diff options
Diffstat (limited to 'security/skip/files/patch-bl')
| -rw-r--r-- | security/skip/files/patch-bl | 304 |
1 files changed, 293 insertions, 11 deletions
diff --git a/security/skip/files/patch-bl b/security/skip/files/patch-bl index 65b4f91396e..36c0024ad23 100644 --- a/security/skip/files/patch-bl +++ b/security/skip/files/patch-bl @@ -1,11 +1,293 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/keymgrd/skip_keymgrsubr.C skipsrc-1.0/skip/keymgrd/skip_keymgrsubr.C ---- skipsrc-1.0.orig/skip/keymgrd/skip_keymgrsubr.C Fri Oct 25 13:12:49 1996 -+++ skipsrc-1.0/skip/keymgrd/skip_keymgrsubr.C Tue Nov 25 19:30:19 1997 -@@ -59,7 +59,6 @@ - #include "SkipCert.h" - #include "X509skip.h" - #include "HashCert.h" --#include "malloc.h" - #include "utils.h" - #include "Sig.h" - #include "skip_log.h" +diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c work.new/skip/freebsd/skip_es.c +--- skipsrc-1.0.orig/skip/freebsd/skip_es.c Fri Oct 25 13:12:42 1996 ++++ work.new/skip/freebsd/skip_es.c Tue Mar 9 20:40:23 1999 +@@ -81,6 +81,11 @@ + static unsigned short skip_pktid; + static skip_softc_t skip_softc[SKIP_MAX_OPENS]; + ++static struct callout_handle ++ skip_timeout_handle = CALLOUT_HANDLE_INITIALIZER(&skip_timeout_handle); ++ ++MALLOC_DEFINE(M_SKIP, "skip", "SKIP control structures and buffers"); ++ + /* + * statistics + */ +@@ -116,11 +121,13 @@ + static int skip_ifoutput(struct ifnet *, struct mbuf *, + struct sockaddr *, struct rtentry *rtp); + static int skip_ifinput(struct mbuf *, int); +-static void skip_inittimers(); +-static void skip_uninittimers(); +-static void skip_timer(); ++static void skip_inittimers(void); ++static void skip_uninittimers(void); ++static void skip_timer(void *); + static int skip_add_interface(char *); + static int skip_del_interface(char *); ++static void skip_ifwakeup(skip_softc_t *); ++static int skip_bufextend(struct mbuf *, int); + + static void skip_encrypt_done(void *, struct mbuf *, struct mbuf *, + void *, skip_arg_t *); +@@ -136,14 +143,14 @@ + /* + * From Crypt/MAC system... + */ +-extern int skip_es_bypass_init(); +-extern void skip_es_bypass_uninit(); +-extern void skip_key_initstore(); +-extern void skip_key_uninitstore(); +-extern void skip_key_initcryptors(); +-extern void skip_key_uninitcryptors(); +-extern void skip_mac_init(); +-extern void skip_mac_uninit(); ++extern int skip_es_bypass_init(void); ++extern void skip_es_bypass_uninit(void); ++extern void skip_key_initstore(void); ++extern void skip_key_uninitstore(void); ++extern void skip_key_initcryptors(void); ++extern void skip_key_uninitcryptors(void); ++extern void skip_mac_init(void); ++extern void skip_mac_uninit(void); + extern int skip_fmt_kmgr(union skip_messages *, skip_keycb_t *); + + extern struct cdevsw skipdevsw; +@@ -157,7 +164,7 @@ + * Returns: 0 on success, errno otherwise. + */ + int +-skip_init() ++skip_init(void) + { + register int s, rc; + register struct protosw *pr; +@@ -252,7 +259,10 @@ + for (pr = inetdomain.dom_protosw; + pr < inetdomain.dom_protoswNPROTOSW; pr++) { + +- pr->pr_input = skip_ifinput; ++ if (pr->pr_protocol == IPPROTO_DIVERT) ++ continue; ++ pr->pr_input = ++ (void (*)(struct mbuf *, int)) skip_ifinput; + } + splx(s); + } +@@ -266,7 +276,7 @@ + * Returns: 0 on success, errno otherwise. + */ + int +-skip_uninit() ++skip_uninit(void) + { + register int s; + if (skip_busy || skip_keys_stats.skip_encrypt_keys_active +@@ -422,27 +432,30 @@ + * Returns: 0 if no data available, 1 otherwise + */ + int +-skip_ifselect(dev, rw, p) ++skip_ifpoll(dev, events, p) + dev_t dev; +- int rw; ++ int events; + struct proc *p; + { + register skip_softc_t *sp = &skip_softc[minor(dev)]; + register int s; ++ int revents = 0; + +- if (rw == FWRITE) { +- return (1); +- } ++ /* Check readable */ + s = splimp(); +- if (sp->q.ifq_len > 0) { +- splx(s); +- return (1); ++ if (events & (POLLIN | POLLRDNORM)) { ++ if (sp->q.ifq_len > 0) ++ revents |= (events & (POLLIN | POLLRDNORM)); ++ else ++ selrecord(p, &sp->sp_si); + } + +- selrecord(p, &sp->sp_si); ++ /* Always writable */ ++ if (events & (POLLOUT | POLLWRNORM)) ++ revents |= (events & (POLLOUT | POLLWRNORM)); + + splx(s); +- return(0); ++ return(revents); + } + + /* skip_ifread() +@@ -786,9 +799,9 @@ + * Returns: None + */ + static void +-skip_inittimers() ++skip_inittimers(void) + { +- timeout(skip_timer, NULL, skip_key_tick * hz); ++ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); + } + + /* skip_uninittimers() +@@ -798,9 +811,10 @@ + * Returns: None + */ + static void +-skip_uninittimers() ++skip_uninittimers(void) + { +- untimeout(skip_timer, NULL); ++ untimeout(skip_timer, NULL, skip_timeout_handle); ++ callout_handle_init(&skip_timeout_handle); + } + + /* skip_timer() +@@ -812,14 +826,13 @@ + */ + /*ARGSUSED*/ + static void +-skip_timer(arg) +- caddr_t arg; ++skip_timer(void *arg) + { + /* + * run through the key store + */ + skip_key_iterate(skip_key_check, NULL); +- timeout(skip_timer, NULL, skip_key_tick * hz); ++ skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); + } + + #ifdef notdef +@@ -846,6 +859,7 @@ + } + #endif + ++#ifdef notdef + void + skip_dump_buf(char *what, unsigned char *p, int len) + { +@@ -857,7 +871,9 @@ + } + printf("].\n"); + } ++#endif + ++#ifdef notdef + void + skip_dump_ip(struct ip *ip) + { +@@ -878,6 +894,7 @@ + ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum)); + + } ++#endif + + /* + * SKIP Ioctl and Interface management routines +@@ -1107,7 +1124,7 @@ + int + skip_ifioctl(dev, cmd, data, fflag, p) + dev_t dev; +- int cmd; ++ u_long cmd; + caddr_t data; + int fflag; + struct proc *p; +@@ -1390,7 +1407,6 @@ + skip_es_t *skip_if; + int iphlen, hdrlen = 0; + struct mbuf *decryptbuf = NULL; +- extern u_char ip_protox[]; + skip_param_t params; + skip_hdr_t skip_hdr; + skip_es_hash_t *entry, **acl; +@@ -1718,7 +1734,7 @@ + */ + decryptbuf->m_data += iphlen; + +- SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%d\n", ++ SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%p\n", + decryptbuf->m_len, decryptbuf->m_data); + + } +@@ -1745,7 +1761,7 @@ + ip->ip_id = ntohs(ip->ip_id); + ip->ip_off = ntohs(ip->ip_off); + pass: +- m->m_flags &= ~ M_EOR; ++ m->m_flags &= ~ M_PROTO1; + (*inetsw_default[ip_protox[ip->ip_p]].pr_input)(m, hlen); + return (0); + } +@@ -1910,6 +1926,13 @@ + */ + IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst); + ++ /* ++ * insert different source address if specified ++ */ ++ ++ if(params.source != 0) ++ (&newip->ip_src)->s_addr = params.source; ++ + encryptbuf->m_len += sizeof (struct ip); + + /* +@@ -2005,7 +2028,7 @@ + if (params.kp_alg) { + newip->ip_p = SKIP_NEXT_ESP; + } else { +- newip->ip_p = IPPROTO_ENCAP; ++ newip->ip_p = IPPROTO_IPIP; + } + } + skip_if->stats.skip_if_raw_out++; +@@ -2028,6 +2051,13 @@ + * insert tunnel address as destination + */ + IPADDRCOPY(¶ms.tunnel_addr, &newip->ip_dst); ++ ++ /* ++ * insert different source address if specified ++ */ ++ ++ if(params.source != 0) ++ (&newip->ip_src)->s_addr = params.source; + } + + if (params.s_nsid == 0) { +@@ -2097,7 +2127,7 @@ + register skip_param_t *params = &res->params; + register struct ip *ip = mtod(original, struct ip *); + int rc, s, iphlen; +- struct mbuf *outbuf, *new_hdr; ++ struct mbuf *outbuf; + + SKIP_PRINT("skip_decrypt_done", params); + +@@ -2125,7 +2155,7 @@ + */ + outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original; + +- if (res->proto != IPPROTO_ENCAP) { ++ if (res->proto != IPPROTO_IPIP) { + /* + * transport mode, need to copy original IP header + */ +@@ -2195,7 +2225,7 @@ + /* + * tag the start of the header buffer so SKIP can recognise it + */ +- outbuf->m_flags |= M_EOR | M_PKTHDR; ++ outbuf->m_flags |= M_PROTO1 | M_PKTHDR; + + s = splimp(); + if (IF_QFULL(&ipintrq)) { |