
+
+ xfrm4_rcv_encap_func = NULL;
+ return 0;
+}
+
+#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
+
/* returns:
* -1: error
* 0: success
@@ -1252,6 +1375,11 @@
case 0:
case UDP_ENCAP_ESPINUDP:
case UDP_ENCAP_ESPINUDP_NON_IKE:
+#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+ if (xfrm4_rcv_encap_func)
+ up->encap_rcv = xfrm4_udp_encap_rcv_wrapper;
+ else
+#endif
up->encap_rcv = xfrm4_udp_encap_rcv;
/* FALLTHROUGH */
case UDP_ENCAP_L2TPINUDP:
@@ -1648,3 +1776,9 @@
EXPORT_SYMBOL(udp_proc_register);
EXPORT_SYMBOL(udp_proc_unregister);
#endif
+
+#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+EXPORT_SYMBOL(udp4_register_esp_rcvencap);
+EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
+#endif
+
Index: linux-2.6.x/include/net/xfrmudp.h
===================================================================
RCS file: linux-2.6.x/include/net/xfrmudp.h
diff -N linux-2.6.x/include/net/xfrmudp.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ linux-2.6.x/include/net/xfrmudp.h 3 Nov 2005 01:55:55 -0000 1.1
@@ -0,0 +1,10 @@
+/*
+ * pointer to function for type that xfrm4_input wants, to permit
+ * decoupling of XFRM from udp.c
+ */
+#define HAVE_XFRM4_UDP_REGISTER
+
+typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
+extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
+ , xfrm4_rcv_encap_t *oldfunc);
+extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);

80685
src/patches/reiser4-for-2.6.20.patch
View File

File diff suppressed because it is too large Load Diff

78231
src/patches/reiser4-for-2.6.24.patch
View File

File diff suppressed because it is too large Load Diff