test-policy.c revision 55505
155505Sshin/* 255505Sshin * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 355505Sshin * All rights reserved. 455505Sshin * 555505Sshin * Redistribution and use in source and binary forms, with or without 655505Sshin * modification, are permitted provided that the following conditions 755505Sshin * are met: 855505Sshin * 1. Redistributions of source code must retain the above copyright 955505Sshin * notice, this list of conditions and the following disclaimer. 1055505Sshin * 2. Redistributions in binary form must reproduce the above copyright 1155505Sshin * notice, this list of conditions and the following disclaimer in the 1255505Sshin * documentation and/or other materials provided with the distribution. 1355505Sshin * 3. Neither the name of the project nor the names of its contributors 1455505Sshin * may be used to endorse or promote products derived from this software 1555505Sshin * without specific prior written permission. 1655505Sshin * 1755505Sshin * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 1855505Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1955505Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2055505Sshin * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2155505Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2255505Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2355505Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2455505Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2555505Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2655505Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2755505Sshin * SUCH DAMAGE. 2855505Sshin * 2955505Sshin * $FreeBSD: head/sbin/setkey/test-policy.c 55505 2000-01-06 12:40:54Z shin $ 3055505Sshin */ 3155505Sshin 3255505Sshin#include <sys/types.h> 3355505Sshin#include <sys/param.h> 3455505Sshin#include <sys/socket.h> 3555505Sshin#include <netinet/in.h> 3655505Sshin#include <netinet6/in6.h> 3755505Sshin#include <netkey/keyv2.h> 3855505Sshin#include <stdlib.h> 3955505Sshin#include <string.h> 4055505Sshin 4155505Sshin#include <netinet6/ipsec.h> 4255505Sshin 4355505Sshinchar *requests[] = { 4455505Sshin"must_error", /* must be error */ 4555505Sshin"ipsec must_error", /* must be error */ 4655505Sshin"ipsec esp/must_error", /* must be error */ 4755505Sshin"discard", 4855505Sshin"none", 4955505Sshin"entrust", 5055505Sshin"bypass", /* may be error */ 5155505Sshin"ipsec esp", /* must be error */ 5255505Sshin"ipsec ah/require", 5355505Sshin"ipsec ah/use/", 5455505Sshin"ipsec esp/require ah/default/203.178.141.194", 5555505Sshin"ipsec ah/use/203.178.141.195 esp/use/203.178.141.194", 5655505Sshin"ipsec esp/elf.wide.ydc.co.jp esp/www.wide.ydc.co.jp" 5755505Sshin" 5855505Sshinipsec esp/require ah/use esp/require/10.0.0.1 5955505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6055505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6155505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6255505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6355505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6455505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6555505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 6655505Sshinah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1ah/use/3ffe:501:481d::1 6755505Sshin", 6855505Sshin}; 6955505Sshin 7055505Sshinu_char *p_secpolicy; 7155505Sshin 7255505Sshinint test(char *buf, int family); 7355505Sshinchar *setpolicy(char *req); 7455505Sshin 7555505Sshinmain() 7655505Sshin{ 7755505Sshin int i; 7855505Sshin char *buf; 7955505Sshin 8055505Sshin for (i = 0; i < sizeof(requests)/sizeof(requests[0]); i++) { 8155505Sshin printf("* requests:[%s]\n", requests[i]); 8255505Sshin if ((buf = setpolicy(requests[i])) == NULL) 8355505Sshin continue; 8455505Sshin printf("\tsetlen:%d\n", PFKEY_EXTLEN(buf)); 8555505Sshin 8655505Sshin printf("\tPF_INET:\n"); 8755505Sshin test(buf, PF_INET); 8855505Sshin 8955505Sshin printf("\tPF_INET6:\n"); 9055505Sshin test(buf, PF_INET6); 9155505Sshin free(buf); 9255505Sshin } 9355505Sshin} 9455505Sshin 9555505Sshinint test(char *policy, int family) 9655505Sshin{ 9755505Sshin int so, proto, optname; 9855505Sshin int len; 9955505Sshin char getbuf[1024]; 10055505Sshin 10155505Sshin switch (family) { 10255505Sshin case PF_INET: 10355505Sshin proto = IPPROTO_IP; 10455505Sshin optname = IP_IPSEC_POLICY; 10555505Sshin break; 10655505Sshin case PF_INET6: 10755505Sshin proto = IPPROTO_IPV6; 10855505Sshin optname = IPV6_IPSEC_POLICY; 10955505Sshin break; 11055505Sshin } 11155505Sshin 11255505Sshin if ((so = socket(family, SOCK_DGRAM, 0)) < 0) 11355505Sshin perror("socket"); 11455505Sshin 11555505Sshin if (setsockopt(so, proto, optname, policy, PFKEY_EXTLEN(policy)) < 0) 11655505Sshin perror("setsockopt"); 11755505Sshin 11855505Sshin len = sizeof(getbuf); 11955505Sshin memset(getbuf, 0, sizeof(getbuf)); 12055505Sshin if (getsockopt(so, proto, optname, getbuf, &len) < 0) 12155505Sshin perror("getsockopt"); 12255505Sshin 12355505Sshin { 12455505Sshin char *buf = NULL; 12555505Sshin 12655505Sshin printf("\tgetlen:%d\n", len); 12755505Sshin 12855505Sshin if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) 12955505Sshin ipsec_strerror(); 13055505Sshin else 13155505Sshin printf("\t[%s]\n", buf); 13255505Sshin 13355505Sshin free(buf); 13455505Sshin } 13555505Sshin 13655505Sshin close (so); 13755505Sshin} 13855505Sshin 13955505Sshinchar *setpolicy(char *req) 14055505Sshin{ 14155505Sshin int len; 14255505Sshin char *buf; 14355505Sshin 14455505Sshin if ((len = ipsec_get_policylen(req)) < 0) { 14555505Sshin printf("ipsec_get_policylen: %s\n", ipsec_strerror()); 14655505Sshin return NULL; 14755505Sshin } 14855505Sshin 14955505Sshin if ((buf = malloc(len)) == NULL) { 15055505Sshin perror("malloc"); 15155505Sshin return NULL; 15255505Sshin } 15355505Sshin 15455505Sshin if ((len = ipsec_set_policy(buf, len, req)) < 0) { 15555505Sshin printf("ipsec_set_policy: %s\n", ipsec_strerror()); 15655505Sshin free(buf); 15755505Sshin return NULL; 15855505Sshin } 15955505Sshin 16055505Sshin return buf; 16155505Sshin} 162