From a97290628ffc69fbf8557a7b696866ed29c256c3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 22 Jan 2004 01:03:16 +0000 Subject: preparation von kernel 2.6 git-svn-id: file:///home/lennart/svn/public/seppl/trunk@26 91a2fd9b-5dcb-0310-a70a-d71e310228e6 --- bootstrap.sh | 2 +- configure.ac | 36 ++++++++++++++++-------------- doc/README.html.in | 12 +++++++--- kernel/Makefile.in | 49 +++++++++++++++++++---------------------- kernel/ipt_CRYPT.c | 62 +++++++++++++++++++++++++++------------------------- kernel/ipt_DECRYPT.c | 61 +++++++++++++++++++++++++++++++-------------------- kernel/seppl.c | 44 +++++++++++-------------------------- kernel/seppl.h | 2 -- kernel/test.sh | 6 ++--- 9 files changed, 137 insertions(+), 137 deletions(-) diff --git a/bootstrap.sh b/bootstrap.sh index 3fb6593..4ff275c 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # $Id$ # This file is part of seppl. diff --git a/configure.ac b/configure.ac index fd952e6..fac7a1a 100644 --- a/configure.ac +++ b/configure.ac @@ -19,34 +19,36 @@ # along with seppl; if not, write to the Free Software Foundation, # Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. -AC_PREREQ(2.57) -AC_INIT([seppl], [0.3], [mzfrccy (at) 0pointer (dot) de]) +AC_PREREQ(2.59) +AC_INIT([seppl],[0.4],[mzfrccy (at) 0pointer (dot) de]) AC_CONFIG_SRCDIR([kernel/seppl.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign -Wall]) -AC_DISABLE_STATIC -AC_PROG_LIBTOOL - -# Checks for programs. -AC_PROG_CXX -AC_PROG_CC AC_SUBST(PACKAGE_URL, [http://0pointer.de/lennart/projects/seppl/]) -# If using GCC specifiy some additional parameters -if test "x$GCC" = "xyes" ; then - CFLAGS="$CFLAGS -pipe -Wall" -fi - if type -p stow > /dev/null && test -d /usr/local/stow ; then AC_MSG_NOTICE([*** Found /usr/local/stow: default install prefix set to /usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION} ***]) ac_default_prefix="/usr/local/stow/${PACKAGE_NAME}-${PACKAGE_VERSION}" fi +# Checks for programs. +AC_DISABLE_STATIC +AC_PROG_LIBTOOL +AC_PROG_CC AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET + +# If using GCC specifiy some additional parameters +if test "x$GCC" = "xyes" ; then + CFLAGS="$CFLAGS -pipe -Wall" +fi + AC_CHECK_FUNCS([memset]) +AC_CHECK_HEADERS([fcntl.h]) +AC_FUNC_MALLOC +AC_TYPE_OFF_T AC_C_CONST # iptables version @@ -60,7 +62,7 @@ AC_DEFINE_UNQUOTED(IPTABLES_VERSION, ["$IPTABLES_VERSION"], "iptables release nu AC_MSG_RESULT([$IPTABLES_VERSION]) # Init script location -AC_ARG_WITH(initdir, AC_HELP_STRING([--with-initdir=DIR], [Install init script in DIR (system dependent default)])) +AC_ARG_WITH(initdir, AS_HELP_STRING(--with-initdir=DIR,Install init script in DIR (system dependent default))) test "x$with_initdir" = xyes -o "x$with_initdir" = xno && with_initdir= @@ -122,7 +124,7 @@ AC_MSG_RESULT([found]) # Check for directory for kernel modules... AC_MSG_CHECKING(for directory for kernel modules) AC_ARG_WITH(moddir, - AC_HELP_STRING([--with-moddir=dir], [Give the directory to install kernel modules to]), + AS_HELP_STRING(--with-moddir=dir,Give the directory to install kernel modules to), KERNELMODDIR="$withval", if test -d "/lib/modules/`uname -r`/" -o -L "/lib/modules/`uname -r`/"; then KERNELMODDIR="/lib/modules/`uname -r`/" @@ -149,7 +151,7 @@ AM_PATH_PYTHON([2.1]) # LYNX documentation generation AC_ARG_ENABLE(lynx, - AC_HELP_STRING([--disable-lynx], [Turn off lynx usage for documentation generation]), + AS_HELP_STRING(--disable-lynx,Turn off lynx usage for documentation generation), [case "${enableval}" in yes) lynx=yes ;; no) lynx=no ;; @@ -168,7 +170,7 @@ AM_CONDITIONAL([USE_LYNX], [test "x$lynx" = xyes]) # XMLTOMAN manpage generation AC_ARG_ENABLE(xmltoman, - AC_HELP_STRING([--disable-xmltoman], [Disable rebuilding of man pages with xmltoman]), + AS_HELP_STRING(--disable-xmltoman,Disable rebuilding of man pages with xmltoman), [case "${enableval}" in yes) xmltoman=yes ;; no) xmltoman=no ;; diff --git a/doc/README.html.in b/doc/README.html.in index 4259611..a5e1971 100644 --- a/doc/README.html.in +++ b/doc/README.html.in @@ -44,6 +44,12 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

News

+
Thu Jan 22 2004:

Version 0.4 released; changes +include: port to Linux 2.6, no other changes. Version 0.4 is no +longer compatible with kernel 2.4. Use version 0.3 for kernel 2.4, it +is functionally equivalent.

+
Sat Dec 6 2003:

Version 0.3 released; changes include: IV are no longer simply increased from packet to packet, a C @@ -235,7 +241,7 @@ some way. Thus you will not be able to use NAT in conjunction with seppl. If you use connection tracking in some other way together with seppl your mileage may vary.

-

seppl is tested with Linux 2.4.{22,23}. It is not yet ported to 2.6.

+

seppl is tested with Linux 2.6.1. Use version 0.3 for Linux 2.4.

Disclaimer

@@ -253,7 +259,7 @@ Linux distributions and Unix versions since it uses GNU Autoconf and GNU libtool for source code configuration and shared library management.

-

seppl requires Linux 2.4.{22,23} (configured sources installed) and +

seppl requires Linux 2.6.{0,1} (configured sources installed) and iptables 1.2.8 or newer.

The complete userspace tool set requires Python 2.1 or newer. A stripped down set in C is available as well.

@@ -279,7 +285,7 @@ compilation and make install (as root) for installation of

Get seppl's development sources from the Subversion repository.

-
Lennart Poettering <@PACKAGE_BUGREPORT@>, December 2003
+
Lennart Poettering <@PACKAGE_BUGREPORT@>, January 2004
$Id$
diff --git a/kernel/Makefile.in b/kernel/Makefile.in index 0d6d325..8a89791 100644 --- a/kernel/Makefile.in +++ b/kernel/Makefile.in @@ -24,40 +24,38 @@ PACKAGE=@PACKAGE@ VERSION=@VERSION@ DISTFILES=seppl.c seppl.h ipt_CRYPT.c ipt_CRYPT.h ipt_DECRYPT.c ipt_DECRYPT.h test.sh Makefile.in seppl_protocol.h distdir = ../$(PACKAGE)-$(VERSION) -CFLAGS=-Wall -g -O2 -KERNEL_CFLAGS= -I$(KERNELDIR)/include -DLINUX -DMODULE -D__KERNEL__ -DEXPORT_SYMTAB -DPACKAGE_BUGREPORT="\"@PACKAGE_BUGREPORT@\"" -DPACKAGE_VERSION="\"@PACKAGE_VERSION@\"" -include $(KERNELDIR)/.config +ifneq ($(KERNELRELEASE),) -all: Makefile ipt_CRYPT.o ipt_DECRYPT.o seppl.o - -Makefile: Makefile.in - cd .. && ./config.status kernel/Makefile +EXTRA_CFLAGS += -DPACKAGE_BUGREPORT="\"@PACKAGE_BUGREPORT@\"" -DPACKAGE_VERSION="\"@PACKAGE_VERSION@\"" +obj-m := seppl.o ipt_CRYPT.o ipt_DECRYPT.o +else -ifdef CONFIG_MODVERSIONS -seppl.o ipt_CRYPT.o ipt_DECRYPT.o: seppl.ver -endif +PWD := $(shell pwd) -ifndef GENKSYMS -GENKSYMS=genksyms -endif +all: + $(MAKE) -C $(KERNELDIR) SUBDIRS=$(PWD) MODVERDIR=$(PWD) modules -ipt_CRYPT.o: ipt_CRYPT.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +load: + insmod ./seppl.ko + insmod ./ipt_CRYPT.ko + insmod ./ipt_DECRYPT.ko -ipt_DECRYPT.o: ipt_DECRYPT.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +unload: + -rmmod ./ipt_DECRYPT.ko + -rmmod ./ipt_CRYPT.ko + -rmmod ./seppl.ko -seppl.o: seppl.c - $(CC) $(CFLAGS) -c $< -o $@ $(KERNEL_CFLAGS) +clean: + rm -f *.o *.ko *.mod *.mod.c .*.cmd -seppl.ver: seppl.c - $(CC) $(CFLAGS) $(KERNEL_CFLAGS) -E -D__GENKSYMS__ $^ | $(GENKSYMS) -k `uname -r`> $@ +Makefile: Makefile.in + cd .. && ./config.status kernel/Makefile -install: +install: all mkdir -p $(SEPPL_MODDIR) - install -m644 seppl.o ipt_CRYPT.o ipt_DECRYPT.o $(SEPPL_MODDIR) + install -m644 seppl.ko ipt_CRYPT.ko ipt_DECRYPT.ko $(SEPPL_MODDIR) distdir: mkdir -p $(distdir) @@ -69,7 +67,6 @@ distclean: clean maintainer-clean: clean rm -f Makefile -clean: - rm -f *.o *.ver - .PHONY: all clean maintainer-clean mostlyclean distclean distdir install + +endif diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index 5fdbc87..0b70319 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -19,17 +19,6 @@ USA ***/ -#include - -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include - #include "seppl.ver" -#endif - #include #include #include @@ -53,16 +42,31 @@ MODULE_DESCRIPTION("SEPPL iptables Encryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { +static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + const struct ipt_crypt_info *ti = _ti; - struct iphdr *ih = (*pskb)->nh.iph; - unsigned d, new_l, crypt_l, ihl = ih->ihl<<2; + struct iphdr *ih; + unsigned d, new_l, crypt_l, ihl; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; u8 *iv, *pl; int ivs = ti->key->ivsize; int bs = ti->key->blocksize; struct scatterlist sg[1]; + + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; // Calculate new packet size new_l = ihl + sizeof(struct seppl_uncrypt_hdr) + ivs + ((sizeof(struct seppl_crypt_hdr) + ntohs(ih->tot_len) - ihl + bs - 1) / bs) * bs; @@ -152,20 +156,20 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum static int ipt_CRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { struct ipt_crypt_info *ti = _ti; - if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_crypt_info))) { printk(KERN_ERR "ipt_CRYPT: Structure too small\n"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { - printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); - return 0; - } + if ((hook_mask & ~(1 << NF_IP_POST_ROUTING)) != 0) { + printk(KERN_ERR "ipt_CRYPT: Not in POSTROUTING chain\n"); + return 0; + } if (!(ti->key = seppl_claim_key(ti->algorithm, ti->name))) { printk(KERN_ERR "ipt_CRYPT: Cannot find key\n"); @@ -184,21 +188,19 @@ static void ipt_CRYPT_destroy(void *_ti, unsigned int ti_size) { static struct ipt_target ipt_CRYPT_reg = { { NULL, NULL }, "CRYPT", - ipt_CRYPT_target, ipt_CRYPT_check, ipt_CRYPT_destroy, + ipt_CRYPT_target, THIS_MODULE }; static int __init init(void) { - return ipt_register_target(&ipt_CRYPT_reg); + return ipt_register_target(&ipt_CRYPT_reg); } static void __exit fini(void) { - ipt_unregister_target(&ipt_CRYPT_reg); + ipt_unregister_target(&ipt_CRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; diff --git a/kernel/ipt_DECRYPT.c b/kernel/ipt_DECRYPT.c index ce59525..9458fa9 100644 --- a/kernel/ipt_DECRYPT.c +++ b/kernel/ipt_DECRYPT.c @@ -53,9 +53,15 @@ MODULE_DESCRIPTION ("SEPPL iptables Decryption Target"); MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">"); #endif -static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) { - struct iphdr *ih = (*pskb)->nh.iph; - unsigned ihl = ih->ihl<<2; +static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *_ti, + void *userinfo) { + + struct iphdr *ih; + unsigned ihl; struct seppl_key *key; struct seppl_uncrypt_hdr *uh; struct seppl_crypt_hdr *ch; @@ -64,9 +70,18 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn int crypt_l, bs; struct scatterlist sg[1]; + if (!skb_ip_make_writable(pskb, (*pskb)->len)) { + if (net_ratelimit()) + printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n"); + return NF_DROP; + } + + ih = (*pskb)->nh.iph; + ihl = ih->ihl<<2; + if (ih->protocol != SEPPL_PROTOCOL) { if (net_ratelimit()) - printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol\n"); + printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol 0x%02x\n", ih->protocol); return NF_DROP; } @@ -163,45 +178,43 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn } static int ipt_DECRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) { - if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) { + if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) { printk(KERN_ERR "ipt_DECRYPT: Structure too small"); - return 0; - } + return 0; + } - if (strcmp(table, "mangle") != 0) { - printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n"); - return 0; - } + if (strcmp(table, "mangle") != 0) { + printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n"); + return 0; + } - if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { - printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); - return 0; - } - - return 1; + if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { + printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); + return 0; + } + + return 1; } static struct ipt_target ipt_DECRYPT_reg = { { NULL, NULL }, "DECRYPT", - ipt_DECRYPT_target, ipt_DECRYPT_check, NULL, + ipt_DECRYPT_target, THIS_MODULE }; static int __init init(void) { - if (ipt_register_target(&ipt_DECRYPT_reg)) - return -EINVAL; + if (ipt_register_target(&ipt_DECRYPT_reg)) + return -EINVAL; - return 0; + return 0; } static void __exit fini(void) { - ipt_unregister_target(&ipt_DECRYPT_reg); + ipt_unregister_target(&ipt_DECRYPT_reg); } module_init(init); module_exit(fini); - -EXPORT_NO_SYMBOLS; diff --git a/kernel/seppl.c b/kernel/seppl.c index c580bcd..3b13b0e 100644 --- a/kernel/seppl.c +++ b/kernel/seppl.c @@ -21,15 +21,6 @@ #include -#if defined(CONFIG_MODVERSIONS) && !defined(MODVERSIONS) - #define MODVERSIONS -#endif - -#if defined(MODVERSIONS) && !defined(__GENKSYMS__) - #include - #include "seppl.ver" -#endif - #include #include #include @@ -57,7 +48,6 @@ static spinlock_t keyring_lock = SPIN_LOCK_UNLOCKED; #define PROC_FILE_NAME "seppl_keyring" static struct proc_dir_entry* proc_file = NULL; - struct cipher_info { char *name; int bits; @@ -70,14 +60,14 @@ static const struct cipher_info cipher_dict[CIPHER_DICT_MAX] = { { "aes", 192 } }; -const struct cipher_info *seppl_find_cipher(u8 id) { +static const struct cipher_info *seppl_find_cipher(u8 id) { if (id < CIPHER_DICT_MAX) return &cipher_dict[id]; return NULL; } -struct seppl_key* seppl_find_key(u8 algorithm, const char *name, int r) { +static struct seppl_key* seppl_find_key(u8 algorithm, const char *name, int r) { struct seppl_key *key = NULL, *l; for (l = keyring; l; l = l->next) @@ -95,10 +85,8 @@ struct seppl_key* seppl_claim_key(u8 algorithm, const char *name) { spin_lock_bh(&keyring_lock); // FIXME: BH? - if ((key = seppl_find_key(algorithm, name, 1))) { + if ((key = seppl_find_key(algorithm, name, 1))) atomic_inc(&key->usage); - MOD_INC_USE_COUNT; - } spin_unlock_bh(&keyring_lock); @@ -107,7 +95,6 @@ struct seppl_key* seppl_claim_key(u8 algorithm, const char *name) { void seppl_release_key(struct seppl_key* key) { atomic_dec(&key->usage); - MOD_DEC_USE_COUNT; } // not spinlocked! @@ -129,7 +116,7 @@ void seppl_copy_iv(struct seppl_key *key, u8* iv) { spin_unlock_bh(&key->iv_spinlock); } -int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { +static int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { struct seppl_key* key = NULL; int r = -EINVAL; int locked = 1; @@ -290,7 +277,8 @@ finish: return r; } -void seppl_clear_keyring(void) { +static void seppl_clear_keyring(void) { + unsigned n = 0; struct seppl_key *key, *prev; printk(KERN_INFO "SEPPL: Clearing keyring\n"); @@ -324,25 +312,23 @@ void seppl_clear_keyring(void) { kfree(k); continue; - } + } else + n++; prev = key; key = key->next; } spin_unlock(&keyring_lock); -} -#ifndef MIN -#define MIN(a,b) ((a)>(b)?(b):(a)) -#endif + printk(KERN_INFO "SEPPL: Cleared keyring, %u keys remain.\n", n); +} static int seppl_proc_read_func(char* page, char** start, off_t off, int count, int* eof, void* data) { struct seppl_key *key; char *e = page; int d = 0; - MOD_INC_USE_COUNT; spin_lock(&keyring_lock); for (key = keyring; key; key = key->next) { @@ -353,12 +339,12 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, if (count <= 0) break; - memcpy(e, key->name, d = MIN(7, count)); + memcpy(e, key->name, d = min(7, count)); e += d; count -= d; if (count <= 0) break; - memcpy(e, key->key, d = MIN(key->keysize, count)); + memcpy(e, key->key, d = min_t(unsigned int, key->keysize, count)); e += d; count -= d; if (count <= 0) break; @@ -369,7 +355,6 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, } spin_unlock(&keyring_lock); - MOD_DEC_USE_COUNT; return e-page; } @@ -378,7 +363,6 @@ static int seppl_proc_read_func(char* page, char** start, off_t off, int count, static int seppl_proc_write_func(struct file* file, const char* buffer, unsigned long count, void* data) { int r = -EINVAL; u8* buf = NULL; - MOD_INC_USE_COUNT; count = count > 10*1024 ? 10*1024 : count; @@ -435,7 +419,6 @@ finish: if (buf) kfree(buf); - MOD_DEC_USE_COUNT; return r; } @@ -448,7 +431,7 @@ static int __init init(void) { proc_file->owner = THIS_MODULE; proc_file->size = 0; - printk("SEPPL: Loaded SEPPL "PACKAGE_VERSION", 2003 by Lennart Poettering <"PACKAGE_BUGREPORT">.\n"); + printk("SEPPL: Loaded SEPPL "PACKAGE_VERSION", 2003,2004 by Lennart Poettering <"PACKAGE_BUGREPORT">.\n"); return 0; } @@ -470,4 +453,3 @@ module_exit(fini); EXPORT_SYMBOL(seppl_copy_iv); EXPORT_SYMBOL(seppl_claim_key); EXPORT_SYMBOL(seppl_release_key); - diff --git a/kernel/seppl.h b/kernel/seppl.h index 282ba26..01fc830 100644 --- a/kernel/seppl.h +++ b/kernel/seppl.h @@ -57,7 +57,5 @@ struct seppl_key { struct seppl_key* seppl_claim_key(u8 algorithm, const char *name); void seppl_release_key(struct seppl_key *key); void seppl_copy_iv(struct seppl_key *key, u8* iv); -void seppl_clean_keys(void); -int seppl_add_key(u8 algorithm, const char *name, const u8* key_data); #endif diff --git a/kernel/test.sh b/kernel/test.sh index fc41522..125471f 100755 --- a/kernel/test.sh +++ b/kernel/test.sh @@ -1,6 +1,6 @@ #!/bin/sh -# $Id: Makefile.am 40 2003-10-27 18:32:45Z lennart $ +# $Id$ # # This file is part of seppl. # @@ -29,8 +29,8 @@ make unload sleep 2 make load -../utils/seppl-ls -f /etc/seppl/ring2.keys > /proc/net/seppl_keyring -../utils/seppl-ls +../utils-python/seppl-ls -f /etc/seppl/ring2.keys > /proc/net/seppl_keyring +../utils-python/seppl-ls iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -d 10.0.0.0/8 -j TCPMSS --set-mss $((1500-40-8-6-16)) iptables -t mangle -A POSTROUTING -d 10.0.0.0/8 -j CRYPT --key `hostname` -- cgit