Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.

	Введите FGHI ссылку: Присутствуют сообщения из эхоконференции RU.UNIX.BSD с датами от 18 Jan 11 22:51:00 до 16 Sep 24 17:28:15, всего сообщений: 10763 Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение = Сообщение: 833 из 10763 ====================================== RU.UNIX.BSD = От   : Sergey Anohin                    2:5034/10.1        21 Jan 14 14:09:13 Кому : All                                                 21 Jan 14 14:09:13 Тема : patch на IPSEC FGHI : area://RU.UNIX.BSD?msgid=2:5034/10.1+52de4749 = Кодировка сообщения определена как: CP866 ================================== Ответ: area://RU.UNIX.BSD?msgid=2:5034/10.1+52de4c8b ============================================================================== Hello All Интеpесно а сабж будет на новом ядpе пахать? (pts/1)[root@server:/usr]# patch < /usr/src/ipsec-patches.diff Hmm...  Looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -rup src/sys/netinet/tcp_input.c sru/sys/netinet/tcp_input.c |--- src/sys/netinet/tcp_input.c        2012-11-04 14:26:51.000000000 -0200 |+++ sru/sys/netinet/tcp_input.c        2012-11-28 18:53:56.000000000 -0200 -------------------------- Patching file src/sys/netinet/tcp_input.c using Plan A... Hunk #1 succeeded at 704 (offset -1 lines). Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -rup src/sys/netipsec/esp_var.h sru/sys/netipsec/esp_var.h |--- src/sys/netipsec/esp_var.h 2012-11-04 14:26:53.000000000 -0200 |+++ sru/sys/netipsec/esp_var.h 2012-11-28 18:53:56.000000000 -0200 -------------------------- Patching file src/sys/netipsec/esp_var.h using Plan A... Hunk #1 failed at 77. 1 out of 1 hunks failed--saving rejects to src/sys/netipsec/esp_var.h.rej Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -rup src/sys/netipsec/ipsec_input.c sru/sys/netipsec/ipsec_input.c |--- src/sys/netipsec/ipsec_input.c     2012-11-04 14:26:53.000000000 -0200 |+++ sru/sys/netipsec/ipsec_input.c     2012-11-29 20:45:42.000000000 -0200 -------------------------- Patching file src/sys/netipsec/ipsec_input.c using Plan A... Hunk #1 succeeded at 76. Hunk #2 succeeded at 354. Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -rup src/sys/netipsec/key.c sru/sys/netipsec/key.c |--- src/sys/netipsec/key.c     2012-11-04 14:26:53.000000000 -0200 |+++ sru/sys/netipsec/key.c     2012-11-29 18:40:34.000000000 -0200 -------------------------- Patching file src/sys/netipsec/key.c using Plan A... Hunk #1 succeeded at 460. Hunk #2 succeeded at 1314 (offset -1 lines). Hunk #3 succeeded at 2959 (offset -5 lines). Hunk #4 succeeded at 3089 (offset -1 lines). Hunk #5 succeeded at 3508 (offset -5 lines). Hunk #6 succeeded at 3794 (offset -12 lines). Hunk #7 failed at 4116. Hunk #8 succeeded at 4721 (offset -6 lines). Hunk #9 succeeded at 4806 (offset -12 lines). Hunk #10 succeeded at 5160 (offset -6 lines). Hunk #11 succeeded at 5256 (offset -12 lines). Hunk #12 succeeded at 5478 (offset -6 lines). Hunk #13 succeeded at 5537 (offset -12 lines). 1 out of 13 hunks failed--saving rejects to src/sys/netipsec/key.c.rej Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -rup src/sys/netipsec/keydb.h sru/sys/netipsec/keydb.h |--- src/sys/netipsec/keydb.h   2012-11-04 14:26:53.000000000 -0200 |+++ sru/sys/netipsec/keydb.h   2012-11-28 18:53:56.000000000 -0200 -------------------------- Patching file src/sys/netipsec/keydb.h using Plan A... Hunk #1 succeeded at 163. Hmm...  The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -rup src/sys/netipsec/xform_esp.c sru/sys/netipsec/xform_esp.c |--- src/sys/netipsec/xform_esp.c       2012-11-04 14:26:53.000000000 -0200 |+++ sru/sys/netipsec/xform_esp.c       2012-11-28 18:53:56.000000000 -0200 -------------------------- Patching file src/sys/netipsec/xform_esp.c using Plan A... Hunk #1 failed at 78. 1 out of 1 hunks failed--saving rejects to src/sys/netipsec/xform_esp.c.rej done (pts/1)[root@server:/usr]# ee /usr/src/src/sys/netipsec/xform_esp.c.rej Содеpжимое xform_esp.c.rej *************** *** 78,89 ****   VNET_DEFINE(int, esp_enable) = 1;   VNET_DEFINE(struct espstat, espstat);   SYSCTL_DECL(_net_inet_esp);   SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO,         esp_enable,     CTLFLAG_RW,     &VNET_NAME(esp_enable), 0, "");   SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS,         stats,          CTLFLAG_RD,     &VNET_NAME(espstat),    espstat, "");   static VNET_DEFINE(int, esp_max_ivlen);       /* max iv length over all algorithms */   #define       V_esp_max_ivlen VNET(esp_max_ivlen) --- 78,93 ----   VNET_DEFINE(int, esp_enable) = 1;   VNET_DEFINE(struct espstat, espstat); + VNET_DEFINE(int, esp_ignore_natt_cksum) = 0;   SYSCTL_DECL(_net_inet_esp);   SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO,         esp_enable,     CTLFLAG_RW,     &VNET_NAME(esp_enable), 0, "");   SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS,         stats,          CTLFLAG_RD,     &VNET_NAME(espstat),    espstat, ""); + SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO, +       esp_ignore_natt_cksum,  CTLFLAG_RW,     &VNET_NAME(esp_ignore_natt_cksum), 0, +       "Do not validate checksums of ESP protected packets in case of NAT-T");   static VNET_DEFINE(int, esp_max_ivlen);       /* max iv length over all algorithms */   #define       V_esp_max_ivlen VNET(esp_max_ivlen) Содеpжимое патча: cat /usr/src/ipsec-patches.diff diff -rup src/sys/netinet/tcp_input.c sru/sys/netinet/tcp_input.c --- src/sys/netinet/tcp_input.c 2012-11-04 14:26:51.000000000 -0200 +++ sru/sys/netinet/tcp_input.c 2012-11-28 18:53:56.000000000 -0200 @@ -705,6 +705,9 @@ tcp_input(struct mbuf *m, int off0)                 }                 /* Re-initialization for later version check */                 ip->ip_v = IPVERSION; + +               /* Restore IP header length field, IPSEC needs it */ +               ip->ip_hl = off0 >> 2;         }  #endif /* INET */   diff -rup src/sys/netipsec/esp_var.h sru/sys/netipsec/esp_var.h --- src/sys/netipsec/esp_var.h  2012-11-04 14:26:53.000000000 -0200 +++ sru/sys/netipsec/esp_var.h  2012-11-28 18:53:56.000000000 -0200 @@ -77,5 +77,7 @@ VNET_DECLARE(struct espstat, espstat);    #define        V_esp_enable    VNET(esp_enable)  #define        V_espstat       VNET(espstat) +VNET_DECLARE(int, esp_ignore_natt_cksum); +#define V_esp_ignore_natt_cksum            VNET(esp_ignore_natt_cksum)  #endif /* _KERNEL */  #endif /*;_NETIPSEC_ESP_VAR_H_&#42;/ diff -rup src/sys/netipsec/ipsec_input.c sru/sys/netipsec/ipsec_input.c --- src/sys/netipsec/ipsec_input.c      2012-11-04 14:26:53.000000000 -0200 +++ sru/sys/netipsec/ipsec_input.c      2012-11-29 20:45:42.000000000 -0200 @@ -76,6 +76,11 @@  #include <netinet/icmp6.h>  #endif   +#ifdef IPSEC_NAT_T +#include <netinet/tcp.h> +#include <netinet/udp.h> +#endif +  #include <netipsec/ipsec.h>  #ifdef INET6  #include <netipsec/ipsec6.h> @@ -349,6 +354,33 @@ ipsec4_common_input_cb(struct mbuf *m, s         }         prot = ip->ip_p;   +#ifdef IPSEC_NAT_T +       if (saidx->mode == IPSEC_MODE_TRANSPORT && sproto == IPPROTO_ESP) { +               if (V_esp_ignore_natt_cksum != 0) { +                       /* Ignore checksum of packet protected by ESP.  */ +                       if (prot == IPPROTO_TCP || prot == IPPROTO_UDP) { +                               m->m_pkthdr.csum_flags |= (CSUM_DATA_VALID | CSUM_PSEUDO_HDR); +                               m->m_pkthdr.csum_data = 0xffff; + +                       } +               } else if (sav->natt_cksum != 0) { +                       if (prot == IPPROTO_TCP || prot == IPPROTO_UDP) { +                               u_int16_t proto_cksum; +                               int off = sizeof(struct ip); +                               if (prot == IPPROTO_TCP) { +                                       off += offsetof(struct tcphdr, th_sum); +                               } else if (prot == IPPROTO_UDP) { +                                       off += offsetof(struct udphdr, uh_sum); +                               } +                               m_copydata(m, off, sizeof(u_int16_t), (caddr_t)&proto_cksum); +                               proto_cksum = in_addword(sav->natt_cksum, ~ntohs(proto_cksum)); +                               proto_cksum = ~htons(proto_cksum); +                               m_copyback(m, off, sizeof(u_int16_t), (caddr_t)&proto_cksum); +                       } +               } +       } +#endif +  #ifdef notyet         /* IP-in-IP encapsulation */         if (prot == IPPROTO_IPIP) { diff -rup src/sys/netipsec/key.c sru/sys/netipsec/key.c --- src/sys/netipsec/key.c      2012-11-04 14:26:53.000000000 -0200 +++ sru/sys/netipsec/key.c      2012-11-29 18:40:34.000000000 -0200 @@ -460,6 +460,8 @@ static struct mbuf *key_setsadbaddr __P(  #ifdef IPSEC_NAT_T  static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);  static struct mbuf *key_setsadbxtype(u_int16_t); +static u_int16_t key_compute_natt_cksum(struct sockaddr*, +       struct sockaddr*, struct sockaddr*, struct sockaddr*);  #endif  static void key_porttosaddr(struct sockaddr *, u_int16_t);  #define        KEY_PORTTOSADDR(saddr, port)                            \ @@ -1313,11 +1315,14 @@ key_getsp(struct secpolicyindex *spidx)                         continue;                 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {                         SP_ADDREF(sp); -                       break; +                       SPTREE_UNLOCK(); +                       goto found;                 }         }         SPTREE_UNLOCK(); +       return NULL;   +found:         return sp;  }   @@ -2959,11 +2964,15 @@ key_getsah(saidx)         LIST_FOREACH(sah, &V_sahtree, chain) {                 if (sah->state == SADB_SASTATE_DEAD)                         continue; -               if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) -                       break; +               if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) { +                       SAHTREE_UNLOCK(); +                       goto found; +               }         }         SAHTREE_UNLOCK(); +       return NULL;   +found:         return sah;  }   @@ -3081,6 +3090,7 @@ key_setsaval(sav, m, mhp)         /*  Initialize even if NAT-T not compiled in: */         sav->natt_type = 0;         sav->natt_esp_frag_len = 0; +       sav->natt_cksum = 0;           /* SA */         if (mhp->ext[SADB_EXT_SA] != NULL) { @@ -3503,7 +3513,19 @@ key_setdumpsa(struct secasvar *sav, u_in                         break;                   case SADB_X_EXT_NAT_T_OAI: +                       m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, +                           &sav->natt_oa_src.sa, +                           FULLMASK, IPSEC_ULPROTO_ANY); +                       if (!m) +                               goto fail; +                       break;                 case SADB_X_EXT_NAT_T_OAR: +                       m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, +                           &sav->natt_oa_dst.sa, +                           FULLMASK, IPSEC_ULPROTO_ANY); +                       if (!m) +                               goto fail; +                       break;                 case SADB_X_EXT_NAT_T_FRAG:                         /* We do not (yet) support those. */                         continue; @@ -3784,6 +3806,56 @@ key_portfromsaddr(struct sockaddr *sa)                         __func__, sa->sa_family));         return (0);  } + +/* + * Compute checksum delta to be applied to incoming TCP/UDP packet + * after packet has been decrypted + */ +static u_int16_t +key_compute_natt_cksum(struct sockaddr *src, struct sockaddr *dst, +       struct sockaddr *natt_src, struct sockaddr *natt_dst) +{ +       u_int32_t total_sum = 0; +       u_int32_t sum_old, sum_new; +       if (natt_src && key_sockaddrcmp(src, natt_src, 0)) { +               IPSEC_ASSERT(src->sa.sa_family == AF_INET, ("bad address family")); +               sum_old = *(u_int32_t*)(&((struct sockaddr_in*)src)->sin_addr); +               sum_old = ntohl(sum_old); +               sum_old = (sum_old & 0xFFFF) + (sum_old >> 16); +               sum_old = (sum_old & 0xFFFF) + (sum_old >> 16); + +               sum_new = *(u_int32_t*)(&((struct sockaddr_in*)natt_src)->sin_addr); +               sum_new = ntohl(sum_new); +               sum_new = (sum_new & 0xFFFF) + (sum_new >> 16); +               sum_new = (sum_new & 0xFFFF) + (sum_new >> 16); + +               if (sum_new < sum_old) +                       sum_new--; + +               total_sum += sum_new - sum_old; +       } +       if (natt_dst && key_sockaddrcmp(dst, natt_dst, 0)) { +               IPSEC_ASSERT(dst->sa.sa_family == AF_INET, ("bad address family")); +               sum_old = *(u_int32_t*)(&((struct sockaddr_in*)natt_dst)->sin_addr); +               sum_old = ntohl(sum_old); +               sum_old = (sum_old & 0xFFFF) + (sum_old >> 16); +               sum_old = (sum_old & 0xFFFF) + (sum_old >> 16); + +               sum_new = *(u_int32_t*)(&((struct sockaddr_in*)dst)->sin_addr); +               sum_new = ntohl(sum_new); +               sum_new = (sum_new & 0xFFFF) + (sum_new >> 16); +               sum_new = (sum_new & 0xFFFF) + (sum_new >> 16); + +               if (sum_new < sum_old) +                       sum_new--; + +               total_sum += sum_new - sum_old; +       } +       total_sum = (total_sum & 0xFFFF) + (total_sum >> 16); +       total_sum = (total_sum & 0xFFFF) + (total_sum >> 16); +       return (u_int16_t)total_sum; +} +  #endif /* IPSEC_NAT_T */    /* @@ -4056,10 +4128,11 @@ key_cmpsaidx(                 /*                  * If NAT-T is enabled, check ports for tunnel mode.                  * Do not check ports if they are set to zero in the SPD. -                * Also do not do it for transport mode, as there is no -                * port information available in the SP. +                * Also do not do it for native transport mode, as there +                * is no port information available in the SP.                  */ -               if (saidx1->mode == IPSEC_MODE_TUNNEL && +               if ((saidx1->mode == IPSEC_MODE_TUNNEL || +                   (saidx1->mode == IPSEC_MODE_TRANSPORT && saidx1->proto == IPPROTO_ESP)) &&                     saidx1->src.sa.sa_family == AF_INET &&                     saidx1->dst.sa.sa_family == AF_INET &&                     ((const struct sockaddr_in *)(&saidx1->src))->sin_port && @@ -4654,7 +4727,7 @@ key_getspi(so, m, mhp)         struct mbuf *m;         const struct sadb_msghdr *mhp;  { -       struct sadb_address *src0, *dst0; +       struct sadb_address *src0, *dst0, *iaddr, *raddr;         struct secasindex saidx;         struct secashead *newsah;         struct secasvar *newsav; @@ -4745,10 +4818,24 @@ key_getspi(so, m, mhp)          * We made sure the port numbers are zero above, so we do          * not have to worry in case we do not update them.          */ -       if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) +       if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) {                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi present\n", __func__)); -       if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) +               if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(struct sadb_address)) { +                       ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", +                           __func__)); +                       return key_senderror(so, m, EINVAL); +               } +               iaddr = (struct sadb_address *)(mhp->ext[SADB_X_EXT_NAT_T_OAI]); +       } +       if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {                 ipseclog((LOG_DEBUG, "%s: NAT-T OAr present\n", __func__)); +               if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(struct sadb_address)) { +                       ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", +                           __func__)); +                       return key_senderror(so, m, EINVAL); +               } +               raddr = (struct sadb_address *)(mhp->ext[SADB_X_EXT_NAT_T_OAR]); +       }           if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && @@ -5079,6 +5166,18 @@ key_update(so, m, mhp)                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__)); +       } else if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) { +               /* FIXME: this allow to have client behind NAT without +               * patching racoon. Should be in sync with racoon */ +#if 0 +               iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA]; +               raddr = NULL; +#else +               iaddr = NULL; +               raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA]; +#endif +               ipseclog((LOG_DEBUG, "%s: NAT-T OA present\n", __func__)); +         } else {                 iaddr = raddr = NULL;         } @@ -5169,6 +5268,16 @@ key_update(so, m, mhp)         if (dport)                 KEY_PORTTOSADDR(&sav->sah->saidx.dst,                     dport->sadb_x_nat_t_port_port); +       if (iaddr) +               bcopy(iaddr + 1, &sav->natt_oa_src, ((const struct sockaddr *)(iaddr + 1))->sa_len); +       if (raddr) +               bcopy(raddr + 1, &sav->natt_oa_dst, ((const struct sockaddr *)(raddr + 1))->sa_len); +       if (sav->sah->saidx.src.sa.sa_family == AF_INET) { +               struct sockaddr *natt_src_sa = iaddr ? &sav->natt_oa_src.sa : NULL; +               struct sockaddr *natt_dst_sa = raddr ? &sav->natt_oa_dst.sa : NULL; +               sav->natt_cksum = key_compute_natt_cksum(&sav->sah->saidx.src.sa, +                   &sav->sah->saidx.dst.sa, natt_src_sa, natt_dst_sa); +       }    #if 0         /* @@ -5375,6 +5484,18 @@ key_add(so, m, mhp)                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__)); +       } else if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) { +               /* FIXME: this allow to have client behind NAT without +               * patching racoon. Should be in sync with racoon */ +#if 0 +               iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA]; +               raddr = NULL; +#else +               iaddr = NULL; +               raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA]; +#endif +               ipseclog((LOG_DEBUG, "%s: NAT-T OA present\n", __func__)); +         } else {                 iaddr = raddr = NULL;         } @@ -5428,6 +5549,16 @@ key_add(so, m, mhp)          */         if (type)                 newsav->natt_type = type->sadb_x_nat_t_type_type; +       if (iaddr) +               bcopy(iaddr + 1, &newsav->natt_oa_src, ((const struct sockaddr *)(iaddr + 1))->sa_len); +       if (raddr) +               bcopy(raddr + 1, &newsav->natt_oa_dst, ((const struct sockaddr *)(raddr + 1))->sa_len); +       if (newsav->sah->saidx.src.sa.sa_family == AF_INET) { +               struct sockaddr *natt_src_sa = iaddr ? &newsav->natt_oa_src.sa : NULL; +               struct sockaddr *natt_dst_sa = raddr ? &newsav->natt_oa_dst.sa : NULL; +               newsav->natt_cksum = key_compute_natt_cksum(&newsav->sah->saidx.src.sa, +                   &newsav->sah->saidx.dst.sa, natt_src_sa, natt_dst_sa); +       }    #if 0         /* diff -rup src/sys/netipsec/keydb.h sru/sys/netipsec/keydb.h --- src/sys/netipsec/keydb.h    2012-11-04 14:26:53.000000000 -0200 +++ sru/sys/netipsec/keydb.h    2012-11-28 18:53:56.000000000 -0200 @@ -163,6 +163,9 @@ struct secasvar {          */         u_int16_t natt_type;            /* IKE/ESP-marker in output. */         u_int16_t natt_esp_frag_len;    /* MTU for payload fragmentation. */ +       union sockaddr_union natt_oa_src; /* NATT source address */ +       union sockaddr_union natt_oa_dst; /* NATT destination address */ +       u_int16_t natt_cksum;             /* checksum delta for inbound packets */  };    #define        SECASVAR_LOCK_INIT(_sav) \ diff -rup src/sys/netipsec/xform_esp.c sru/sys/netipsec/xform_esp.c --- src/sys/netipsec/xform_esp.c        2012-11-04 14:26:53.000000000 -0200 +++ sru/sys/netipsec/xform_esp.c        2012-11-28 18:53:56.000000000 -0200 @@ -78,12 +78,16 @@    VNET_DEFINE(int, esp_enable) = 1;  VNET_DEFINE(struct espstat, espstat); +VNET_DEFINE(int, esp_ignore_natt_cksum) = 0;    SYSCTL_DECL(_net_inet_esp);  SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO,         esp_enable,     CTLFLAG_RW,     &VNET_NAME(esp_enable), 0, "");  SYSCTL_VNET_STRUCT(_net_inet_esp, IPSECCTL_STATS,         stats,          CTLFLAG_RD,     &VNET_NAME(espstat),    espstat, ""); +SYSCTL_VNET_INT(_net_inet_esp, OID_AUTO, +       esp_ignore_natt_cksum,  CTLFLAG_RW,     &VNET_NAME(esp_ignore_natt_cksum), 0, +       "Do not validate checksums of ESP protected packets in case of NAT-T");    static VNET_DEFINE(int, esp_max_ivlen);        /* max iv length over all algorithms */  #define        V_esp_max_ivlen VNET(esp_max_ivlen) (pts/1)[root@server:/usr]# Bye --- FIPS/IP <build 01.14> * Origin: FIPS - rulezzz forever! (2:5034/10.1) К главной странице гейта

Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.118637 секунды