Date: Fri, 6 Mar 1998 12:59:39 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: jerry@tor.securecomputing.com (Jerry Kendall) Cc: freebsd-questions@FreeBSD.ORG, jerry@kcis.com Subject: Re: FreeBSD 2.2.5R and SKIP 1.0 Message-ID: <199803062059.MAA28629@bubba.whistle.com> In-Reply-To: <98Mar6.150139est.11650@janus.tor.securecomputing.com> from Jerry Kendall at "Mar 6, 98 03:01:10 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jerry Kendall writes: > I am running FreeBSD 2.2.5-RELEASE with NATD on the external interface > named vx0. The internal interface de0 is NOT using natd. > > I am tring to get SKIP 1.0 running on the vx0 interface but > every time I run it, all looks OK until I send a > packet in/out the interface, at which time it reboots the system. I just submitted a PR containing a fix for this. I don't know when it will get committed, but here's what you can do in the meantime. Replace the file "patches/patch-bf" in the port with the file below and then rebuild and reinstall the port. This should fix the problem. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com diff -ur --unidirectional-new-file skipsrc-1.0.orig/skip/freebsd/skip_es.c skipsrc-1.0/skip/freebsd/skip_es.c --- skipsrc-1.0.orig/skip/freebsd/skip_es.c Fri Oct 25 13:12:42 1996 +++ skipsrc-1.0/skip/freebsd/skip_es.c Tue Mar 3 16:58:54 1998 @@ -81,6 +81,11 @@ static unsigned short skip_pktid; static skip_softc_t skip_softc[SKIP_MAX_OPENS]; +#ifdef NEW_TIMEOUT_INTERFACE +static struct callout_handle + skip_timeout_handle = CALLOUT_HANDLE_INITIALIZER(&skip_timeout_handle); +#endif + /* * statistics */ @@ -252,7 +257,10 @@ for (pr = inetdomain.dom_protosw; pr < inetdomain.dom_protoswNPROTOSW; pr++) { - pr->pr_input = skip_ifinput; + if (pr->pr_protocol == IPPROTO_DIVERT) + continue; + pr->pr_input = + (void (*)(struct mbuf *, int)) skip_ifinput; } splx(s); } @@ -788,7 +796,11 @@ static void skip_inittimers() { +#ifdef NEW_TIMEOUT_INTERFACE + skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); +#else timeout(skip_timer, NULL, skip_key_tick * hz); +#endif } /* skip_uninittimers() @@ -800,7 +812,12 @@ static void skip_uninittimers() { +#ifdef NEW_TIMEOUT_INTERFACE + untimeout(skip_timer, NULL, skip_timeout_handle); + callout_handle_init(&skip_timeout_handle); +#else untimeout(skip_timer, NULL); +#endif } /* skip_timer() @@ -819,7 +836,11 @@ * run through the key store */ skip_key_iterate(skip_key_check, NULL); +#ifdef NEW_TIMEOUT_INTERFACE + skip_timeout_handle = timeout(skip_timer, NULL, skip_key_tick * hz); +#else timeout(skip_timer, NULL, skip_key_tick * hz); +#endif } #ifdef notdef @@ -1718,7 +1739,7 @@ */ decryptbuf->m_data += iphlen; - SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%d\n", + SKIP_DEBUG2("skip_ifinput: decryptbuf m_len=%d m_data=%p\n", decryptbuf->m_len, decryptbuf->m_data); } @@ -2005,7 +2026,7 @@ if (params.kp_alg) { newip->ip_p = SKIP_NEXT_ESP; } else { - newip->ip_p = IPPROTO_ENCAP; + newip->ip_p = IPPROTO_IPIP; } } skip_if->stats.skip_if_raw_out++; @@ -2097,7 +2118,7 @@ register skip_param_t *params = &res->params; register struct ip *ip = mtod(original, struct ip *); int rc, s, iphlen; - struct mbuf *outbuf, *new_hdr; + struct mbuf *outbuf; SKIP_PRINT("skip_decrypt_done", params); @@ -2125,7 +2146,7 @@ */ outbuf = (res->modes & SKIP_CRYPT_ON) ? m : original; - if (res->proto != IPPROTO_ENCAP) { + if (res->proto != IPPROTO_IPIP) { /* * transport mode, need to copy original IP header */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803062059.MAA28629>