1/* 2 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32#include <sys/types.h> 33#include <sys/param.h> 34#include <sys/socket.h> 35#include <netinet/in.h> 36#include <netinet6/in6.h> 37#include <netipsec/ipsec.h> 38#include <stdlib.h> 39#include <string.h> 40 41 42char *requests[] = { 43"must_error", /* must be error */ 44"ipsec must_error", /* must be error */ 45"ipsec esp/must_error", /* must be error */ 46"discard", 47"none", 48"entrust", 49"bypass", /* may be error */ 50"ipsec esp", /* must be error */ 51"ipsec ah/require", 52"ipsec ah/use/", 53"ipsec esp/require ah/default/203.178.141.194", 54"ipsec ah/use/203.178.141.195 esp/use/203.178.141.194", 55"ipsec esp/elf.wide.ydc.co.jp esp/www.wide.ydc.co.jp" 56" 57ipsec esp/require ah/use esp/require/10.0.0.1 58ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 59ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 60ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 61ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 62ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 63ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 64ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1 65ah/use/3ffe:501:481d::1 ah/use/3ffe:501:481d::1ah/use/3ffe:501:481d::1 66", 67}; 68 69u_char *p_secpolicy; 70 71int test(char *buf, int family); 72char *setpolicy(char *req); 73 74main() 75{ 76 int i; 77 char *buf; 78 79 for (i = 0; i < nitems(requests); i++) { 80 printf("* requests:[%s]\n", requests[i]); 81 if ((buf = setpolicy(requests[i])) == NULL) 82 continue; 83 printf("\tsetlen:%d\n", PFKEY_EXTLEN(buf)); 84 85 printf("\tPF_INET:\n"); 86 test(buf, PF_INET); 87 88 printf("\tPF_INET6:\n"); 89 test(buf, PF_INET6); 90 free(buf); 91 } 92} 93 94int test(char *policy, int family) 95{ 96 int so, proto, optname; 97 int len; 98 char getbuf[1024]; 99 100 switch (family) { 101 case PF_INET: 102 proto = IPPROTO_IP; 103 optname = IP_IPSEC_POLICY; 104 break; 105 case PF_INET6: 106 proto = IPPROTO_IPV6; 107 optname = IPV6_IPSEC_POLICY; 108 break; 109 } 110 111 if ((so = socket(family, SOCK_DGRAM, 0)) < 0) 112 perror("socket"); 113 114 if (setsockopt(so, proto, optname, policy, PFKEY_EXTLEN(policy)) < 0) 115 perror("setsockopt"); 116 117 len = sizeof(getbuf); 118 memset(getbuf, 0, sizeof(getbuf)); 119 if (getsockopt(so, proto, optname, getbuf, &len) < 0) 120 perror("getsockopt"); 121 122 { 123 char *buf = NULL; 124 125 printf("\tgetlen:%d\n", len); 126 127 if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) 128 ipsec_strerror(); 129 else 130 printf("\t[%s]\n", buf); 131 132 free(buf); 133 } 134 135 close (so); 136} 137 138char *setpolicy(char *req) 139{ 140 int len; 141 char *buf; 142 143 if ((len = ipsec_get_policylen(req)) < 0) { 144 printf("ipsec_get_policylen: %s\n", ipsec_strerror()); 145 return NULL; 146 } 147 148 if ((buf = malloc(len)) == NULL) { 149 perror("malloc"); 150 return NULL; 151 } 152 153 if ((len = ipsec_set_policy(buf, len, req)) < 0) { 154 printf("ipsec_set_policy: %s\n", ipsec_strerror()); 155 free(buf); 156 return NULL; 157 } 158 159 return buf; 160} 161