From 3ca5232d936eab25c7b7bd137d597d3ff231ba3a Mon Sep 17 00:00:00 2001
From: brian <brian@FreeBSD.org>
Date: Thu, 14 Sep 2000 18:01:54 +0000
Subject: Understand IPPROTO_ESP and IPPROTO_AH packets

Submitted by: Angelos D. Keromytis <angelos@dsl.cis.upenn.edu>
---
 usr.sbin/ppp/filter.h |  2 ++
 usr.sbin/ppp/ip.c     | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/usr.sbin/ppp/filter.h b/usr.sbin/ppp/filter.h
index 6b452d8..b3a5992 100644
--- a/usr.sbin/ppp/filter.h
+++ b/usr.sbin/ppp/filter.h
@@ -32,6 +32,8 @@
 #ifdef IPPROTO_GRE
 #define P_GRE   6
 #endif
+#define P_ESP   7
+#define P_AH    8
 
 /* Operations - f_srcop, f_dstop */
 #define	OP_NONE	0
diff --git a/usr.sbin/ppp/ip.c b/usr.sbin/ppp/ip.c
index 0a90bac..ada3973 100644
--- a/usr.sbin/ppp/ip.c
+++ b/usr.sbin/ppp/ip.c
@@ -269,6 +269,16 @@ FilterCheck(const struct ip *pip, const struct filter *filter, unsigned *psecs)
             sport = ntohs(0);
             break;
 #endif
+          case IPPROTO_ESP:
+            cproto = P_ESP;
+            estab = syn = finrst = -1;
+            sport = ntohs(0);
+            break;
+          case IPPROTO_AH:
+            cproto = P_AH;
+            estab = syn = finrst = -1;
+            sport = ntohs(0);
+            break;
           case IPPROTO_UDP:
           case IPPROTO_IPIP:
             cproto = P_UDP;
@@ -636,6 +646,30 @@ PacketCheck(struct bundle *bundle, unsigned char *cp, int nb,
     }
     break;
 
+  case IPPROTO_ESP:
+    if (logit && loglen < sizeof logbuf) {
+      snprintf(logbuf + loglen, sizeof logbuf - loglen,
+               "ESP: %s ---> ", inet_ntoa(pip->ip_src));
+      loglen += strlen(logbuf + loglen);
+      snprintf(logbuf + loglen, sizeof logbuf - loglen,
+               "%s, spi %08x", inet_ntoa(pip->ip_dst),
+               (u_int32_t) ptop);
+      loglen += strlen(logbuf + loglen);
+    }
+    break;
+
+  case IPPROTO_AH:
+    if (logit && loglen < sizeof logbuf) {
+      snprintf(logbuf + loglen, sizeof logbuf - loglen,
+               "AH: %s ---> ", inet_ntoa(pip->ip_src));
+      loglen += strlen(logbuf + loglen);
+      snprintf(logbuf + loglen, sizeof logbuf - loglen,
+               "%s, spi %08x", inet_ntoa(pip->ip_dst),
+               (u_int32_t) (ptop + sizeof(u_int32_t)));
+      loglen += strlen(logbuf + loglen);
+    }
+    break;
+
   case IPPROTO_IGMP:
     if (logit && loglen < sizeof logbuf) {
       uh = (struct udphdr *) ptop;
-- 
cgit v1.1