priv_netinet_ipsec.c (173679) | priv_netinet_ipsec.c (196172) |
---|---|
1/*- 2 * Copyright (c) 2007 Bjoern A. Zeeb 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 20 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 22 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 23 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * | 1/*- 2 * Copyright (c) 2007 Bjoern A. Zeeb 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 9 unchanged lines hidden (view full) --- 18 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 20 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 22 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 23 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * |
26 * $FreeBSD: head/tools/regression/priv/priv_netinet_ipsec.c 173679 2007-11-16 21:24:45Z bz $ | 26 * $FreeBSD: head/tools/regression/priv/priv_netinet_ipsec.c 196172 2009-08-13 09:11:47Z bz $ |
27 */ 28 29/* 30 * Confirm that privilege is required to open a pfkey socket, and that this 31 * is not allowed in jail. 32 */ 33 34#include <sys/types.h> --- 29 unchanged lines hidden (view full) --- 64 switch (af) { 65 case AF_INET: 66 sd = socket(AF_INET, SOCK_DGRAM, 0); 67 if (sd < 0) { 68 warn("%s: socket4", __func__); 69 return (-1); 70 } 71 break; | 27 */ 28 29/* 30 * Confirm that privilege is required to open a pfkey socket, and that this 31 * is not allowed in jail. 32 */ 33 34#include <sys/types.h> --- 29 unchanged lines hidden (view full) --- 64 switch (af) { 65 case AF_INET: 66 sd = socket(AF_INET, SOCK_DGRAM, 0); 67 if (sd < 0) { 68 warn("%s: socket4", __func__); 69 return (-1); 70 } 71 break; |
72#ifdef INET6 |
|
72 case AF_INET6: 73 sd = socket(AF_INET6, SOCK_DGRAM, 0); 74 if (sd < 0) { 75 warn("%s: socket6", __func__); 76 return (-1); 77 } 78 break; | 73 case AF_INET6: 74 sd = socket(AF_INET6, SOCK_DGRAM, 0); 75 if (sd < 0) { 76 warn("%s: socket6", __func__); 77 return (-1); 78 } 79 break; |
80#endif |
|
79 default: 80 warnx("%s: unexpected address family", __func__); 81 return (-1); 82 } 83 return (0); 84} 85 86int 87priv_netinet_ipsec_policy4_bypass_setup(int asroot, int injail, 88 struct test *test) 89{ 90 91 return (priv_netinet_ipsec_policy_bypass_setup_af(asroot, injail, test, 92 AF_INET)); 93} 94 | 81 default: 82 warnx("%s: unexpected address family", __func__); 83 return (-1); 84 } 85 return (0); 86} 87 88int 89priv_netinet_ipsec_policy4_bypass_setup(int asroot, int injail, 90 struct test *test) 91{ 92 93 return (priv_netinet_ipsec_policy_bypass_setup_af(asroot, injail, test, 94 AF_INET)); 95} 96 |
97#ifdef INET6 |
|
95int 96priv_netinet_ipsec_policy6_bypass_setup(int asroot, int injail, 97 struct test *test) 98{ 99 100 return (priv_netinet_ipsec_policy_bypass_setup_af(asroot, injail, test, 101 AF_INET6)); 102} | 98int 99priv_netinet_ipsec_policy6_bypass_setup(int asroot, int injail, 100 struct test *test) 101{ 102 103 return (priv_netinet_ipsec_policy_bypass_setup_af(asroot, injail, test, 104 AF_INET6)); 105} |
106#endif |
|
103 104 | 107 108 |
105 | |
106static int 107priv_netinet_ipsec_policy_entrust_setup_af(int asroot, int injail, 108 struct test *test, int af) 109{ 110 111 entrustbuf = ipsec_set_policy(policy_entrust, sizeof(policy_entrust)-1); 112 if (entrustbuf == NULL) { 113 warn("%s: ipsec_set_policy(NULL)", __func__); 114 return (-1); 115 } 116 switch (af) { 117 case AF_INET: 118 sd = socket(AF_INET, SOCK_DGRAM, 0); 119 if (sd < 0) { 120 warn("%s: socket4", __func__); 121 return (-1); 122 } 123 break; | 109static int 110priv_netinet_ipsec_policy_entrust_setup_af(int asroot, int injail, 111 struct test *test, int af) 112{ 113 114 entrustbuf = ipsec_set_policy(policy_entrust, sizeof(policy_entrust)-1); 115 if (entrustbuf == NULL) { 116 warn("%s: ipsec_set_policy(NULL)", __func__); 117 return (-1); 118 } 119 switch (af) { 120 case AF_INET: 121 sd = socket(AF_INET, SOCK_DGRAM, 0); 122 if (sd < 0) { 123 warn("%s: socket4", __func__); 124 return (-1); 125 } 126 break; |
127#ifdef INET6 |
|
124 case AF_INET6: 125 sd = socket(AF_INET6, SOCK_DGRAM, 0); 126 if (sd < 0) { 127 warn("%s: socket6", __func__); 128 return (-1); 129 } 130 break; | 128 case AF_INET6: 129 sd = socket(AF_INET6, SOCK_DGRAM, 0); 130 if (sd < 0) { 131 warn("%s: socket6", __func__); 132 return (-1); 133 } 134 break; |
135#endif |
|
131 default: 132 warnx("%s: unexpected address family", __func__); 133 return (-1); 134 } 135 return (0); 136} 137 138int 139priv_netinet_ipsec_policy4_entrust_setup(int asroot, int injail, 140 struct test *test) 141{ 142 143 return (priv_netinet_ipsec_policy_entrust_setup_af(asroot, injail, test, 144 AF_INET)); 145} 146 | 136 default: 137 warnx("%s: unexpected address family", __func__); 138 return (-1); 139 } 140 return (0); 141} 142 143int 144priv_netinet_ipsec_policy4_entrust_setup(int asroot, int injail, 145 struct test *test) 146{ 147 148 return (priv_netinet_ipsec_policy_entrust_setup_af(asroot, injail, test, 149 AF_INET)); 150} 151 |
152#ifdef INET6 |
|
147int 148priv_netinet_ipsec_policy6_entrust_setup(int asroot, int injail, 149 struct test *test) 150{ 151 152 return (priv_netinet_ipsec_policy_entrust_setup_af(asroot, injail, test, 153 AF_INET6)); 154} | 153int 154priv_netinet_ipsec_policy6_entrust_setup(int asroot, int injail, 155 struct test *test) 156{ 157 158 return (priv_netinet_ipsec_policy_entrust_setup_af(asroot, injail, test, 159 AF_INET6)); 160} |
161#endif |
|
155 | 162 |
156 | |
157void 158priv_netinet_ipsec_pfkey(int asroot, int injail, struct test *test) 159{ 160 int error, fd; 161 162 fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); 163 if (fd < 0) 164 error = -1; --- 26 unchanged lines hidden (view full) --- 191{ 192 int error, level, optname; 193 194 switch (af) { 195 case AF_INET: 196 level = IPPROTO_IP; 197 optname = IP_IPSEC_POLICY; 198 break; | 163void 164priv_netinet_ipsec_pfkey(int asroot, int injail, struct test *test) 165{ 166 int error, fd; 167 168 fd = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); 169 if (fd < 0) 170 error = -1; --- 26 unchanged lines hidden (view full) --- 197{ 198 int error, level, optname; 199 200 switch (af) { 201 case AF_INET: 202 level = IPPROTO_IP; 203 optname = IP_IPSEC_POLICY; 204 break; |
205#ifdef INET6 |
|
199 case AF_INET6: 200 level = IPPROTO_IPV6; 201 optname = IPV6_IPSEC_POLICY; 202 break; | 206 case AF_INET6: 207 level = IPPROTO_IPV6; 208 optname = IPV6_IPSEC_POLICY; 209 break; |
210#endif |
|
203 default: 204 warnx("%s: unexpected address family", __func__); 205 return; 206 } 207 error = setsockopt(sd, level, optname, 208 bypassbuf, ipsec_get_policylen(bypassbuf)); 209 if (asroot && injail) 210 expect("priv_netinet_ipsec_policy_bypass(asroot, injail)", --- 11 unchanged lines hidden (view full) --- 222 223void 224priv_netinet_ipsec_policy4_bypass(int asroot, int injail, struct test *test) 225{ 226 227 priv_netinet_ipsec_policy_bypass_af(asroot, injail, test, AF_INET); 228} 229 | 211 default: 212 warnx("%s: unexpected address family", __func__); 213 return; 214 } 215 error = setsockopt(sd, level, optname, 216 bypassbuf, ipsec_get_policylen(bypassbuf)); 217 if (asroot && injail) 218 expect("priv_netinet_ipsec_policy_bypass(asroot, injail)", --- 11 unchanged lines hidden (view full) --- 230 231void 232priv_netinet_ipsec_policy4_bypass(int asroot, int injail, struct test *test) 233{ 234 235 priv_netinet_ipsec_policy_bypass_af(asroot, injail, test, AF_INET); 236} 237 |
238#ifdef INET6 |
|
230void 231priv_netinet_ipsec_policy6_bypass(int asroot, int injail, struct test *test) 232{ 233 234 priv_netinet_ipsec_policy_bypass_af(asroot, injail, test, AF_INET6); 235} | 239void 240priv_netinet_ipsec_policy6_bypass(int asroot, int injail, struct test *test) 241{ 242 243 priv_netinet_ipsec_policy_bypass_af(asroot, injail, test, AF_INET6); 244} |
245#endif |
|
236 | 246 |
237 | |
238static void 239priv_netinet_ipsec_policy_entrust_af(int asroot, int injail, struct test *test, 240 int af) 241{ 242 int error, level, optname; 243 244 switch (af) { 245 case AF_INET: 246 level = IPPROTO_IP; 247 optname = IP_IPSEC_POLICY; 248 break; | 247static void 248priv_netinet_ipsec_policy_entrust_af(int asroot, int injail, struct test *test, 249 int af) 250{ 251 int error, level, optname; 252 253 switch (af) { 254 case AF_INET: 255 level = IPPROTO_IP; 256 optname = IP_IPSEC_POLICY; 257 break; |
258#ifdef INET6 |
|
249 case AF_INET6: 250 level = IPPROTO_IPV6; 251 optname = IPV6_IPSEC_POLICY; 252 break; | 259 case AF_INET6: 260 level = IPPROTO_IPV6; 261 optname = IPV6_IPSEC_POLICY; 262 break; |
263#endif |
|
253 default: 254 warnx("%s: unexpected address family", __func__); 255 return; 256 } 257 error = setsockopt(sd, level, optname, 258 entrustbuf, ipsec_get_policylen(entrustbuf)); 259 if (asroot && injail) 260 expect("priv_netinet_ipsec_policy_entrust(asroot, injail)", --- 11 unchanged lines hidden (view full) --- 272 273void 274priv_netinet_ipsec_policy4_entrust(int asroot, int injail, struct test *test) 275{ 276 277 priv_netinet_ipsec_policy_entrust_af(asroot, injail, test, AF_INET); 278} 279 | 264 default: 265 warnx("%s: unexpected address family", __func__); 266 return; 267 } 268 error = setsockopt(sd, level, optname, 269 entrustbuf, ipsec_get_policylen(entrustbuf)); 270 if (asroot && injail) 271 expect("priv_netinet_ipsec_policy_entrust(asroot, injail)", --- 11 unchanged lines hidden (view full) --- 283 284void 285priv_netinet_ipsec_policy4_entrust(int asroot, int injail, struct test *test) 286{ 287 288 priv_netinet_ipsec_policy_entrust_af(asroot, injail, test, AF_INET); 289} 290 |
291#ifdef INET6 |
|
280void 281priv_netinet_ipsec_policy6_entrust(int asroot, int injail, struct test *test) 282{ 283 284 priv_netinet_ipsec_policy_entrust_af(asroot, injail, test, AF_INET6); 285} | 292void 293priv_netinet_ipsec_policy6_entrust(int asroot, int injail, struct test *test) 294{ 295 296 priv_netinet_ipsec_policy_entrust_af(asroot, injail, test, AF_INET6); 297} |
298#endif |
|
286 | 299 |
287 | |
288void 289priv_netinet_ipsec_policy_bypass_cleanup(int asroot, int injail, 290 struct test *test) 291{ 292 293 if (bypassbuf != NULL) { 294 free(bypassbuf); 295 bypassbuf = NULL; --- 22 unchanged lines hidden --- | 300void 301priv_netinet_ipsec_policy_bypass_cleanup(int asroot, int injail, 302 struct test *test) 303{ 304 305 if (bypassbuf != NULL) { 306 free(bypassbuf); 307 bypassbuf = NULL; --- 22 unchanged lines hidden --- |