diff options
-rwxr-xr-x | bootstrap.sh | 2 | ||||
-rw-r--r-- | configure.ac | 36 | ||||
-rw-r--r-- | doc/README.html.in | 12 | ||||
-rw-r--r-- | kernel/Makefile.in | 49 | ||||
-rw-r--r-- | kernel/ipt_CRYPT.c | 62 | ||||
-rw-r--r-- | kernel/ipt_DECRYPT.c | 61 | ||||
-rw-r--r-- | kernel/seppl.c | 44 | ||||
-rw-r--r-- | kernel/seppl.h | 2 | ||||
-rwxr-xr-x | kernel/test.sh | 6 |
9 files changed, 137 insertions, 137 deletions
diff --git a/bootstrap.sh b/bootstrap.sh index 3fb6593..4ff275c 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # $Id$ # This file is part of seppl. diff --git a/configure.ac b/configure.ac index fd952e6..fac7a1a 100644 --- a/configure.ac +++ b/configure.ac @@ -19,34 +19,36 @@ # along with seppl; if not, write to the Free Software Foundation, # Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -AC_PREREQ(2.57) -AC_INIT([seppl], [0.3], [mzfrccy (at) 0pointer (dot) de]) +AC_PREREQ(2.59) +AC_INIT([seppl],[0.4],[mzfrccy (at) 0pointer (dot) de]) AC_CONFIG_SRCDIR([kernel/seppl.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign -Wall]) -AC_DISABLE_STATIC -AC_PROG_LIBTOOL - -# Checks for programs. -AC_PROG_CXX -AC_PROG_CC AC_SUBST(PACKAGE_URL, [http://0pointer.de/lennart/projects/seppl/]) -# If using GCC specifiy some additional parameters -if test "x$GCC" = "xyes" ; then - CFLAGS="$CFLAGS -pipe -Wall" -fi - if type -p stow > /dev/null && test -d /usr/local/stow ; then AC_MSG_NOTICE([*** Found /usr/local/stow: default install prefix set to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***]) ac_default_prefix="/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}" fi +# Checks for programs. +AC_DISABLE_STATIC +AC_PROG_LIBTOOL +AC_PROG_CC AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET + +# If using GCC specifiy some additional parameters +if test "x$GCC" = "xyes" ; then + CFLAGS="$CFLAGS -pipe -Wall" +fi + AC_CHECK_FUNCS([memset]) +AC_CHECK_HEADERS([fcntl.h]) +AC_FUNC_MALLOC +AC_TYPE_OFF_T AC_C_CONST # iptables version @@ -60,7 +62,7 @@ AC_DEFINE_UNQUOTED(IPTABLES_VERSION, ["$IPTABLES_VERSION"], "iptables release nu AC_MSG_RESULT([$IPTABLES_VERSION]) # Init script location -AC_ARG_WITH(initdir, AC_HELP_STRING([--with-initdir=DIR], [Install init script in DIR (system dependent default)])) +AC_ARG_WITH(initdir, AS_HELP_STRING(--with-initdir=DIR,Install init script in DIR (system dependent default))) test "x$with_initdir" = xyes -o "x$with_initdir" = xno && with_initdir= @@ -122,7 +124,7 @@ AC_MSG_RESULT([found]) # Check for directory for kernel modules... AC_MSG_CHECKING(for directory for kernel modules) AC_ARG_WITH(moddir, - AC_HELP_STRING([--with-moddir=dir], [Give the directory to install kernel modules to]), + AS_HELP_STRING(--with-moddir=dir,Give the directory to install kernel modules to), KERNELMODDIR="$withval", if test -d "/lib/modules/`uname -r`/" -o -L "/lib/modules/`uname -r`/"; then KERNELMODDIR="/lib/modules/`uname -r`/" @@ -149,7 +151,7 @@ AM_PATH_PYTHON([2.1]) # LYNX documentation generation AC_ARG_ENABLE(lynx, - AC_HELP_STRING([--disable-lynx], [Turn off lynx usage for documentation generation]), + AS_HELP_STRING(--disable-lynx,Turn off lynx usage for documentation generation), [case "${enableval}" in yes) lynx=yes ;; no) lynx=no ;; @@ -168,7 +170,7 @@ AM_CONDITIONAL([USE_LYNX], [test "x$lynx" = xyes]) # XMLTOMAN manpage generation AC_ARG_ENABLE(xmltoman, - AC_HELP_STRING([--disable-xmltoman], [Disable rebuilding of man pages with xmltoman]), + AS_HELP_STRING(--disable-xmltoman,Disable rebuilding of man pages with xmltoman), [case "${enableval}" in yes) xmltoman=yes ;; no) xmltoman=no ;; diff --git a/doc/README.html.in b/doc/README.html.in index 4259611..a5e1971 100644 --- a/doc/README.html.in +++ b/doc/README.html.in @@ -44,6 +44,12 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.</p> <h2><a name="news">News</a></h2> +<div class="news-date">Thu Jan 22 2004: </div> <p class="news-text"><a +href="@PACKAGE_URL@seppl-0.4.tar.gz">Version 0.4</a> released; changes +include: port to Linux 2.6, no other changes. <b>Version 0.4 is no +longer compatible with kernel 2.4. Use version 0.3 for kernel 2.4, it +is functionally equivalent.</b> </p> + <div class="news-date">Sat Dec 6 2003: </div> <p class="news-text"><a href="@PACKAGE_URL@seppl-0.3.tar.gz">Version 0.3</a> released; changes include: IV are no longer simply increased from packet to packet, a C @@ -235,7 +241,7 @@ some way. Thus you will not be able to use NAT in conjunction with <tt>seppl</tt>. If you use connection tracking in some other way together with <tt>seppl</tt> your mileage may vary.</p> -<p><tt>seppl</tt> is tested with Linux 2.4.{22,23}. It is not yet ported to 2.6.</p> +<p><tt>seppl</tt> is tested with Linux 2.6.1. Use version 0.3 for Linux 2.4.</p> <h3>Disclaimer</h3> @@ -253,7 +259,7 @@ Linux distributions and Unix versions since it uses GNU Autoconf and GNU libtool for source code configuration and shared library management.</p> -<p><tt>seppl</tt> requires Linux 2.4.{22,23} (configured sources installed) and +<p><tt>seppl</tt> requires Linux 2.6.{0,1} (configured sources installed) and <tt>iptables</tt> 1.2.8 or newer.</p> <p>The complete userspace tool set requires Python 2.1 or newer. A stripped down set in C is available as well.</p> @@ -279,7 +285,7 @@ compilation and <tt>make install</tt> (as root) for installation of <p>Get <tt>seppl</tt>'s development sources from the <a href="http://subversion.tigris.org/">Subversion</a> <a href="https://seth.intheinter.net:8081/svn/seppl/">repository</a>.</p> <hr/> -<address class="grey">Lennart Poettering <@PACKAGE_BUGREPORT@>, December 2003</address> +<address class="grey">Lennart Poettering <@PACKAGE_BUGREPORT@>, January 2004</address> <div class="grey"><i>$Id$</i></div> </body> diff --git a/kernel/Makefile.in b/kernel/Makefile.in index 0d6d325..8a89791 100644 --- a/kernel/Makefile.in +++ b/kernel/Makefile.in @@ -24,40 +24,38 @@ PACKAGE=@PACKAGE@ VERSION=@VERSION@ DISTFILES=seppl.c seppl.h ipt_CRYPT.c ipt_CRYPT.h ipt_DECRYPT.c ipt_DECRYPT.h test.sh Makefile.in seppl_protocol.h distdir = ../$(PACKAGE)-$(VERSION) -CFLAGS=-Wall -g -O2 -KERNEL_CFLAGS= -I$(KERNELDIR)/include -DLINUX -DMODULE -D__KERNEL__ -DEXPORT_SYMTAB -DPACKAGE_BUGREPORT="\"@PACKAGE_BUGREPORT@\"" -DPACKAGE_VERSION="\"@PACKAGE_VERSION@\"" -include $(KERNELDIR)/.config +ifneq ($(KERNELRELEASE),) -all: Makefile ipt_CRYPT.o ipt_DECRYPT.o seppl.o - -Makefile: Makefile.in - cd .. && ./config.status kernel/Makefile +EXTRA_CFLAGS += -DPACKAGE_BUGREPORT="\"@PACKAGE_BUGREPORT@\"" -DPACKAGE_VERSION="\"@PACKAGE_VERSION@\"" +obj-m := seppl.o ipt_CRYPT.o ipt_DECRYPT.o +else -ifdef CONFIG_MODVERSIONS -seppl.o ipt_CRYPT.o ipt_DECRYPT.o: seppl.ver -endif +PWD := $(shell pwd) -ifndef GENKSYMS -GENKSYMS=genksyms -endif +all: + $(MAKE) -C $(KERNELDIR) SUBDIRS=$(PWD) MODVERDIR=$(PWD) modules -ipt_CRYPT.o: ipt_CRYPT.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +load: + insmod ./seppl.ko + insmod ./ipt_CRYPT.ko + insmod ./ipt_DECRYPT.ko -ipt_DECRYPT.o: ipt_DECRYPT.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +unload: + -rmmod ./ipt_DECRYPT.ko + -rmmod ./ipt_CRYPT.ko + -rmmod ./seppl.ko -seppl.o: seppl.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +clean: + rm -f *.o *.ko *.mod *.mod.c .*.cmd -seppl.ver: seppl.c - $(CC) $(CFLAGS) $(KERNEL_CFLAGS) -E -D__GENKSYMS__ $^ | $(GENKSYMS) -k `uname -r`> $@ +Makefile: Makefile.in + cd .. && ./config.status kernel/Makefile -install: +install: all mkdir -p $(SEPPL_MODDIR) - install -m644 seppl.o ipt_CRYPT.o ipt_DECRYPT.o $(SEPPL_MODDIR) + install -m644 seppl.ko ipt_CRYPT.ko ipt_DECRYPT.ko $(SEPPL_MODDIR) distdir: mkdir -p $(distdir) @@ -69,7 +67,6 @@ distclean: clean maintainer-clean: clean rm -f Makefile -clean: - rm -f *.o *.ver - .PHONY: all clean maintainer-clean mostlyclean distclean distdir install + +endif diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index 5fdbc87..0b70319 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -19,17 +19,6 @@ USA ***/ -#include <linux/config.h> - -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include <linux/modversions.h> - #include "seppl.ver" -#endif - #include <linux/module.h> #include <linux/skbuff.h> #include <linux/ip.h> @@ -53,16 +42,31 @@ MODULE_DESCRIPTION("SEPPL iptables Encryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { +static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + const struct ipt_crypt_info *ti = _ti; - struct iphdr *ih = (*pskb)->nh.iph; - unsigned d, new_l, crypt_l, ihl = ih->ihl<<2; + struct iphdr *ih; + unsigned d, new_l, crypt_l, ihl; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; u8 *iv, *pl; int ivs = ti->key->ivsize; int bs = ti->key->blocksize; struct scatterlist sg[1]; + + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; // Calculate new packet size new_l = ihl + sizeof(struct seppl_uncrypt_hdr) + ivs + ((sizeof(struct seppl_crypt_hdr) + ntohs(ih->tot_len) - ihl + bs - 1) / bs) * bs; @@ -152,20 +156,20 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum static int ipt_CRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { struct ipt_crypt_info *ti = _ti; - if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { printk(KERN_ERR "ipt_CRYPT: Structure too small\n"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); - return 0; - } + if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); + return 0; + } if (!(ti->key = seppl_claim_key(ti->algorithm, ti->name))) { printk(KERN_ERR "ipt_CRYPT: Cannot find key\n"); @@ -184,21 +188,19 @@ static void ipt_CRYPT_destroy(void *_ti, unsigned int ti_size) { static struct ipt_target ipt_CRYPT_reg = { { NULL, NULL }, "CRYPT", - ipt_CRYPT_target, ipt_CRYPT_check, ipt_CRYPT_destroy, + ipt_CRYPT_target, THIS_MODULE }; static int __init init(void) { - return ipt_register_target(&ipt_CRYPT_reg); + return ipt_register_target(&ipt_CRYPT_reg); } static void __exit fini(void) { - ipt_unregister_target(&ipt_CRYPT_reg); + ipt_unregister_target(&ipt_CRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; diff --git a/kernel/ipt_DECRYPT.c b/kernel/ipt_DECRYPT.c index ce59525..9458fa9 100644 --- a/kernel/ipt_DECRYPT.c +++ b/kernel/ipt_DECRYPT.c @@ -53,9 +53,15 @@ MODULE_DESCRIPTION ("SEPPL iptables Decryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { - struct iphdr *ih = (*pskb)->nh.iph; - unsigned ihl = ih->ihl<<2; +static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + + struct iphdr *ih; + unsigned ihl; struct seppl_key *key; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; @@ -64,9 +70,18 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn int crypt_l, bs; struct scatterlist sg[1]; + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; + if (ih->protocol != SEPPL_PROTOCOL) { if (net_ratelimit()) - printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol\n"); + printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol 0x%02x\n", ih->protocol); return NF_DROP; } @@ -163,45 +178,43 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn } static int ipt_DECRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { - if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) { printk(KERN_ERR "ipt_DECRYPT: Structure too small"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { - printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); - return 0; - } - - return 1; + if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { + printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); + return 0; + } + + return 1; } static struct ipt_target ipt_DECRYPT_reg = { { NULL, NULL }, "DECRYPT", - ipt_DECRYPT_target, ipt_DECRYPT_check, NULL, + ipt_DECRYPT_target, THIS_MODULE }; static int __init init(void) { - if (ipt_register_target(&ipt_DECRYPT_reg)) - return -EINVAL; + if (ipt_register_target(&ipt_DECRYPT_reg)) + return -EINVAL; - return 0; + return 0; } static void __exit fini(void) { - ipt_unregister_target(&ipt_DECRYPT_reg); + ipt_unregister_target(&ipt_DECRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; diff --git a/kernel/seppl.c b/kernel/seppl.c index c580bcd..3b13b0e 100644 --- a/kernel/seppl.c +++ b/kernel/seppl.c @@ -21,15 +21,6 @@ #include <linux/config.h> -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include <linux/modversions.h> - #include "seppl.ver" -#endif - #include <linux/module.h> #include <linux/skbuff.h> #include <linux/interrupt.h> @@ -57,7 +48,6 @@ static spinlock_t keyring_lock = SPIN_LOCK_UNLOCKED; #define PROC_FILE_NAME "seppl_keyring" static struct proc_dir_entry* proc_file = NULL; - struct cipher_info { char *name; int bits; @@ -70,14 +60,14 @@ static const struct cipher_info cipher_dict[CIPHER_DICT_MAX] = { { "aes", 192 } }; -const struct cipher_info *seppl_find_cipher(u8 id) { +static const struct cipher_info *seppl_find_cipher(u8 id) { if (id < CIPHER_DICT_MAX) return &cipher_dict[id]; return NULL; } -struct seppl_key* seppl_find_key(u8 algorithm, const char *name, int r) { +static struct seppl_key* seppl_find_key(u8 algorithm, const char *name, int r) { struct seppl_key *key = NULL, *l; for (l = keyring; l; l = l->next) @@ -95,10 +85,8 @@ struct seppl_key* seppl_claim_key(u8 algorithm, const char *name) { spin_lock_bh(&keyring_lock); // FIXME: BH? - if ((key = seppl_find_key(algorithm, name, 1))) { + if ((key = seppl_find_key(algorithm, name, 1))) atomic_inc(&key->usage); - MOD_INC_USE_COUNT; - } spin_unlock_bh(&keyring_lock); @@ -107,7 +95,6 @@ struct seppl_key* seppl_claim_key(u8 algorithm, const char *name) { void seppl_release_key(struct seppl_key* key) { atomic_dec(&key->usage); - MOD_DEC_USE_COUNT; } // not spinlocked! @@ -129,7 +116,7 @@ void seppl_copy_iv(struct seppl_key *key, u8* iv) { spin_unlock_bh(&key->iv_spinlock); } -int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { +static int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { struct seppl_key* key = NULL; int r = -EINVAL; int locked = 1; @@ -290,7 +277,8 @@ finish: return r; } -void seppl_clear_keyring(void) { +static void seppl_clear_keyring(void) { + unsigned n = 0; struct seppl_key *key, *prev; printk(KERN_INFO "SEPPL: Clearing keyring\n"); @@ -324,25 +312,23 @@ void seppl_clear_keyring(void) { kfree(k); continue; - } + } else + n++; prev = key; key = key->next; } spin_unlock(&keyring_lock); -} -#ifndef MIN -#define MIN(a,b) ((a)>(b)?(b):(a)) -#endif + printk(KERN_INFO "SEPPL: Cleared keyring, %u keys remain.\n", n); +} static int seppl_proc_read_func(char* page, char** start, off_t off, int count, int* eof, void* data) { struct seppl_key *key; char *e = page; int d = 0; - MOD_INC_USE_COUNT; spin_lock(&keyring_lock); for (key = keyring; key; key = key->next) { @@ -353,12 +339,12 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, if (count <= 0) break; - memcpy(e, key->name, d = MIN(7, count)); + memcpy(e, key->name, d = min(7, count)); e += d; count -= d; if (count <= 0) break; - memcpy(e, key->key, d = MIN(key->keysize, count)); + memcpy(e, key->key, d = min_t(unsigned int, key->keysize, count)); e += d; count -= d; if (count <= 0) break; @@ -369,7 +355,6 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, } spin_unlock(&keyring_lock); - MOD_DEC_USE_COUNT; return e-page; } @@ -378,7 +363,6 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, static int seppl_proc_write_func(struct file* file, const char* buffer, unsigned long count, void* data) { int r = -EINVAL; u8* buf = NULL; - MOD_INC_USE_COUNT; count = count > 10*1024 ? 10*1024 : count; @@ -435,7 +419,6 @@ finish: if (buf) kfree(buf); - MOD_DEC_USE_COUNT; return r; } @@ -448,7 +431,7 @@ static int __init init(void) { proc_file->owner = THIS_MODULE; proc_file->size = 0; - printk("SEPPL: Loaded SEPPL "PACKAGE_VERSION", 2003 by Lennart Poettering <"PACKAGE_BUGREPORT">.\n"); + printk("SEPPL: Loaded SEPPL "PACKAGE_VERSION", 2003,2004 by Lennart Poettering <"PACKAGE_BUGREPORT">.\n"); return 0; } @@ -470,4 +453,3 @@ module_exit(fini); EXPORT_SYMBOL(seppl_copy_iv); EXPORT_SYMBOL(seppl_claim_key); EXPORT_SYMBOL(seppl_release_key); - diff --git a/kernel/seppl.h b/kernel/seppl.h index 282ba26..01fc830 100644 --- a/kernel/seppl.h +++ b/kernel/seppl.h @@ -57,7 +57,5 @@ struct seppl_key { struct seppl_key* seppl_claim_key(u8 algorithm, const char *name); void seppl_release_key(struct seppl_key *key); void seppl_copy_iv(struct seppl_key *key, u8* iv); -void seppl_clean_keys(void); -int seppl_add_key(u8 algorithm, const char *name, const u8* key_data); #endif diff --git a/kernel/test.sh b/kernel/test.sh index fc41522..125471f 100755 --- a/kernel/test.sh +++ b/kernel/test.sh @@ -1,6 +1,6 @@ #!/bin/sh -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # @@ -29,8 +29,8 @@ make unload sleep 2 make load -../utils/seppl-ls -f /etc/seppl/ring2.keys > /proc/net/seppl_keyring -../utils/seppl-ls +../utils-python/seppl-ls -f /etc/seppl/ring2.keys > /proc/net/seppl_keyring +../utils-python/seppl-ls iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -d 10.0.0.0/8 -j TCPMSS --set-mss $((1500-40-8-6-16)) iptables -t mangle -A POSTROUTING -d 10.0.0.0/8 -j CRYPT --key `hostname` |