diff options
author | Lennart Poettering <lennart@poettering.net> | 2004-01-22 01:03:16 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2004-01-22 01:03:16 +0000 |
commit | a97290628ffc69fbf8557a7b696866ed29c256c3 (patch) | |
tree | d58433c37935a95469a1dff531180201df562048 /kernel | |
parent | 62c19c9aeb749775a5692d585ed8436d3c1ec5c5 (diff) |
preparation von kernel 2.6
git-svn-id: file:///home/lennart/svn/public/seppl/trunk@26 91a2fd9b-5dcb-0310-a70a-d71e310228e6
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/Makefile.in | 49 | ||||
-rw-r--r-- | kernel/ipt_CRYPT.c | 62 | ||||
-rw-r--r-- | kernel/ipt_DECRYPT.c | 61 | ||||
-rw-r--r-- | kernel/seppl.c | 44 | ||||
-rw-r--r-- | kernel/seppl.h | 2 | ||||
-rwxr-xr-x | kernel/test.sh | 6 |
6 files changed, 108 insertions, 116 deletions
diff --git a/kernel/Makefile.in b/kernel/Makefile.in index 0d6d325..8a89791 100644 --- a/kernel/Makefile.in +++ b/kernel/Makefile.in @@ -24,40 +24,38 @@ PACKAGE=@PACKAGE@ VERSION=@VERSION@ DISTFILES=seppl.c seppl.h ipt_CRYPT.c ipt_CRYPT.h ipt_DECRYPT.c ipt_DECRYPT.h test.sh Makefile.in seppl_protocol.h distdir = ../$(PACKAGE)-$(VERSION) -CFLAGS=-Wall -g -O2 -KERNEL_CFLAGS= -I$(KERNELDIR)/include -DLINUX -DMODULE -D__KERNEL__ -DEXPORT_SYMTAB -DPACKAGE_BUGREPORT="\"@PACKAGE_BUGREPORT@\"" -DPACKAGE_VERSION="\"@PACKAGE_VERSION@\"" -include $(KERNELDIR)/.config +ifneq ($(KERNELRELEASE),) -all: Makefile ipt_CRYPT.o ipt_DECRYPT.o seppl.o - -Makefile: Makefile.in - cd .. && ./config.status kernel/Makefile +EXTRA_CFLAGS += -DPACKAGE_BUGREPORT="\"@PACKAGE_BUGREPORT@\"" -DPACKAGE_VERSION="\"@PACKAGE_VERSION@\"" +obj-m := seppl.o ipt_CRYPT.o ipt_DECRYPT.o +else -ifdef CONFIG_MODVERSIONS -seppl.o ipt_CRYPT.o ipt_DECRYPT.o: seppl.ver -endif +PWD := $(shell pwd) -ifndef GENKSYMS -GENKSYMS=genksyms -endif +all: + $(MAKE) -C $(KERNELDIR) SUBDIRS=$(PWD) MODVERDIR=$(PWD) modules -ipt_CRYPT.o: ipt_CRYPT.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +load: + insmod ./seppl.ko + insmod ./ipt_CRYPT.ko + insmod ./ipt_DECRYPT.ko -ipt_DECRYPT.o: ipt_DECRYPT.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +unload: + -rmmod ./ipt_DECRYPT.ko + -rmmod ./ipt_CRYPT.ko + -rmmod ./seppl.ko -seppl.o: seppl.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +clean: + rm -f *.o *.ko *.mod *.mod.c .*.cmd -seppl.ver: seppl.c - $(CC) $(CFLAGS) $(KERNEL_CFLAGS) -E -D__GENKSYMS__ $^ | $(GENKSYMS) -k `uname -r`> $@ +Makefile: Makefile.in + cd .. && ./config.status kernel/Makefile -install: +install: all mkdir -p $(SEPPL_MODDIR) - install -m644 seppl.o ipt_CRYPT.o ipt_DECRYPT.o $(SEPPL_MODDIR) + install -m644 seppl.ko ipt_CRYPT.ko ipt_DECRYPT.ko $(SEPPL_MODDIR) distdir: mkdir -p $(distdir) @@ -69,7 +67,6 @@ distclean: clean maintainer-clean: clean rm -f Makefile -clean: - rm -f *.o *.ver - .PHONY: all clean maintainer-clean mostlyclean distclean distdir install + +endif diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index 5fdbc87..0b70319 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -19,17 +19,6 @@ USA ***/ -#include <linux/config.h> - -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include <linux/modversions.h> - #include "seppl.ver" -#endif - #include <linux/module.h> #include <linux/skbuff.h> #include <linux/ip.h> @@ -53,16 +42,31 @@ MODULE_DESCRIPTION("SEPPL iptables Encryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { +static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + const struct ipt_crypt_info *ti = _ti; - struct iphdr *ih = (*pskb)->nh.iph; - unsigned d, new_l, crypt_l, ihl = ih->ihl<<2; + struct iphdr *ih; + unsigned d, new_l, crypt_l, ihl; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; u8 *iv, *pl; int ivs = ti->key->ivsize; int bs = ti->key->blocksize; struct scatterlist sg[1]; + + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; // Calculate new packet size new_l = ihl + sizeof(struct seppl_uncrypt_hdr) + ivs + ((sizeof(struct seppl_crypt_hdr) + ntohs(ih->tot_len) - ihl + bs - 1) / bs) * bs; @@ -152,20 +156,20 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum static int ipt_CRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { struct ipt_crypt_info *ti = _ti; - if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { printk(KERN_ERR "ipt_CRYPT: Structure too small\n"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); - return 0; - } + if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); + return 0; + } if (!(ti->key = seppl_claim_key(ti->algorithm, ti->name))) { printk(KERN_ERR "ipt_CRYPT: Cannot find key\n"); @@ -184,21 +188,19 @@ static void ipt_CRYPT_destroy(void *_ti, unsigned int ti_size) { static struct ipt_target ipt_CRYPT_reg = { { NULL, NULL }, "CRYPT", - ipt_CRYPT_target, ipt_CRYPT_check, ipt_CRYPT_destroy, + ipt_CRYPT_target, THIS_MODULE }; static int __init init(void) { - return ipt_register_target(&ipt_CRYPT_reg); + return ipt_register_target(&ipt_CRYPT_reg); } static void __exit fini(void) { - ipt_unregister_target(&ipt_CRYPT_reg); + ipt_unregister_target(&ipt_CRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; diff --git a/kernel/ipt_DECRYPT.c b/kernel/ipt_DECRYPT.c index ce59525..9458fa9 100644 --- a/kernel/ipt_DECRYPT.c +++ b/kernel/ipt_DECRYPT.c @@ -53,9 +53,15 @@ MODULE_DESCRIPTION ("SEPPL iptables Decryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { - struct iphdr *ih = (*pskb)->nh.iph; - unsigned ihl = ih->ihl<<2; +static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + + struct iphdr *ih; + unsigned ihl; struct seppl_key *key; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; @@ -64,9 +70,18 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn int crypt_l, bs; struct scatterlist sg[1]; + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; + if (ih->protocol != SEPPL_PROTOCOL) { if (net_ratelimit()) - printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol\n"); + printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol 0x%02x\n", ih->protocol); return NF_DROP; } @@ -163,45 +178,43 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn } static int ipt_DECRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { - if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) { printk(KERN_ERR "ipt_DECRYPT: Structure too small"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { - printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); - return 0; - } - - return 1; + if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { + printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); + return 0; + } + + return 1; } static struct ipt_target ipt_DECRYPT_reg = { { NULL, NULL }, "DECRYPT", - ipt_DECRYPT_target, ipt_DECRYPT_check, NULL, + ipt_DECRYPT_target, THIS_MODULE }; static int __init init(void) { - if (ipt_register_target(&ipt_DECRYPT_reg)) - return -EINVAL; + if (ipt_register_target(&ipt_DECRYPT_reg)) + return -EINVAL; - return 0; + return 0; } static void __exit fini(void) { - ipt_unregister_target(&ipt_DECRYPT_reg); + ipt_unregister_target(&ipt_DECRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; diff --git a/kernel/seppl.c b/kernel/seppl.c index c580bcd..3b13b0e 100644 --- a/kernel/seppl.c +++ b/kernel/seppl.c @@ -21,15 +21,6 @@ #include <linux/config.h> -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include <linux/modversions.h> - #include "seppl.ver" -#endif - #include <linux/module.h> #include <linux/skbuff.h> #include <linux/interrupt.h> @@ -57,7 +48,6 @@ static spinlock_t keyring_lock = SPIN_LOCK_UNLOCKED; #define PROC_FILE_NAME "seppl_keyring" static struct proc_dir_entry* proc_file = NULL; - struct cipher_info { char *name; int bits; @@ -70,14 +60,14 @@ static const struct cipher_info cipher_dict[CIPHER_DICT_MAX] = { { "aes", 192 } }; -const struct cipher_info *seppl_find_cipher(u8 id) { +static const struct cipher_info *seppl_find_cipher(u8 id) { if (id < CIPHER_DICT_MAX) return &cipher_dict[id]; return NULL; } -struct seppl_key* seppl_find_key(u8 algorithm, const char *name, int r) { +static struct seppl_key* seppl_find_key(u8 algorithm, const char *name, int r) { struct seppl_key *key = NULL, *l; for (l = keyring; l; l = l->next) @@ -95,10 +85,8 @@ struct seppl_key* seppl_claim_key(u8 algorithm, const char *name) { spin_lock_bh(&keyring_lock); // FIXME: BH? - if ((key = seppl_find_key(algorithm, name, 1))) { + if ((key = seppl_find_key(algorithm, name, 1))) atomic_inc(&key->usage); - MOD_INC_USE_COUNT; - } spin_unlock_bh(&keyring_lock); @@ -107,7 +95,6 @@ struct seppl_key* seppl_claim_key(u8 algorithm, const char *name) { void seppl_release_key(struct seppl_key* key) { atomic_dec(&key->usage); - MOD_DEC_USE_COUNT; } // not spinlocked! @@ -129,7 +116,7 @@ void seppl_copy_iv(struct seppl_key *key, u8* iv) { spin_unlock_bh(&key->iv_spinlock); } -int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { +static int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { struct seppl_key* key = NULL; int r = -EINVAL; int locked = 1; @@ -290,7 +277,8 @@ finish: return r; } -void seppl_clear_keyring(void) { +static void seppl_clear_keyring(void) { + unsigned n = 0; struct seppl_key *key, *prev; printk(KERN_INFO "SEPPL: Clearing keyring\n"); @@ -324,25 +312,23 @@ void seppl_clear_keyring(void) { kfree(k); continue; - } + } else + n++; prev = key; key = key->next; } spin_unlock(&keyring_lock); -} -#ifndef MIN -#define MIN(a,b) ((a)>(b)?(b):(a)) -#endif + printk(KERN_INFO "SEPPL: Cleared keyring, %u keys remain.\n", n); +} static int seppl_proc_read_func(char* page, char** start, off_t off, int count, int* eof, void* data) { struct seppl_key *key; char *e = page; int d = 0; - MOD_INC_USE_COUNT; spin_lock(&keyring_lock); for (key = keyring; key; key = key->next) { @@ -353,12 +339,12 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, if (count <= 0) break; - memcpy(e, key->name, d = MIN(7, count)); + memcpy(e, key->name, d = min(7, count)); e += d; count -= d; if (count <= 0) break; - memcpy(e, key->key, d = MIN(key->keysize, count)); + memcpy(e, key->key, d = min_t(unsigned int, key->keysize, count)); e += d; count -= d; if (count <= 0) break; @@ -369,7 +355,6 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, } spin_unlock(&keyring_lock); - MOD_DEC_USE_COUNT; return e-page; } @@ -378,7 +363,6 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, static int seppl_proc_write_func(struct file* file, const char* buffer, unsigned long count, void* data) { int r = -EINVAL; u8* buf = NULL; - MOD_INC_USE_COUNT; count = count > 10*1024 ? 10*1024 : count; @@ -435,7 +419,6 @@ finish: if (buf) kfree(buf); - MOD_DEC_USE_COUNT; return r; } @@ -448,7 +431,7 @@ static int __init init(void) { proc_file->owner = THIS_MODULE; proc_file->size = 0; - printk("SEPPL: Loaded SEPPL "PACKAGE_VERSION", 2003 by Lennart Poettering <"PACKAGE_BUGREPORT">.\n"); + printk("SEPPL: Loaded SEPPL "PACKAGE_VERSION", 2003,2004 by Lennart Poettering <"PACKAGE_BUGREPORT">.\n"); return 0; } @@ -470,4 +453,3 @@ module_exit(fini); EXPORT_SYMBOL(seppl_copy_iv); EXPORT_SYMBOL(seppl_claim_key); EXPORT_SYMBOL(seppl_release_key); - diff --git a/kernel/seppl.h b/kernel/seppl.h index 282ba26..01fc830 100644 --- a/kernel/seppl.h +++ b/kernel/seppl.h @@ -57,7 +57,5 @@ struct seppl_key { struct seppl_key* seppl_claim_key(u8 algorithm, const char *name); void seppl_release_key(struct seppl_key *key); void seppl_copy_iv(struct seppl_key *key, u8* iv); -void seppl_clean_keys(void); -int seppl_add_key(u8 algorithm, const char *name, const u8* key_data); #endif diff --git a/kernel/test.sh b/kernel/test.sh index fc41522..125471f 100755 --- a/kernel/test.sh +++ b/kernel/test.sh @@ -1,6 +1,6 @@ #!/bin/sh -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # @@ -29,8 +29,8 @@ make unload sleep 2 make load -../utils/seppl-ls -f /etc/seppl/ring2.keys > /proc/net/seppl_keyring -../utils/seppl-ls +../utils-python/seppl-ls -f /etc/seppl/ring2.keys > /proc/net/seppl_keyring +../utils-python/seppl-ls iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -d 10.0.0.0/8 -j TCPMSS --set-mss $((1500-40-8-6-16)) iptables -t mangle -A POSTROUTING -d 10.0.0.0/8 -j CRYPT --key `hostname` |