diff options
Diffstat (limited to 'kernel/ipt_CRYPT.c')
-rw-r--r-- | kernel/ipt_CRYPT.c | 62 |
1 files changed, 32 insertions, 30 deletions
diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index 5fdbc87..0b70319 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -19,17 +19,6 @@ USA ***/ -#include <linux/config.h> - -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include <linux/modversions.h> - #include "seppl.ver" -#endif - #include <linux/module.h> #include <linux/skbuff.h> #include <linux/ip.h> @@ -53,16 +42,31 @@ MODULE_DESCRIPTION("SEPPL iptables Encryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { +static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + const struct ipt_crypt_info *ti = _ti; - struct iphdr *ih = (*pskb)->nh.iph; - unsigned d, new_l, crypt_l, ihl = ih->ihl<<2; + struct iphdr *ih; + unsigned d, new_l, crypt_l, ihl; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; u8 *iv, *pl; int ivs = ti->key->ivsize; int bs = ti->key->blocksize; struct scatterlist sg[1]; + + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; // Calculate new packet size new_l = ihl + sizeof(struct seppl_uncrypt_hdr) + ivs + ((sizeof(struct seppl_crypt_hdr) + ntohs(ih->tot_len) - ihl + bs - 1) / bs) * bs; @@ -152,20 +156,20 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum static int ipt_CRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { struct ipt_crypt_info *ti = _ti; - if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { printk(KERN_ERR "ipt_CRYPT: Structure too small\n"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); - return 0; - } + if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); + return 0; + } if (!(ti->key = seppl_claim_key(ti->algorithm, ti->name))) { printk(KERN_ERR "ipt_CRYPT: Cannot find key\n"); @@ -184,21 +188,19 @@ static void ipt_CRYPT_destroy(void *_ti, unsigned int ti_size) { static struct ipt_target ipt_CRYPT_reg = { { NULL, NULL }, "CRYPT", - ipt_CRYPT_target, ipt_CRYPT_check, ipt_CRYPT_destroy, + ipt_CRYPT_target, THIS_MODULE }; static int __init init(void) { - return ipt_register_target(&ipt_CRYPT_reg); + return ipt_register_target(&ipt_CRYPT_reg); } static void __exit fini(void) { - ipt_unregister_target(&ipt_CRYPT_reg); + ipt_unregister_target(&ipt_CRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; |