diff options
| author | brian <brian@cvs.openbsd.org> | 2000-09-14 18:04:15 +0000 |
|---|---|---|
| committer | brian <brian@cvs.openbsd.org> | 2000-09-14 18:04:15 +0000 |
| commit | 08793b5bcbe03a761e77a5b917c1fecbb2c95f0a (patch) | |
| tree | 604f0c28ac7c14467558b748bc22a15f425bc4fa /usr.sbin | |
| parent | bd4018fe4c3c1e51cb27ed6f6711a009f8203854 (diff) | |
Understand IPPROTO_ESP and IPPROTO_AH packets
Submitted by: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ppp/ppp/filter.h | 4 | ||||
| -rw-r--r-- | usr.sbin/ppp/ppp/ip.c | 36 |
2 files changed, 38 insertions, 2 deletions
diff --git a/usr.sbin/ppp/ppp/filter.h b/usr.sbin/ppp/ppp/filter.h index 956711ad7f1..6eba1c52b35 100644 --- a/usr.sbin/ppp/ppp/filter.h +++ b/usr.sbin/ppp/ppp/filter.h @@ -15,7 +15,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: filter.h,v 1.11 2000/07/11 22:13:03 brian Exp $ + * $OpenBSD: filter.h,v 1.12 2000/09/14 18:04:13 brian Exp $ * * TODO: */ @@ -32,6 +32,8 @@ #ifdef IPPROTO_GRE #define P_GRE 6 #endif +#define P_ESP 7 +#define P_AH 8 /* Operations - f_srcop, f_dstop */ #define OP_NONE 0 diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c index 733ecaa899e..9f30aaa4cd0 100644 --- a/usr.sbin/ppp/ppp/ip.c +++ b/usr.sbin/ppp/ppp/ip.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $OpenBSD: ip.c,v 1.26 2000/08/28 23:25:28 brian Exp $ + * $OpenBSD: ip.c,v 1.27 2000/09/14 18:04:14 brian Exp $ * * TODO: * o Return ICMP message for filterd packet @@ -269,6 +269,16 @@ FilterCheck(const struct ip *pip, const struct filter *filter, unsigned *psecs) sport = ntohs(0); break; #endif + case IPPROTO_ESP: + cproto = P_ESP; + estab = syn = finrst = -1; + sport = ntohs(0); + break; + case IPPROTO_AH: + cproto = P_AH; + estab = syn = finrst = -1; + sport = ntohs(0); + break; case IPPROTO_UDP: case IPPROTO_IPIP: cproto = P_UDP; @@ -636,6 +646,30 @@ PacketCheck(struct bundle *bundle, unsigned char *cp, int nb, } break; + case IPPROTO_ESP: + if (logit && loglen < sizeof logbuf) { + snprintf(logbuf + loglen, sizeof logbuf - loglen, + "ESP: %s ---> ", inet_ntoa(pip->ip_src)); + loglen += strlen(logbuf + loglen); + snprintf(logbuf + loglen, sizeof logbuf - loglen, + "%s, spi %08x", inet_ntoa(pip->ip_dst), + (u_int32_t) ptop); + loglen += strlen(logbuf + loglen); + } + break; + + case IPPROTO_AH: + if (logit && loglen < sizeof logbuf) { + snprintf(logbuf + loglen, sizeof logbuf - loglen, + "AH: %s ---> ", inet_ntoa(pip->ip_src)); + loglen += strlen(logbuf + loglen); + snprintf(logbuf + loglen, sizeof logbuf - loglen, + "%s, spi %08x", inet_ntoa(pip->ip_dst), + (u_int32_t) (ptop + sizeof(u_int32_t))); + loglen += strlen(logbuf + loglen); + } + break; + case IPPROTO_IGMP: if (logit && loglen < sizeof logbuf) { uh = (struct udphdr *) ptop; |