Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
b2c31abe
Commit
b2c31abe
authored
Apr 09, 2004
by
Andreas Gruenbacher
Committed by
David S. Miller
Apr 09, 2004
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[IPSEC]: Support draft-ietf-ipsec-udp-encaps-00/01, some ipec impls need it.
parent
a318dc62
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
38 additions
and
0 deletions
+38
-0
include/linux/udp.h
include/linux/udp.h
+1
-0
net/ipv4/esp4.c
net/ipv4/esp4.c
+22
-0
net/ipv4/udp.c
net/ipv4/udp.c
+15
-0
No files found.
include/linux/udp.h
View file @
b2c31abe
...
...
@@ -31,6 +31,7 @@ struct udphdr {
#define UDP_ENCAP 100
/* Set the socket to accept encapsulated packets */
/* UDP encapsulation types */
#define UDP_ENCAP_ESPINUDP_NON_IKE 1
/* draft-ietf-ipsec-nat-t-ike-00/01 */
#define UDP_ENCAP_ESPINUDP 2
/* draft-ietf-ipsec-udp-encaps-06 */
#ifdef __KERNEL__
...
...
net/ipv4/esp4.c
View file @
b2c31abe
...
...
@@ -31,6 +31,7 @@ int esp_output(struct sk_buff *skb)
struct
esp_data
*
esp
;
struct
sk_buff
*
trailer
;
struct
udphdr
*
uh
=
NULL
;
u32
*
udpdata32
;
struct
xfrm_encap_tmpl
*
encap
=
NULL
;
int
blksize
;
int
clen
;
...
...
@@ -97,6 +98,14 @@ int esp_output(struct sk_buff *skb)
esph
=
(
struct
ip_esp_hdr
*
)(
uh
+
1
);
top_iph
->
protocol
=
IPPROTO_UDP
;
break
;
case
UDP_ENCAP_ESPINUDP_NON_IKE
:
uh
=
(
struct
udphdr
*
)
esph
;
udpdata32
=
(
u32
*
)(
uh
+
1
);
udpdata32
[
0
]
=
udpdata32
[
1
]
=
0
;
esph
=
(
struct
ip_esp_hdr
*
)(
udpdata32
+
2
);
alen
+=
2
;
top_iph
->
protocol
=
IPPROTO_UDP
;
break
;
default:
printk
(
KERN_INFO
"esp_output(): Unhandled encap: %u
\n
"
,
...
...
@@ -132,6 +141,14 @@ int esp_output(struct sk_buff *skb)
esph
=
(
struct
ip_esp_hdr
*
)(
uh
+
1
);
top_iph
->
protocol
=
IPPROTO_UDP
;
break
;
case
UDP_ENCAP_ESPINUDP_NON_IKE
:
uh
=
(
struct
udphdr
*
)
esph
;
udpdata32
=
(
u32
*
)(
uh
+
1
);
udpdata32
[
0
]
=
udpdata32
[
1
]
=
0
;
esph
=
(
struct
ip_esp_hdr
*
)(
udpdata32
+
2
);
alen
+=
2
;
top_iph
->
protocol
=
IPPROTO_UDP
;
break
;
default:
printk
(
KERN_INFO
"esp_output(): Unhandled encap: %u
\n
"
,
...
...
@@ -294,6 +311,7 @@ int esp_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_bu
switch
(
decap
->
decap_type
)
{
case
UDP_ENCAP_ESPINUDP
:
case
UDP_ENCAP_ESPINUDP_NON_IKE
:
if
((
void
*
)
uh
==
(
void
*
)
esph
)
{
printk
(
KERN_DEBUG
...
...
@@ -354,6 +372,7 @@ int esp_post_input(struct xfrm_state *x, struct xfrm_decap_state *decap, struct
switch
(
encap
->
encap_type
)
{
case
UDP_ENCAP_ESPINUDP
:
case
UDP_ENCAP_ESPINUDP_NON_IKE
:
/*
* 1) if the NAT-T peer's IP or port changed then
* advertize the change to the keying daemon.
...
...
@@ -534,6 +553,9 @@ int esp_init_state(struct xfrm_state *x, void *args)
case
UDP_ENCAP_ESPINUDP
:
x
->
props
.
header_len
+=
sizeof
(
struct
udphdr
);
break
;
case
UDP_ENCAP_ESPINUDP_NON_IKE
:
x
->
props
.
header_len
+=
sizeof
(
struct
udphdr
)
+
2
*
sizeof
(
u32
);
break
;
default:
printk
(
KERN_INFO
"esp_init_state(): Unhandled encap type: %u
\n
"
,
...
...
net/ipv4/udp.c
View file @
b2c31abe
...
...
@@ -975,6 +975,7 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
/* Must be an IKE packet.. pass it through */
return
1
;
decaps:
/* At this point we are sure that this is an ESPinUDP packet,
* so we need to remove 'len' bytes from the packet (the UDP
* header and optional ESP marker bytes) and then modify the
...
...
@@ -1002,6 +1003,20 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
/* and let the caller know to send this into the ESP processor... */
return
-
1
;
case
UDP_ENCAP_ESPINUDP_NON_IKE
:
/* Check if this is a keepalive packet. If so, eat it. */
if
(
len
==
1
&&
udpdata
[
0
]
==
0xff
)
{
return
0
;
}
else
if
(
len
>
2
*
sizeof
(
u32
)
+
sizeof
(
struct
ip_esp_hdr
)
&&
udpdata32
[
0
]
==
0
&&
udpdata32
[
1
]
==
0
)
{
/* ESP Packet with Non-IKE marker */
len
=
sizeof
(
struct
udphdr
)
+
2
*
sizeof
(
u32
);
goto
decaps
;
}
else
/* Must be an IKE packet.. pass it through */
return
1
;
default:
if
(
net_ratelimit
())
printk
(
KERN_INFO
"udp_encap_rcv(): Unhandled UDP encap type: %u
\n
"
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment