[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 00916) patches for implementing port selection in IPSEC6 SADB/SPD and pfkey
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 00916) patches for implementing port selection in IPSEC6 SADB/SPD and pfkey
- From: Parijat Mishra <parijat@xxxxxxxxxxxxxx>
- Date: Wed, 24 Oct 2001 17:07:54 -0400
- Organization: CWC
- Reply-to: parijat@xxxxxxxxxxxxxx
I am attaching some diff files for enabling port selection in the kernel and
the pfkey tool. The diffs are against the Oct 15 release.
# cd net/ipv6/ipsec6
# cvs diff -c1 *.[ch] > ipsec6.diff
and
# cd usagi/pfkey_util
# cvs diff -c1 *.[ch] > pfkey.diff
I am sorry, but I am a bit green with CVS etc and don't know yet how to
create proper patches. Hope this helps.
I am not using the newest ipsec_sp which was released on Monday, according to
Miyazawa. I will do that let you know if something breaks.
Happy hacking...
--
Sincerely,
Parijat Mishra
R & D Engineer,
Centre for Wireless Communications, NUS
Tel: (65)8709353
Index: sadb.c
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux24/net/ipv6/ipsec6/sadb.c,v
retrieving revision 1.18
diff -c -1 -r1.18 sadb.c
*** sadb.c 2001/10/10 07:37:05 1.18
--- sadb.c 2001/10/24 08:45:29
***************
*** 712,715 ****
--- 712,720 ----
memset(buf, 0, BUFSIZE);
+ sockporttoa((struct sockaddr*)&(tmp->src), buf, BUFSIZE);
+ len += sprintf(buffer + len, "sport:%s\n", buf);
+ memset(buf, 0, BUFSIZE);
sockaddrtoa((struct sockaddr*)&(tmp->dst), buf, BUFSIZE);
len += sprintf(buffer + len, "dst:%s/%d\n", buf, tmp->prefixlen_d);
+ sockporttoa((struct sockaddr*)&(tmp->dst), buf, BUFSIZE);
+ len += sprintf(buffer + len, "dport:%s\n", buf);
memset(buf, 0, BUFSIZE);
Index: sadb_utils.h
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux24/net/ipv6/ipsec6/sadb_utils.h,v
retrieving revision 1.7
diff -c -1 -r1.7 sadb_utils.h
*** sadb_utils.h 2001/09/12 15:46:52 1.7
--- sadb_utils.h 2001/10/24 08:45:29
***************
*** 47,48 ****
--- 47,51 ----
size_t sockaddrtoa(struct sockaddr *addr, char *buf, size_t buflen);
+ /* Function sockporttoa converts port numbers to ascii */
+ /* Returns 0 if successful, -EINVAL on error */
+ int sockporttoa(struct sockaddr *addr, char *buf, size_t buflen);
Index: sockaddrtoa.c
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux24/net/ipv6/ipsec6/sockaddrtoa.c,v
retrieving revision 1.10
diff -c -1 -r1.10 sockaddrtoa.c
*** sockaddrtoa.c 2001/09/08 08:32:12 1.10
--- sockaddrtoa.c 2001/10/24 08:45:29
***************
*** 66 ****
--- 66,85 ----
+ int
+ sockporttoa(struct sockaddr *addr, char *buf, size_t buflen)
+ {
+
+ switch (addr->sa_family) {
+ case AF_INET:
+ sprintf(buf, "%hd", ntohs(((struct sockaddr_in *)addr)->sin_port));
+ break;
+ case AF_INET6:
+ sprintf(buf, "%hd", ntohs(((struct sockaddr_in6*)addr)->sin6_port));
+ break;
+ default:
+ printk(KERN_WARNING "sockporttoa: unrecognized socket family: %d\n", addr->sa_family);
+ return -EINVAL;
+ break;
+ }
+
+ return 0;
+ }
Index: spd.c
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux24/net/ipv6/ipsec6/spd.c,v
retrieving revision 1.12
diff -c -1 -r1.12 spd.c
*** spd.c 2001/10/10 07:37:05 1.12
--- spd.c 2001/10/24 08:45:29
***************
*** 474,475 ****
--- 474,478 ----
len += sprintf(buffer + len, "src:%s/%d\n", buf, tmp_spd->selector.prefixlen_s);
+ memset(buf, 0, BUFSIZE);
+ sockporttoa((struct sockaddr *)&(tmp_spd->selector.src), buf, BUFSIZE);
+ len += sprintf(buffer + len, "sport:%s\n", buf);
memset(buf, 0, BUFSIZE);
***************
*** 477,478 ****
--- 480,483 ----
len += sprintf(buffer + len, "dst:%s/%d\n", buf, tmp_spd->selector.prefixlen_d);
+ sockporttoa((struct sockaddr *)&(tmp_spd->selector.dst), buf, BUFSIZE);
+ len += sprintf(buffer + len, "dport:%s\n", buf);
len += sprintf(buffer + len, "proto:%u\n", tmp_spd->selector.proto);
***************
*** 484,486 ****
len += sprintf(buffer + len, "sa->dst:%s\n", buf);
! len += sprintf(buffer + len, "sa[%d]: sa->ipsec_proto:%u ", count++, htons(ntohl(tmp_sa->ipsec_proto)));
len += sprintf(buffer + len, "sa->spi:0x%x\n", htonl(tmp_sa->spi));
--- 489,491 ----
len += sprintf(buffer + len, "sa->dst:%s\n", buf);
! len += sprintf(buffer + len, "sa[%d]: sa->ipsec_proto:%u ", count++, tmp_sa->ipsec_proto);
len += sprintf(buffer + len, "sa->spi:0x%x\n", htonl(tmp_sa->spi));
Index: spd_utils.c
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux24/net/ipv6/ipsec6/spd_utils.c,v
retrieving revision 1.14
diff -c -1 -r1.14 spd_utils.c
*** spd_utils.c 2001/09/21 09:25:13 1.14
--- spd_utils.c 2001/10/24 08:45:29
***************
*** 59,62 ****
--- 59,67 ----
+ /* Locally used utility function */
+ static int compare_ports_if_set(struct sockaddr *addr1, struct sockaddr *addr2);
+
int compare_selector(struct selector *selector1, struct selector *selector2)
{
+ int tmp;
+
if (!(selector1&&selector2)) {
***************
*** 71,73 ****
! return compare_address_with_prefix((struct sockaddr*)&(selector1->src), selector1->prefixlen_s,
(struct sockaddr*)&(selector2->src), selector2->prefixlen_s)
--- 76,78 ----
! tmp = compare_address_with_prefix((struct sockaddr*)&(selector1->src), selector1->prefixlen_s,
(struct sockaddr*)&(selector2->src), selector2->prefixlen_s)
***************
*** 75,78 ****
--- 80,120 ----
(struct sockaddr*)&(selector2->dst), selector2->prefixlen_d);
+
+ /* tmp == 0 means successful match so far */
+ if (tmp)
+ return (tmp);
+
+ /* compare ports, if they are set */
+ tmp = compare_ports_if_set((struct sockaddr*)&(selector1->src), (struct sockaddr*)&(selector2->src));
+ if (tmp)
+ return (tmp);
+ tmp = compare_ports_if_set((struct sockaddr*)&(selector1->dst), (struct sockaddr*)&(selector2->dst));
+ if (tmp)
+ return (tmp);
+
+ return 0; /* everything matches */
}
+ static int
+ compare_ports_if_set(struct sockaddr *addr1, struct sockaddr *addr2)
+ {
+ if (addr1->sa_family != addr2->sa_family)
+ return -EINVAL;
+
+ switch (addr1->sa_family) {
+ case AF_INET:
+ if (((struct sockaddr_in *)addr1)->sin_port && ((struct sockaddr_in *)addr2)->sin_port)
+ return !( ((struct sockaddr_in *)addr1)->sin_port == ((struct sockaddr_in *)addr2)->sin_port);
+ break;
+ case AF_INET6:
+ if (((struct sockaddr_in *)addr1)->sin_port && ((struct sockaddr_in *)addr2)->sin_port)
+ return !( ((struct sockaddr_in *)addr1)->sin_port == ((struct sockaddr_in *)addr2)->sin_port);
+ break;
+ default:
+ pr_debug(__FILE__ ":%d: compare_ports_if_set: unsupported address family: %d\n",
+ __LINE__, addr1->sa_family);
+ return -EINVAL;
+ }
+
+ return 0; /* shoudl never reach here */
+ }
void dump_ipsec_sp(struct ipsec_sp *policy)
Index: freeswan.h
===================================================================
RCS file: /cvsroot/usagi/usagi/usagi/pfkey_util/freeswan.h,v
retrieving revision 1.1
diff -c -1 -r1.1 freeswan.h
*** freeswan.h 2001/07/19 11:05:07 1.1
--- freeswan.h 2001/10/24 08:47:07
***************
*** 254,256 ****
/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
! #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1)
err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
--- 254,256 ----
/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */
! #define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1 + 7)
err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst);
Index: pfkey.c
===================================================================
RCS file: /cvsroot/usagi/usagi/usagi/pfkey_util/pfkey.c,v
retrieving revision 1.1
diff -c -1 -r1.1 pfkey.c
*** pfkey.c 2001/10/04 10:16:21 1.1
--- pfkey.c 2001/10/24 08:47:07
***************
*** 407,408 ****
--- 407,410 ----
}
+ ((struct sockaddr_in6 *)&(q->address_s))->sin6_port =
+ htons((uint16_t)(q->port_s));
/* do htons() later */
***************
*** 415,416 ****
--- 417,420 ----
}
+ ((struct sockaddr_in6 *)&(q->address_d))->sin6_port =
+ htons((uint16_t)(q->port_d));
/* do htons() later */