Submitted by: archie Cobbs (archie@whistle.com)

updates to make skip port work better, from the original porter.
author: Julian Elischer <julian@FreeBSD.org> 1998-04-13 00:17:45 +0000
committer: Julian Elischer <julian@FreeBSD.org> 1998-04-13 00:17:45 +0000
commit: b7d69e8bbbcc1a179fa7e3daf0c42081bfd8fdb5 (patch)
tree: 0138a30f12df965cf9c1e131045f246b0474277b /security/skip
parent: reimport of TenDRA, move it into lang like it was suppose to be... (diff)
5 files changed, 234 insertions, 10 deletions
diff --git a/security/skip/files/patch-au b/security/skip/files/patch-au
index 4e9ebdb29a27..74ff7c7d6a86 100644
--- a/security/skip/files/patch-au
+++ b/security/skip/files/patch-au
@@ -1,7 +1,7 @@
 diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1.0/doc/README.FreeBSD
 --- skipsrc-1.0.orig/doc/README.FreeBSD	Wed Dec 31 16:00:00 1969
-+++ skipsrc-1.0/doc/README.FreeBSD	Tue Dec 23 16:23:06 1997
-@@ -0,0 +1,64 @@
++++ skipsrc-1.0/doc/README.FreeBSD	Sun Apr 12 16:10:32 1998
+@@ -0,0 +1,74 @@
 +
 +Some notes regarding the FreeBSD port of SKIP
 +December 8, 1997
@@ -13,6 +13,16 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1
 +  you set ${PREFIX}). This documentation can be found under
 +  /usr/local/share/doc/skip.
 +
++- Thanks to S. Wehner, skiphost now takes a new argument for specifying
++  the source address for encrypted packets. This allows encrypted packets
++  that are being tunnelled between two routers to have source and dest
++  IP addresses of only those two routers. This reduces firewall complexity
++  in many cases. From his description:
++
++    This adds another command line option to skiphost, namely
++    -f <source address> . Every packet going out to the other host
++    will then have this source address in the packet.
++
 +- SKIP is applied to packets *after* any ipfw(8) filtering is applied.
 +  This is true for both incoming and outgoing packets. Note that SKIP
 +  has its own access control functionality.
diff --git a/security/skip/files/patch-bf b/security/skip/files/patch-bf
index 0752ad7ffcbe..ebd38cf05397 100644
--- a/security/skip/files/patch-bf
+++ b/security/skip/files/patch-bf
@@ -1,6 +1,6 @@
 diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skipsrc-1.0/skip/freebsd/skip_es.c
 --- skipsrc-1.0.orig/skip/freebsd/skip_es.c	Fri Oct 25 13:12:42 1996
-+++ skipsrc-1.0/skip/freebsd/skip_es.c	Tue Mar  3 16:58:54 1998
++++ skipsrc-1.0/skip/freebsd/skip_es.c	Sun Apr 12 15:51:32 1998
 @@ -81,6 +81,11 @@
  static unsigned short	skip_pktid;
  static skip_softc_t	skip_softc[SKIP_MAX_OPENS];
@@ -71,7 +71,21 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skips
                                          decryptbuf->m_len, decryptbuf->m_data);
  
  	} 
-@@ -2005,7 +2026,7 @@
+@@ -1910,6 +1931,13 @@
+ 		 */
+                 IPADDRCOPY(&params.tunnel_addr, &newip->ip_dst);
+ 
++		/* 
++		 * insert different source address if specified 
++		 */
++
++		if(params.source != 0)
++			(&newip->ip_src)->s_addr = params.source;
++
+ 		encryptbuf->m_len += sizeof (struct ip);
+ 
+ 		/*
+@@ -2005,7 +2033,7 @@
  			if (params.kp_alg) {
  				newip->ip_p = SKIP_NEXT_ESP;
  			} else {
@@ -80,7 +94,21 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skips
  			}
  		}
  		skip_if->stats.skip_if_raw_out++;
-@@ -2097,7 +2118,7 @@
+@@ -2028,6 +2056,13 @@
+ 		 * insert tunnel address as destination
+ 		 */
+ 		IPADDRCOPY(&params.tunnel_addr, &newip->ip_dst);
++
++		/* 
++		 * insert different source address if specified 
++		 */
++
++		if(params.source != 0) 
++			(&newip->ip_src)->s_addr = params.source;
+ 	}
+ 
+ 	if (params.s_nsid == 0) {
+@@ -2097,7 +2132,7 @@
  	register skip_param_t   *params = &res->params;
  	register struct ip      *ip = mtod(original, struct ip *);
  	int                     rc, s, iphlen;
@@ -89,7 +117,7 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skips
  
  	SKIP_PRINT("skip_decrypt_done", params);
  
-@@ -2125,7 +2146,7 @@
+@@ -2125,7 +2160,7 @@
  	 */
  	outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original;
  
diff --git a/security/skip/files/patch-bg b/security/skip/files/patch-bg
index 0560cf4e73f5..0823694663d8 100644
--- a/security/skip/files/patch-bg
+++ b/security/skip/files/patch-bg
@@ -1,6 +1,6 @@
 diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skipsrc-1.0/skip/freebsd/skip_os.h
 --- skipsrc-1.0.orig/skip/freebsd/skip_os.h	Fri Oct 25 13:12:43 1996
-+++ skipsrc-1.0/skip/freebsd/skip_os.h	Tue Jan 13 11:19:16 1998
++++ skipsrc-1.0/skip/freebsd/skip_os.h	Sun Apr 12 15:52:01 1998
 @@ -54,7 +54,6 @@
  #ifndef KERNEL
  #include <stdio.h>
@@ -93,7 +93,19 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skips
  
  #define ALIGNED(x)		(((unsigned int)(x)&(skip_alignment - 1)) == 0)
  
-@@ -205,26 +225,21 @@
+@@ -182,7 +202,11 @@
+ /*
+  * 4.x timing defines
+  */
++#if __FreeBSD__ >= 3
++#define SKIP_ES_CURRENTTIME	((long)time_second)
++#else
+ #define SKIP_ES_CURRENTTIME	(time.tv_sec)
++#endif
+ #define SKIP_ES_DELTATIME(then)	(SKIP_ES_CURRENTTIME - then)
+ 
+ /*
+@@ -205,26 +229,21 @@
  }
  
  /*
@@ -130,7 +142,7 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skips
  #else /* KERNEL */
  
  /*
-@@ -251,37 +266,12 @@
+@@ -251,37 +270,12 @@
  #endif
  #define	STATIC
  
@@ -170,7 +182,7 @@ diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_os.h skips
  #define KEYMGR			"/dev/skip_key"
  
  /*
-@@ -306,12 +296,6 @@
+@@ -306,12 +300,6 @@
  /* General purpose */
  
  typedef unsigned char byte;
diff --git a/security/skip/files/patch-cj b/security/skip/files/patch-cj
new file mode 100644
index 000000000000..91502b82bb53
--- /dev/null
+++ b/security/skip/files/patch-cj
@@ -0,0 +1,13 @@
+
+diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/include/skip_types.h skipsrc-1.0/skip/include/skip_types.h
+--- skipsrc-1.0.orig/skip/include/skip_types.h	Fri Oct 25 13:12:45 1996
++++ skipsrc-1.0/skip/include/skip_types.h	Sun Apr 12 15:29:53 1998
+@@ -142,6 +142,7 @@
+ 	unsigned char		flags;		/* ACL info for this system */
+ 	struct in_addr		mask;		/* network/host mask */
+ 	struct in_addr		tunnel_addr;	/* tunneling address */
++	unsigned long		source;		/* source address */
+ } skip_param_t;
+ 
+ /*
+
diff --git a/security/skip/files/patch-ck b/security/skip/files/patch-ck
new file mode 100644
index 000000000000..1a2154430e58
--- /dev/null
+++ b/security/skip/files/patch-ck
@@ -0,0 +1,161 @@
+diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c skipsrc-1.0/skip/tools/skiphost/skiphost.c
+--- skipsrc-1.0.orig/skip/tools/skiphost/skiphost.c	Fri Oct 25 13:13:03 1996
++++ skipsrc-1.0/skip/tools/skiphost/skiphost.c	Sun Apr 12 15:29:52 1998
+@@ -76,6 +76,7 @@
+ static char	*skip_version = NULL;
+ static char	*skip_mode = NULL;
+ static char	*tunnel = NULL;
++static char	*srcaddr = NULL;
+ 
+ static int	opt, opt_cpt;
+ static int	opt_action, opt_more;
+@@ -89,11 +90,14 @@
+ static int	opt_prt, opt_sh, opt_sel;
+ static int	opt_trs, opt_tunnel;
+ static int	opt_msk, opt_nomadic;
++static int	opt_source;
+ 
+ boolean_t       on_boot = B_FALSE;
+ 
+ #define		SKIP_HOST_MASK	"255.255.255.255"
+ 
++struct in_addr 	source_addr;
++
+ static void	usage();
+ 
+ /*
+@@ -218,6 +222,11 @@
+ 	if (params->ip_addr.s_addr != params->tunnel_addr.s_addr) {
+ 		printf(" -A %s", inet_ntoa(params->tunnel_addr));
+ 	}
++	
++	if(params->source != 0) {
++		source_addr.s_addr = params->source;	
++		printf(" -f %s", inet_ntoa(source_addr));
++	}
+ 
+ 	switch (params->version) {
+ 
+@@ -376,6 +385,11 @@
+ 		printf(" tunnel=%s", inet_ntoa(params->tunnel_addr));
+ 	}
+ 
++	if (params->source != 0) {
++		source_addr.s_addr = params->source;
++		printf(" source=%s", inet_ntoa(source_addr));
++	}
++
+ 	switch (params->version) {
+ 
+ 	case SKIP_NONE:
+@@ -907,12 +921,18 @@
+ 		}
+ 	}
+ 
++	if(opt_source) {
++		parms.source = inet_addr(srcaddr);
++	} else {
++		parms.source = 0;
++	}
++
+ 	/*
+ 	 * Check if a cleartext host...
+ 	 */
+ 	opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid;
+ 	opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+-	opt_sel += opt_vers + opt_nomadic + opt_tunnel;
++	opt_sel += opt_vers + opt_nomadic + opt_tunnel + opt_source;
+ 
+ 	if (!opt_sel) {
+ 		/*
+@@ -1531,6 +1551,7 @@
+ 		"\t\t[-r <receiver NSID>] [-R <receiver key Id>]...\n"
+ 		"\t\t[-s <sender NSID>] [-S <sender key Id>]...\n"
+ 		"\t\t[-v <SKIP version>] [-A <tunnel address>] [-T]\n"
++		"\t\t[-f <source address>]\n"
+ 		"\t%s [-i <interface>] "
+ 			"-x <hostname|IP address|\"*\"> [-M <mask>]...\n"
+ 		"\t\t[-k <kij algorithm>] [-t <crypt algorithm>]...\n"
+@@ -1592,6 +1613,7 @@
+ 	opt_trs = opt_msk = 0;
+ 	opt_prt = opt_sh = opt_mode = 0;
+ 	opt_nomadic = opt_tunnel = 0;
++	opt_source = 0;
+ 
+ 	ifname = skip_default_if();
+ 
+@@ -1614,7 +1636,7 @@
+ 	 */
+ 	optind = 1;
+ 	while ((opt = getopt(argc, argv,
+-			"phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:")) != -1) {
++			"phuPVTa:d:o:x:i:s:r:S:R:k:t:m:c:v:M:A:f:")) != -1) {
+ 
+ 		switch (opt) {
+ 	
+@@ -1761,7 +1783,10 @@
+ 			SKIP_ONE(&opt_tunnel);
+ 			tunnel = optarg;
+ 			break;
+-
++		case 'f':
++			SKIP_ONE(&opt_source);
++			srcaddr = optarg;
++			break;
+ 		case 'h':
+ 		default:
+ 			usage();
+@@ -1890,7 +1915,7 @@
+ 		opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
+ 		opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+ 		opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
+-		opt_sel += opt_tunnel;
++		opt_sel += opt_tunnel + opt_source;
+ 
+ 		if (opt_sel) {
+ 			fprintf(stderr, "%s -u does not take options\n",
+@@ -1912,7 +1937,7 @@
+ 		opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
+ 		opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+ 		opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
+-		opt_sel += opt_tunnel;
++		opt_sel += opt_tunnel + opt_source;
+ 
+ 		if (opt_sel) {
+ 			fprintf(stderr, "%s -p does not take options\n",
+@@ -1941,7 +1966,7 @@
+ 		opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
+ 		opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+ 		opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
+-		opt_sel += opt_tunnel;
++		opt_sel += opt_tunnel + opt_source;
+ 
+ 		if (opt_sel) {
+ 			fprintf(stderr, "%s -P does not take options\n",
+@@ -1963,7 +1988,7 @@
+ 		opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
+ 		opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+ 		opt_sel += opt_mode + opt_vers + opt_trs + opt_msk;
+-		opt_sel += opt_tunnel;
++		opt_sel += opt_tunnel + opt_source;
+ 
+ 		if (opt_sel) {
+ 			fprintf(stderr, "%s -V does not take options\n",
+@@ -1985,7 +2010,7 @@
+ 		opt_sel = opt_r_nsid + opt_s_nsid + opt_r_keyid + opt_s_keyid;
+ 		opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+ 		opt_sel += opt_vers + opt_trs + opt_msk;
+-		opt_sel += opt_tunnel;
++		opt_sel += opt_tunnel + opt_source;
+ 
+ 		if (opt_sel) {
+ 			usage();
+@@ -2018,7 +2043,7 @@
+ 		 */
+ 		opt_sel = opt_s_nsid + opt_s_keyid;
+ 		opt_sel += opt_kij + opt_crypt + opt_mac + opt_comp;
+-		opt_sel += opt_mode + opt_trs + opt_tunnel;
++		opt_sel += opt_mode + opt_trs + opt_tunnel + opt_source;
+ 
+ 		if (opt_sel) {
+ 			usage();
author	Julian Elischer <julian@FreeBSD.org>	1998-04-13 00:17:45 +0000
committer	Julian Elischer <julian@FreeBSD.org>	1998-04-13 00:17:45 +0000
commit	b7d69e8bbbcc1a179fa7e3daf0c42081bfd8fdb5 (patch)
tree	0138a30f12df965cf9c1e131045f246b0474277b /security/skip
parent	reimport of TenDRA, move it into lang like it was suppose to be... (diff)