if ( esp_entry->inuse == IPSEC_FREE ) {
esp_entry->tspi = cur_spi = TEMP_SPI_START + idx;
esp_entry->inuse = IPSEC_INUSE;
- //printk ( KERN_DEBUG "%s:%s New esp_entry at %p"
- // " tspi %u cspi %u\n", __FILE__, __FUNCTION__,
+ //printk ( KERN_DEBUG "%s:%s New esp_entry at idx %d entry %p"
+ // " tspi %u cspi %u\n", __FILE__, __FUNCTION__, idx,
// esp_entry, esp_entry->tspi, cur_spi );
return esp_entry;
}
int idx = 0;
struct _esp_table *esp_entry = esp_table;
+ //printk ( KERN_DEBUG "%s:%s (0x%x) %u.%u.%u.%u\n", __FILE__, __FUNCTION__,
+ // ntohl(esph->spi), NIPQUAD(daddr));
for ( ; idx < MAX_PORTS; idx++, esp_entry++ ) {
if ( esp_entry->inuse == IPSEC_FREE ) {
continue;
if (skb_copy_bits(skb, dataoff, &esph, sizeof(esph)) != 0)
return 0;
+ //printk ( KERN_DEBUG "%s:%s (0x%x) IP Pkt Hdr %u.%u.%u.%u <-> %u.%u.%u.%u\n",
+ // __FILE__, __FUNCTION__, ntohl(esph.spi),
+ // NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
+ //printk ( KERN_DEBUG "%s:%s (0x%x) %u.%u.%u.%u <-> %u.%u.%u.%u\n",
+ // __FILE__, __FUNCTION__, ntohl(esph.spi),
+ // NIPQUAD(tuple->src.ip), NIPQUAD(tuple->dst.ip) );
if ( (esp_entry = search_esp_entry_by_spi ( &esph, tuple->dst.ip ) ) == NULL ) {
esp_entry = alloc_esp_entry();
//printk ( KERN_DEBUG "%s:%s tspi %u cspi %u spi 0x%x seq 0x%x"
// " sip %u.%u.%u.%u dip %u.%u.%u.%u\n", __FILE__,
// __FUNCTION__, esp_entry->tspi, cur_spi,
- // ntohl(esph->spi), ntohl(esph->seq),
+ // ntohl(esph.spi), ntohl(esph.seq),
// NIPQUAD(tuple->src.ip), NIPQUAD(tuple->dst.ip) );
tuple->dst.u.esp.spi = esp_entry->tspi;
tuple->src.u.esp.spi = esp_entry->tspi;
static int esp_invert_tuple(struct ip_conntrack_tuple *tuple,
const struct ip_conntrack_tuple *orig)
{
- //printk ( KERN_DEBUG "%s:%s cspi %u dspi %u sspi %u"
- // " sip %u.%u.%u.%u dip %u.%u.%u.%u\n",
+ //printk ( KERN_DEBUG "%s:%s cspi 0x%x dspi 0x%x sspi 0x%x"
+ // " %u.%u.%u.%u <-> %u.%u.%u.%u\n",
// __FILE__, __FUNCTION__, cur_spi, orig->dst.u.esp.spi,
// orig->src.u.esp.spi, NIPQUAD(tuple->src.ip),
// NIPQUAD(tuple->dst.ip) );
const struct esphdr *esph = (void *)iph + iph->ihl*4;
struct _esp_table *esp_entry;
- //printk ( KERN_DEBUG "%s:%s ctinfo %d status %d spi 0x%x seq 0x%x\n",
- // __FILE__, __FUNCTION__, conntrackinfo, conntrack->status,
- // ntohl(esph->spi), ntohl(esph->seq) );
+ //printk ( KERN_DEBUG "%s:%s (0x%x) %u.%u.%u.%u <-> %u.%u.%u.%u %s\n",
+ // __FILE__, __FUNCTION__, ntohl(esph->spi),
+ // NIPQUAD(iph->saddr), NIPQUAD(iph->daddr),
+ // (conntrackinfo == IP_CT_NEW ) ? "CT_NEW" : "SEEN_REPLY" );
/*
* This should not happen. We get into this routine only if there is
* an existing stream.
*/
if (conntrackinfo == IP_CT_NEW ) {
+ //printk ( KERN_DEBUG "%s:%s IP_CT_NEW (0x%x) %u.%u.%u.%u <-> %u.%u.%u.%u\n",
+ // __FILE__, __FUNCTION__, esph->spi, NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
if ( (esp_entry = search_esp_entry_by_spi ( esph,
iph->daddr ) ) == NULL ) {
esp_entry = alloc_esp_entry ();
if ( esp_entry == NULL ) {
/* All entries are currently in use */
+ //printk ( KERN_DEBUG "%s:%s All connections in use\n",
+ // __FILE__, __FUNCTION__);
return NF_DROP;
}
esp_entry->l_spi = ntohl(esph->spi);
}
/* If we've seen traffic both ways, this is some kind of UDP
stream. Extend timeout. */
- if (conntrack->status & IPS_SEEN_REPLY) {
+ if (conntrack->status & IPS_SEEN_REPLY) {
ip_ct_refresh(conntrack, ESP_STREAM_TIMEOUT);
/* Also, more likely to be important, and not a probe */
set_bit(IPS_ASSURED_BIT, &conntrack->status);
} else {
ip_ct_refresh(conntrack, ESP_TIMEOUT);
}
- esp_entry = search_esp_entry_by_spi ( esph, iph->daddr );
+ //esp_entry = search_esp_entry_by_spi ( esph, iph->daddr );
if ( esp_entry != NULL ) {
//printk ( KERN_DEBUG "%s:%s can modify this %u.%u.%u.%u"
// " with %u.%u.%u.%u\n",
const struct iphdr *iph = skb->nh.iph;
const struct esphdr *esph = (void *)iph + iph->ihl*4;
struct _esp_table *esp_entry;
- //printk ( KERN_DEBUG "%s:%s spi 0x%x seq 0x%x sip %u.%u.%u.%u"
- // " daddr %u.%u.%u.%u\n", __FILE__, __FUNCTION__,
- // ntohl(esph->spi), ntohl(esph->seq), NIPQUAD(iph->saddr),
- // NIPQUAD(iph->daddr) );
+ //printk ( KERN_DEBUG "%s:%s (0x%x) %u.%u.%u.%u <-> %u.%u.%u.%u\n",
+ // __FILE__, __FUNCTION__, ntohl(esph->spi),
+ // NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
if ( (esp_entry = search_esp_entry_by_spi ( esph, iph->daddr ) ) == NULL ) {
/*
* Check if this is the same LAN client creating another session.
esp_entry = alloc_esp_entry ();
if ( esp_entry == NULL ) {
/* All entries are currently in use */
+ //printk ( KERN_DEBUG "%s:%s All connections in use\n",
+ // __FILE__, __FUNCTION__);
return NF_DROP;
}
esp_entry->l_spi = ntohl(esph->spi);