## diffname ip/esp.c 1999/0316 ## diff -e /dev/null /n/emeliedump/1999/0316/sys/src/brazil/ip/esp.c 0a #include "u.h" #include "../port/lib.h" #include "mem.h" #include "dat.h" #include "fns.h" #include "../port/error.h" #include "ip.h" #include "libcrypt.h" typedef struct Esphdr Esphdr; typedef struct Esptail Esptail; typedef struct Userhdr Userhdr; typedef struct Esppriv Esppriv; typedef struct Espcb Espcb; typedef struct Algorithm Algorithm; #define DPRINT if(0)print enum { IP_ESPPROTO = 50, EsphdrSize = 28, // includes IP header IphdrSize = 20, // options have been striped EsptailSize = 2, // does not include pad or auth data UserhdrSize = 4, // user visable header size - if enabled }; struct Esphdr { /* ip header */ uchar vihl; /* Version and header length */ uchar tos; /* Type of service */ uchar length[2]; /* packet length */ uchar id[2]; /* Identification */ uchar frag[2]; /* Fragment information */ uchar Unused; uchar espproto; /* Protocol */ uchar espplen[2]; /* Header plus data length */ uchar espsrc[4]; /* Ip source */ uchar espdst[4]; /* Ip destination */ /* esp header */ uchar espspi[4]; /* Security parameter index */ uchar espseq[4]; /* Sequence number */ }; struct Esptail { uchar pad; uchar nexthdr; }; /* header as seen by the user */ struct Userhdr { uchar nexthdr; // next protocol uchar unused[3]; }; struct Esppriv { ulong in; ulong inerrors; }; /* * protocol specific part of Conv */ struct Espcb { int incoming; int header; // user user level header ulong spi; ulong seq; // last seq sent ulong window; // for replay attacks char *espalg; void *espstate; // other state for esp int espivlen; // in bytes int espblklen; int (*cipher)(Espcb*, uchar *buf, int len); char *ahalg; void *ahstate; // other state for esp int ahlen; // auth data length in bytes int ahblklen; int (*auth)(Espcb*, uchar *buf, int len, uchar *hash); }; struct Algorithm { char *name; int keylen; // in bits void (*init)(Espcb*, char* name, uchar *key, int keylen); }; static Conv* convlookup(Proto *esp, ulong spi); static char *setalg(Espcb *ecb, char **f, int n, Algorithm *alg); static void nullespinit(Espcb*, char*, uchar *key, int keylen); static void nullahinit(Espcb*, char*, uchar *key, int keylen); static void desespinit(Espcb *ecb, char *name, uchar *k, int n); static Algorithm espalg[] = { "null", 0, nullespinit, "des_56_cbc", 64, desespinit, nil, 0, nil, }; static Algorithm ahalg[] = { "null", 0, nullahinit, nil, 0, nil, }; static char* espconnect(Conv *c, char **argv, int argc) { char *p, *pp; char *e = nil; ulong spi; Espcb *ecb = (Espcb*)c->ptcl; qlock(c); switch(argc) { default: e = "bad args to connect"; break; case 2: p = strchr(argv[1], '!'); if(p == nil){ e = "malformed address"; break; } *p++ = 0; parseip(c->raddr, argv[1]); findlocalip(c->p->f, c->laddr, c->raddr); ecb->incoming = 0; ecb->seq = 0; if(strcmp(p, "*") == 0) { qlock(c->p); for(;;) { spi = nrand(1<<16) + 256; if(convlookup(c->p, spi) == nil) break; } qunlock(c->p); ecb->spi = spi; ecb->incoming = 1; qhangup(c->wq, nil); } else { spi = strtoul(p, &pp, 10); if(pp == p) { e = "malformed address"; break; } ecb->spi = spi; qhangup(c->rq, nil); } nullespinit(ecb, "null", nil, 0); nullahinit(ecb, "null", nil, 0); } qunlock(c); Fsconnected(c, e); return e; } static int espstate(Conv *c, char *state, int n) { return snprint(state, n, "%s", c->inuse?"Open\n":"Closed\n"); } static void espcreate(Conv *c) { c->rq = qopen(64*1024, 1, 0, 0); c->wq = qopen(64*1024, 0, 0, 0); } static void espclose(Conv *c) { Espcb *ecb; qclose(c->rq); qclose(c->wq); qclose(c->eq); ipmove(c->laddr, IPnoaddr); ipmove(c->raddr, IPnoaddr); ecb = (Espcb*)c->ptcl; free(ecb->espstate); free(ecb->ahstate); memset(ecb, 0, sizeof(Espcb)); qunlock(c); } void espkick(Conv *c, int) { Esphdr *eh; Esptail *et; Userhdr *uh; Espcb *ecb; Block *bp; int nexthdr; int payload; int pad; int align; uchar *auth; bp = qget(c->wq); if(bp == nil) return; qlock(c); ecb = c->ptcl; if(ecb->header) { /* make sure the message has a User header */ bp = pullupblock(bp, UserhdrSize); if(bp == nil) { qunlock(c); return; } uh = (Userhdr*)bp->rp; nexthdr = uh->nexthdr; bp->rp += UserhdrSize; } else { nexthdr = 0; // what should this be? } payload = BLEN(bp) + ecb->espivlen; /* Make space to fit ip header */ bp = padblock(bp, EsphdrSize + ecb->espivlen); align = 4; if(ecb->espblklen > align) align = ecb->espblklen; if(align % ecb->ahblklen != 0) panic("espkick: ahblklen is important after all"); pad = (align-1) - (payload + EsptailSize-1)%align; /* * Make space for tail * this is done by calling padblock with a negative size * Padblock does not change bp->wp! */ bp = padblock(bp, -(pad+EsptailSize+ecb->ahlen)); bp->wp += pad+EsptailSize+ecb->ahlen; eh = (Esphdr *)(bp->rp); et = (Esptail*)(bp->rp + EsphdrSize + payload + pad); // fill in tail et->pad = pad; et->nexthdr = nexthdr; ecb->cipher(ecb, bp->rp+EsphdrSize, payload+pad+EsptailSize); auth = bp->rp + EsphdrSize + payload + pad + EsptailSize; ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth); // fill in head hnputl(eh->espspi, ecb->spi); hnputl(eh->espseq, ++ecb->seq); v6tov4(eh->espsrc, c->laddr); v6tov4(eh->espdst, c->raddr); eh->espproto = IP_ESPPROTO; eh->frag[0] = 0; eh->frag[1] = 0; qunlock(c); //print("esp: pass down: %uld\n", BLEN(bp)); ipoput(c->p->f, bp, 0, c->ttl); } void espiput(Proto *esp, uchar*, Block *bp) { Esphdr *eh; Esptail *et; Userhdr *uh; Conv *c; Espcb *ecb; uchar raddr[IPaddrlen], laddr[IPaddrlen]; Fs *f; uchar *auth; ulong spi; int payload, nexthdr; f = esp->f; bp = pullupblock(bp, EsphdrSize+EsptailSize); if(bp == nil) { netlog(f, Logesp, "esp: short packet\n"); return; } eh = (Esphdr*)(bp->rp); spi = nhgetl(eh->espspi); v4tov6(raddr, eh->espsrc); v4tov6(laddr, eh->espdst); qlock(esp); /* Look for a conversation structure for this port */ c = convlookup(esp, spi); if(c == nil) { qunlock(esp); netlog(f, Logesp, "esp: no conv %I -> %I!%d\n", raddr, laddr, spi); icmpnoconv(f, bp); freeblist(bp); return; } qlock(c); qunlock(esp); ecb = c->ptcl; // too hard to do decryption/authentication on block lists if(bp->next) bp = concatblock(bp); if(BLEN(bp) < EsphdrSize + ecb->espivlen + EsptailSize + ecb->ahlen) { qunlock(esp); netlog(f, Logesp, "esp: short block %I -> %I!%d\n", raddr, laddr, spi); freeb(bp); return; } eh = (Esphdr*)(bp->rp); auth = bp->wp - ecb->ahlen; if(!ecb->auth(ecb, eh->espspi, auth-eh->espspi, auth)) { qunlock(esp); netlog(f, Logesp, "esp: bad auth %I -> %I!%d\n", raddr, laddr, spi); freeb(bp); return; } payload = BLEN(bp)-EsphdrSize-ecb->ahlen; if(payload<=0 || payload%4 != 0 || payload%ecb->espblklen!=0) { qunlock(esp); netlog(f, Logesp, "esp: bad length %I -> %I!%d payload=%d BLEN=%d\n", raddr, laddr, spi, payload, BLEN(bp)); freeb(bp); return; } ecb->cipher(ecb, bp->rp+EsphdrSize, payload); payload -= EsptailSize; et = (Esptail*)(bp->rp + EsphdrSize + payload); payload -= et->pad + ecb->espivlen; nexthdr = et->nexthdr; if(payload <= 0) { qunlock(esp); netlog(f, Logesp, "esp: short packet after decrypt %I -> %I!%d\n", raddr, laddr, spi); freeb(bp); return; } // trim packet bp->rp += EsphdrSize + ecb->espivlen; bp->wp = bp->rp + payload; if(ecb->header) { // assume UserhdrSize < EsphdrSize bp->rp -= UserhdrSize; uh = (Userhdr*)bp->rp; memset(uh, 0, UserhdrSize); uh->nexthdr = nexthdr; } if(qfull(c->rq)){ netlog(f, Logesp, "esp: qfull %I -> %I.%uld\n", raddr, laddr, spi); freeblist(bp); }else { //print("esp: pass up: %uld\n", BLEN(bp)); qpass(c->rq, bp); } qunlock(c); } char* espctl(Conv *c, char **f, int n) { Espcb *ecb = c->ptcl; char *e = nil; qlock(c); if(strcmp(f[0], "esp") == 0) e = setalg(ecb, f, n, espalg); else if(strcmp(f[0], "ah") == 0) e = setalg(ecb, f, n, ahalg); else if(strcmp(f[0], "header") == 0) ecb->header = 1; else if(strcmp(f[0], "noheader") == 0) ecb->header = 0; else e = "unknown control request"; qunlock(c); return e; } void espadvise(Proto *esp, Block *bp, char *msg) { Esphdr *h; Conv *c; ulong spi; h = (Esphdr*)(bp->rp); spi = nhgets(h->espspi); qlock(esp); c = convlookup(esp, spi); if(c != nil) { qhangup(c->rq, msg); qhangup(c->wq, msg); } qunlock(esp); freeblist(bp); } int espstats(Proto *esp, char *buf, int len) { Esppriv *upriv; upriv = esp->priv; return snprint(buf, len, "%lud %lud\n", upriv->in, upriv->inerrors); } static int esplocal(Conv *c, char *buf, int len) { Espcb *ecb = c->ptcl; int n; qlock(c); if(ecb->incoming) n = snprint(buf, len, "%I!%uld\n", c->laddr, ecb->spi); else n = snprint(buf, len, "%I\n", c->laddr); qunlock(c); return n; } static int espremote(Conv *c, char *buf, int len) { Espcb *ecb = c->ptcl; int n; qlock(c); if(ecb->incoming) n = snprint(buf, len, "%I\n", c->raddr); else n = snprint(buf, len, "%I!%uld\n", c->raddr, ecb->spi); qunlock(c); return n; } // should have esp locked static Conv* convlookup(Proto *esp, ulong spi) { Conv *c, **p; Espcb *ecb; for(p=esp->conv; *p; p++){ c = *p; ecb = c->ptcl; if(ecb->incoming && ecb->spi == spi) return c; } } static char * setalg(Espcb *ecb, char **f, int n, Algorithm *alg) { uchar *key; int i, nbyte, nchar; int c; if(n < 2) return "bad format"; for(; alg->name; alg++) if(strcmp(f[1], alg->name) == 0) break; if(alg->name == nil) return "unknown algorithm"; if(n != 3) return "bad format"; nbyte = (alg->keylen + 7) >> 3; nchar = strlen(f[2]); for(i=0; i= '0' && c <= '9') f[2][i] -= '0'; else if(c >= 'a' && c <= 'f') f[2][i] -= 'a'-10; else if(c >= 'A' && c <= 'F') f[2][i] -= 'A'-10; else return "bad character in key"; } key = smalloc(nbyte); for(i=0; i>1] |= c; } alg->init(ecb, alg->name, key, alg->keylen); free(key); return nil; } static int nullcipher(Espcb*, uchar*, int) { return 1; } static void nullespinit(Espcb *ecb, char *name, uchar*, int) { ecb->espalg = name; ecb->espblklen = 1; ecb->espivlen = 0; ecb->cipher = nullcipher; } static int nullauth(Espcb*, uchar*, int, uchar*) { return 1; } static void nullahinit(Espcb *ecb, char *name, uchar*, int) { ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 0; ecb->auth = nullauth; } static int descipher(Espcb *ecb, uchar *p, int n) { uchar tmp[8]; uchar *pp, *tp, *ip, *eip, *ep; DESstate *ds = ecb->espstate; ep = p + n; if(ecb->incoming) { memmove(ds->ivec, p, 8); p += 8; while(p < ep){ memmove(tmp, p, 8); block_cipher(ds->expanded, p, 1); tp = tmp; ip = ds->ivec; for(eip = ip+8; ip < eip; ){ *p++ ^= *ip; *ip++ = *tp++; } } } else { memmove(p, ds->ivec, 8); for(p += 8; p < ep; p += 8){ pp = p; ip = ds->ivec; for(eip = ip+8; ip < eip; ) *pp++ ^= *ip++; block_cipher(ds->expanded, p, 0); memmove(ds->ivec, p, 8); } } return 1; } static void desespinit(Espcb *ecb, char *name, uchar *k, int n) { uchar key[8]; uchar ivec[8]; int i; // bits to bytes n = (n+7)>>3; if(n > 8) n = 8; memset(key, 0, sizeof(key)); memmove(key, k, n); for(i=0; i<8; i++) ivec[i] = nrand(256); ecb->espalg = name; ecb->espblklen = 8; ecb->espivlen = 8; ecb->cipher = descipher; ecb->espstate = smalloc(sizeof(DESstate)); setupDESstate(ecb->espstate, key, ivec); } void espinit(Fs *fs) { Proto *esp; esp = smalloc(sizeof(Proto)); esp->priv = smalloc(sizeof(Esppriv)); esp->name = "esp"; esp->kick = espkick; esp->connect = espconnect; esp->announce = nil; esp->ctl = espctl; esp->state = espstate; esp->create = espcreate; esp->close = espclose; esp->rcv = espiput; esp->advise = espadvise; esp->stats = espstats; esp->local = esplocal; esp->remote = espremote; esp->ipproto = IP_ESPPROTO; esp->nc = Nchans; esp->ptclsize = sizeof(Espcb); Fsproto(fs, esp); } . ## diffname ip/esp.c 1999/0608 ## diff -e /n/emeliedump/1999/0316/sys/src/brazil/ip/esp.c /n/emeliedump/1999/0608/sys/src/brazil/ip/esp.c 486a return nil; . ## diffname ip/esp.c 1999/0612 ## diff -e /n/emeliedump/1999/0608/sys/src/brazil/ip/esp.c /n/emeliedump/1999/0612/sys/src/brazil/ip/esp.c 560a } void hmac_sha(uchar hash[SHAdlen], uchar *t, long tlen, uchar *key, long klen) { uchar ipad[65], opad[65]; int i; DigestState *digest; uchar innerhash[SHAdlen]; for(i=0; i<64; i++){ ipad[i] = 0x36; opad[i] = 0x5c; } ipad[64] = opad[64] = 0; for(i=0; iahstate, 16); r = memcmp(auth, hash, ecb->ahlen) == 0; memmove(auth, hash, ecb->ahlen); return r; } static void shaahinit(Espcb *ecb, char *name, uchar *key, int klen) { if(klen != 128) panic("shaahinit: bad keylen"); klen >>= 8; // convert to bytes ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 12; ecb->auth = shaauth; ecb->ahstate = smalloc(klen); memmove(ecb->ahstate, key, klen); } void hmac_md5(uchar hash[MD5dlen], uchar *t, long tlen, uchar *key, long klen) { uchar ipad[65], opad[65]; int i; DigestState *digest; uchar innerhash[MD5dlen]; for(i=0; i<64; i++){ ipad[i] = 0x36; opad[i] = 0x5c; } ipad[64] = opad[64] = 0; for(i=0; iahstate, 16); r = memcmp(auth, hash, ecb->ahlen) == 0; memmove(auth, hash, ecb->ahlen); return r; } static void md5ahinit(Espcb *ecb, char *name, uchar *key, int klen) { if(klen != 128) panic("md5ahinit: bad keylen"); klen >>= 3; // convert to bytes ecb->ahalg = name; ecb->ahblklen = 1; ecb->ahlen = 12; ecb->auth = md5auth; ecb->ahstate = smalloc(klen); memmove(ecb->ahstate, key, klen); . 340a print("esp: bad auth %I -> %I!%ld\n", raddr, laddr, spi); . 276a ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth); . 266d 112a "hmac_sha_96", 128, shaahinit, "hmac_md5_96", 128, md5ahinit, . 100a static void shaahinit(Espcb*, char*, uchar *key, int keylen); static void md5ahinit(Espcb*, char*, uchar *key, int keylen); . ## diffname ip/esp.c 1999/0615 ## diff -e /n/emeliedump/1999/0612/sys/src/brazil/ip/esp.c /n/emeliedump/1999/0615/sys/src/brazil/ip/esp.c 727a } static int rc4cipher(Espcb *ecb, uchar *p, int n) { Esprc4 *esprc4; RC4state tmpstate; ulong seq; long d, dd; if(n < 4) return 0; esprc4 = ecb->espstate; if(ecb->incoming) { seq = nhgetl(p); p += 4; n -= 4; d = seq-esprc4->cseq; if(d == 0) { rc4(&esprc4->current, p, n); esprc4->cseq += n; if(esprc4->ovalid) { dd = esprc4->cseq - esprc4->lgseq; if(dd > RC4back) esprc4->ovalid = 0; } } else if(d > 0) { print("missing packet: %ld\n", d); // this link is hosed if(d > RC4forward) { strcpy(up->error, "rc4cipher: skipped too much"); return 0; } esprc4->lgseq = seq; if(!esprc4->ovalid) { esprc4->ovalid = 1; esprc4->oseq = esprc4->cseq; memmove(&esprc4->old, &esprc4->current, sizeof(RC4state)); } rc4skip(&esprc4->current, d); rc4(&esprc4->current, p, n); esprc4->cseq = seq+n; } else { dd = seq - esprc4->oseq; if(!esprc4->ovalid || -d > RC4back || dd < 0) { strcpy(up->error, "rc4cipher: too far back"); return 0; } print("reordered packet: %uld\n", seq); memmove(&tmpstate, &esprc4->old, sizeof(RC4state)); rc4skip(&tmpstate, dd); rc4(&tmpstate, p, n); return 1; } // move old state up if(esprc4->ovalid) { dd = esprc4->cseq - RC4back - esprc4->oseq; if(dd > 0) { rc4skip(&esprc4->old, dd); esprc4->oseq += dd; } } } else { hnputl(p, esprc4->cseq); p += 4; n -= 4; rc4(&esprc4->current, p, n); esprc4->cseq += n; } return 1; } static void rc4espinit(Espcb *ecb, char *name, uchar *k, int n) { Esprc4 *esprc4; // bits to bytes n = (n+7)>>3; esprc4 = smalloc(sizeof(Esprc4)); memset(esprc4, 0, sizeof(Esprc4)); setupRC4state(&esprc4->current, k, n); ecb->espalg = name; ecb->espblklen = 4; ecb->espivlen = 4; ecb->cipher = rc4cipher; ecb->espstate = esprc4; . 480d 361c if(!ecb->cipher(ecb, bp->rp+EsphdrSize, payload)) { qunlock(esp); print("esp: cipher failed %I -> %I!%ld: %r\n", raddr, laddr, spi); netlog(f, Logesp, "esp: cipher failed %I -> %I!%d: %r\n", raddr, laddr, spi); freeb(bp); return; } . 108a "rc4_128", 128, rc4espinit, . 103a static void rc4espinit(Espcb *ecb, char *name, uchar *k, int n); . 96a enum { RC4forward = 10*1024*1024, // maximum skip forward RC4back = 100*1024, // maximum look back }; struct Esprc4 { ulong cseq; // current byte sequence number RC4state current; int ovalid; // old is valid ulong lgseq; // last good sequence ulong oseq; // old byte sequence number RC4state old; }; . 17a typedef struct Esprc4 Esprc4; . ## diffname ip/esp.c 1999/0618 ## diff -e /n/emeliedump/1999/0615/sys/src/brazil/ip/esp.c /n/emeliedump/1999/0618/sys/src/brazil/ip/esp.c 395c qunlock(c); . 382c qunlock(c); . 375c qunlock(c); . 365c qunlock(c); . 355c qunlock(c); . ## diffname ip/esp.c 1999/0619 ## diff -e /n/emeliedump/1999/0618/sys/src/brazil/ip/esp.c /n/emeliedump/1999/0619/sys/src/brazil/ip/esp.c 803d 797a print("reordered packet: %uld %ld\n", seq, d); . 782c print("missing packet: %uld %ld\n", seq, d); . ## diffname ip/esp.c 1999/0824 ## diff -e /n/emeliedump/1999/0619/sys/src/brazil/ip/esp.c /n/emeliedump/1999/0824/sys/src/brazil/ip/esp.c 304c ipoput(c->p->f, bp, 0, c->ttl, c->tos); . ## diffname ip/esp.c 2000/0112 ## diff -e /n/emeliedump/1999/0824/sys/src/brazil/ip/esp.c /n/emeliedump/2000/0112/sys/src/9/ip/esp.c 676c seanq_hmac_md5(hash, t, tlen, (uchar*)ecb->ahstate, 16); . 647c seanq_hmac_md5(uchar hash[MD5dlen], uchar *t, long tlen, uchar *key, long klen) . 624,625c memset(hash, 0, SHA1dlen); seanq_hmac_sha1(hash, t, tlen, (uchar*)ecb->ahstate, 16); . 621c uchar hash[SHA1dlen]; . 612,615c digest = sha1(ipad, 64, nil, nil); sha1(t, tlen, innerhash, digest); digest = sha1(opad, 64, nil, nil); sha1(innerhash, SHA1dlen, hash, digest); . 601c uchar innerhash[SHA1dlen]; . 596c seanq_hmac_sha1(uchar hash[SHA1dlen], uchar *t, long tlen, uchar *key, long klen) . 135,136c "seanq_hmac_sha1_96", 128, shaahinit, "seanq_hmac_md5_96", 128, md5ahinit, . 10c #include "mp.h" #include "libsec.h" . ## diffname ip/esp.c 2000/0113 ## diff -e /n/emeliedump/2000/0112/sys/src/9/ip/esp.c /n/emeliedump/2000/0113/sys/src/9/ip/esp.c 10d ## diffname ip/esp.c 2000/0130 ## diff -e /n/emeliedump/2000/0113/sys/src/9/ip/esp.c /n/emeliedump/2000/0130/sys/src/9/ip/esp.c 135,136c "hmac_sha1_96", 128, shaahinit, "hmac_md5_96", 128, md5ahinit, . ## diffname ip/esp.c 2000/1220 ## diff -e /n/emeliedump/2000/0130/sys/src/9/ip/esp.c /n/emeliedump/2000/1220/sys/src/9/ip/esp.c 222,223d ## diffname ip/esp.c 2001/0217 ## diff -e /n/emeliedump/2000/1220/sys/src/9/ip/esp.c /n/emeliedump/2001/0217/sys/src/9/ip/esp.c 440d 429d 187d 148d ## diffname ip/esp.c 2001/0306 ## diff -e /n/emeliedump/2001/0217/sys/src/9/ip/esp.c /n/emeliedump/2001/0306/sys/src/9/ip/esp.c 223c espkick(Conv *c) . ## diffname ip/esp.c 2001/0623 ## diff -e /n/emeliedump/2001/0306/sys/src/9/ip/esp.c /n/emeliedump/2001/0623/sys/src/9/ip/esp.c 304c espiput(Proto *esp, Ipifc*, Block *bp) . ## diffname ip/esp.c 2001/0926 ## diff -e /n/emeliedump/2001/0623/sys/src/9/ip/esp.c /n/emeliedump/2001/0926/sys/src/9/ip/esp.c 795c strcpy(up->errstr, "rc4cipher: too far back"); . 779c strcpy(up->errstr, "rc4cipher: skipped too much"); . ## diffname ip/esp.c 2001/1027 ## diff -e /n/emeliedump/2001/0926/sys/src/9/ip/esp.c /n/emeliedump/2001/1027/sys/src/9/ip/esp.c 26c IphdrSize = 20, // options have been stripped . ## diffname ip/esp.c 2002/0507 ## diff -e /n/emeliedump/2001/1027/sys/src/9/ip/esp.c /n/emeliedump/2002/0507/sys/src/9/ip/esp.c 299,300c //print("esp: pass down: %uld\n", BLEN(bp)); ipoput4(c->p->f, bp, 0, c->ttl, c->tos); . 287a eh->vihl = IP_VER4; . 26c IphdrSize = 20, // options have been striped . ## diffname ip/esp.c 2002/0711 ## diff -e /n/emeliedump/2002/0507/sys/src/9/ip/esp.c /n/emeliedump/2002/0711/sys/src/9/ip/esp.c 201c c->rq = qopen(64*1024, Qmsg, 0, 0); . ## diffname ip/esp.c 2002/0712 ## diff -e /n/emeliedump/2002/0711/sys/src/9/ip/esp.c /n/emeliedump/2002/0712/sys/src/9/ip/esp.c 848d 224a Conv *c = x; . 222,223c static void espkick(void *x) . 202c c->wq = qopen(64*1024, Qkick, espkick, c); . 122a static void espkick(void *x); . ## diffname ip/esp.c 2003/0308 ## diff -e /n/emeliedump/2002/0712/sys/src/9/ip/esp.c /n/emeliedump/2003/0308/sys/src/9/ip/esp.c 303c ipoput4(c->p->f, bp, 0, c->ttl, c->tos, c); .