1 /* $NetBSD: ipsec.c,v 1.1 2000/01/31 14:28:19 itojun Exp $ */ 2 3 /* 4 * Copyright (C) 1999 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/param.h> 33 #include <sys/stat.h> 34 #include <sys/socket.h> 35 36 #include <netinet/in.h> 37 #include <arpa/inet.h> 38 39 #include <stdio.h> 40 #include <stdlib.h> 41 #include <string.h> 42 #include <unistd.h> 43 #include <ctype.h> 44 45 #ifdef IPSEC 46 #include <netinet6/ipsec.h> 47 #ifndef IPSEC_POLICY_IPSEC /* no ipsec support on old ipsec */ 48 #undef IPSEC 49 #endif 50 #endif 51 52 #include "ipsec.h" 53 54 #ifdef IPSEC 55 int 56 ipsecsetup(af, fd, policy) 57 int af; 58 int fd; 59 const char *policy; 60 { 61 char *p0, *p; 62 int error; 63 64 if (!policy || policy == '\0') 65 p0 = p = strdup("in entrust; out entrust"); 66 else 67 p0 = p = strdup(policy); 68 69 error = 0; 70 while (1) { 71 p = strtok(p, ";"); 72 if (p == NULL) 73 break; 74 while (*p && isspace(*p)) 75 p++; 76 if (!*p) { 77 p = NULL; 78 continue; 79 } 80 error = ipsecsetup0(af, fd, p, 1); 81 if (error < 0) 82 break; 83 p = NULL; 84 } 85 86 free(p0); 87 return error; 88 } 89 90 int 91 ipsecsetup_test(policy) 92 const char *policy; 93 { 94 char *p0, *p; 95 char *buf; 96 int error; 97 98 if (!policy) 99 return -1; 100 p0 = p = strdup((char *)policy); 101 102 error = 0; 103 while (1) { 104 p = strtok(p, ";"); 105 if (p == NULL) 106 break; 107 while (*p && isspace(*p)) 108 p++; 109 if (!*p) { 110 p = NULL; 111 continue; 112 } 113 buf = ipsec_set_policy((char *)p, strlen(p)); 114 if (buf == NULL) { 115 error = -1; 116 break; 117 } 118 free(buf); 119 p = NULL; 120 } 121 122 free(p0); 123 return error; 124 } 125 126 int 127 ipsecsetup0(af, fd, policy, commit) 128 int af; 129 int fd; 130 const char *policy; 131 int commit; 132 { 133 int level; 134 int opt; 135 char *buf; 136 int error; 137 138 switch (af) { 139 case AF_INET: 140 level = IPPROTO_IP; 141 opt = IP_IPSEC_POLICY; 142 break; 143 #ifdef INET6 144 case AF_INET6: 145 level = IPPROTO_IPV6; 146 opt = IPV6_IPSEC_POLICY; 147 break; 148 #endif 149 default: 150 return -1; 151 } 152 153 buf = ipsec_set_policy((char *)policy, strlen(policy)); 154 if (buf != NULL) { 155 error = 0; 156 if (commit && setsockopt(fd, level, opt, 157 buf, ipsec_get_policylen(buf)) < 0) { 158 error = -1; 159 } 160 free(buf); 161 } else 162 error = -1; 163 return error; 164 } 165 #endif 166