ipfilter/ipsend/ipsopt.c

22514Sdarrenr/*
53024Sguido * Copyright (C) 1995-1998 by Darren Reed.
22514Sdarrenr *
80486Sdarrenr * See the IPFILTER.LICENCE file for details on licencing.
22514Sdarrenr */
22514Sdarrenr#include <stdio.h>
22514Sdarrenr#include <string.h>
31183Speter#include <stdlib.h>
22514Sdarrenr#include <sys/types.h>
22514Sdarrenr#include <sys/time.h>
22514Sdarrenr#include <sys/socket.h>
22514Sdarrenr#include <netinet/in.h>
22514Sdarrenr#include <netinet/in_systm.h>
22514Sdarrenr#include <netinet/ip.h>
31183Speter#ifndef	linux
31183Speter#include <netinet/ip_var.h>
31183Speter#endif
31183Speter#include <netinet/tcp.h>
31183Speter#include <arpa/inet.h>
31183Speter#include "ipsend.h"
22514Sdarrenr
80486Sdarrenr#if !defined(lint)
80486Sdarrenrstatic const char sccsid[] = "@(#)ipsopt.c	1.2 1/11/96 (C)1995 Darren Reed";
80486Sdarrenrstatic const char rcsid[] = "@(#)$Id: ipsopt.c,v 2.1.4.2 2001/07/15 22:00:14 darrenr Exp $";
24583Sdarrenr#endif
24583Sdarrenr
24583Sdarrenr
22514Sdarrenrstruct ipopt_names ionames[] = {
22514Sdarrenr	{ IPOPT_EOL,	0x01,	1, "eol" },
22514Sdarrenr	{ IPOPT_NOP,	0x02,	1, "nop" },
31183Speter	{ IPOPT_RR,	0x04,	3, "rr" },	/* 1 route */
22514Sdarrenr	{ IPOPT_TS,	0x08,	8, "ts" },	/* 1 TS */
22514Sdarrenr	{ IPOPT_SECURITY, 0x08,	11, "sec-level" },
22514Sdarrenr	{ IPOPT_LSRR,	0x10,	7, "lsrr" },	/* 1 route */
22514Sdarrenr	{ IPOPT_SATID,	0x20,	4, "satid" },
22514Sdarrenr	{ IPOPT_SSRR,	0x40,	7, "ssrr" },	/* 1 route */
22514Sdarrenr	{ 0, 0, 0, NULL }	/* must be last */
22514Sdarrenr};
22514Sdarrenr
22514Sdarrenrstruct	ipopt_names secnames[] = {
22514Sdarrenr	{ IPOPT_SECUR_UNCLASS,	0x0100,	0, "unclass" },
22514Sdarrenr	{ IPOPT_SECUR_CONFID,	0x0200,	0, "confid" },
22514Sdarrenr	{ IPOPT_SECUR_EFTO,	0x0400,	0, "efto" },
22514Sdarrenr	{ IPOPT_SECUR_MMMM,	0x0800,	0, "mmmm" },
22514Sdarrenr	{ IPOPT_SECUR_RESTR,	0x1000,	0, "restr" },
22514Sdarrenr	{ IPOPT_SECUR_SECRET,	0x2000,	0, "secret" },
22514Sdarrenr	{ IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" },
22514Sdarrenr	{ 0, 0, 0, NULL }	/* must be last */
22514Sdarrenr};
22514Sdarrenr
22514Sdarrenr
22514Sdarrenru_short seclevel(slevel)
22514Sdarrenrchar *slevel;
22514Sdarrenr{
22514Sdarrenr	struct ipopt_names *so;
22514Sdarrenr
22514Sdarrenr	for (so = secnames; so->on_name; so++)
22514Sdarrenr		if (!strcasecmp(slevel, so->on_name))
22514Sdarrenr			break;
22514Sdarrenr
22514Sdarrenr	if (!so->on_name) {
22514Sdarrenr		fprintf(stderr, "no such security level: %s\n", slevel);
22514Sdarrenr		return 0;
22514Sdarrenr	}
22514Sdarrenr	return so->on_value;
22514Sdarrenr}
22514Sdarrenr
22514Sdarrenr
31183Speterint addipopt(op, io, len, class)
31183Speterchar *op;
31183Speterstruct ipopt_names *io;
31183Speterint len;
31183Speterchar *class;
31183Speter{
31183Speter	struct in_addr ipadr;
31183Speter	int olen = len, srr = 0;
31183Speter	u_short val;
31183Speter	u_char lvl;
31183Speter	char *s = op, *t;
31183Speter
31183Speter	if ((len + io->on_siz) > 48) {
31183Speter		fprintf(stderr, "options too long\n");
31183Speter		return 0;
31183Speter	}
31183Speter	len += io->on_siz;
31183Speter	*op++ = io->on_value;
31183Speter	if (io->on_siz > 1) {
31183Speter		/*
31183Speter		 * Allow option to specify RR buffer length in bytes.
31183Speter		 */
31183Speter		if (io->on_value == IPOPT_RR) {
31183Speter			val = (class && *class) ? atoi(class) : 4;
31183Speter			*op++ = val + io->on_siz;
31183Speter			len += val;
31183Speter		} else
31183Speter			*op++ = io->on_siz;
31183Speter		*op++ = IPOPT_MINOFF;
31183Speter
31183Speter		while (class && *class) {
31183Speter			t = NULL;
31183Speter			switch (io->on_value)
31183Speter			{
31183Speter			case IPOPT_SECURITY :
31183Speter				lvl = seclevel(class);
31183Speter				*(op - 1) = lvl;
31183Speter				break;
31183Speter			case IPOPT_LSRR :
31183Speter			case IPOPT_SSRR :
31183Speter				if ((t = strchr(class, ',')))
31183Speter					*t = '\0';
31183Speter				ipadr.s_addr = inet_addr(class);
31183Speter				srr++;
31183Speter				bcopy((char *)&ipadr, op, sizeof(ipadr));
31183Speter				op += sizeof(ipadr);
31183Speter				break;
31183Speter			case IPOPT_SATID :
31183Speter				val = atoi(class);
31183Speter				bcopy((char *)&val, op, 2);
31183Speter				break;
31183Speter			}
31183Speter
31183Speter			if (t)
31183Speter				*t++ = ',';
31183Speter			class = t;
31183Speter		}
31183Speter		if (srr)
31183Speter			s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr;
31183Speter		if (io->on_value == IPOPT_RR)
31183Speter			op += val;
31183Speter		else
31183Speter			op += io->on_siz - 3;
31183Speter	}
31183Speter	return len - olen;
31183Speter}
31183Speter
31183Speter
31183Speteru_32_t buildopts(cp, op, len)
22514Sdarrenrchar *cp, *op;
31183Speterint len;
22514Sdarrenr{
22514Sdarrenr	struct ipopt_names *io;
31183Speter	u_32_t msk = 0;
22514Sdarrenr	char *s, *t;
31183Speter	int inc, lastop = -1;
22514Sdarrenr
22514Sdarrenr	for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
22514Sdarrenr		if ((t = strchr(s, '=')))
22514Sdarrenr			*t++ = '\0';
22514Sdarrenr		for (io = ionames; io->on_name; io++) {
22514Sdarrenr			if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
22514Sdarrenr				continue;
31183Speter			lastop = io->on_value;
31183Speter			if ((inc = addipopt(op, io, len, t))) {
31183Speter				op += inc;
31183Speter				len += inc;
22514Sdarrenr			}
22514Sdarrenr			msk |= io->on_bit;
22514Sdarrenr			break;
22514Sdarrenr		}
22514Sdarrenr		if (!io->on_name) {
22514Sdarrenr			fprintf(stderr, "unknown IP option name %s\n", s);
22514Sdarrenr			return 0;
22514Sdarrenr		}
22514Sdarrenr	}
31183Speter
31183Speter	if (len & 3) {
31183Speter		while (len & 3) {
31183Speter			*op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP;
31183Speter			len++;
31183Speter		}
31183Speter	} else {
31183Speter		if (lastop != IPOPT_EOL) {
31183Speter			if (lastop == IPOPT_NOP)
31183Speter				*(op - 1) = IPOPT_EOL;
31183Speter			else {
31183Speter				*op++ = IPOPT_NOP;
31183Speter				*op++ = IPOPT_NOP;
31183Speter				*op++ = IPOPT_NOP;
31183Speter				*op = IPOPT_EOL;
31183Speter				len += 4;
31183Speter			}
31183Speter		}
31183Speter	}
22514Sdarrenr	return len;
22514Sdarrenr}