ipsec.c revision 1.1 
1/*	$NetBSD: ipsec.c,v 1.1 2000/01/31 14:28:19 itojun Exp $	*/
2
3/*
4 * Copyright (C) 1999 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 *    may be used to endorse or promote products derived from this software
17 *    without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#include <sys/param.h>
33#include <sys/stat.h>
34#include <sys/socket.h>
35
36#include <netinet/in.h>
37#include <arpa/inet.h>
38
39#include <stdio.h>
40#include <stdlib.h>
41#include <string.h>
42#include <unistd.h>
43#include <ctype.h>
44
45#ifdef IPSEC
46#include <netinet6/ipsec.h>
47#ifndef IPSEC_POLICY_IPSEC	/* no ipsec support on old ipsec */
48#undef IPSEC
49#endif
50#endif
51
52#include "ipsec.h"
53
54#ifdef IPSEC
55int
56ipsecsetup(af, fd, policy)
57	int af;
58	int fd;
59	const char *policy;
60{
61	char *p0, *p;
62	int error;
63
64	if (!policy || policy == '\0')
65		p0 = p = strdup("in entrust; out entrust");
66	else
67		p0 = p = strdup(policy);
68
69	error = 0;
70	while (1) {
71		p = strtok(p, ";");
72		if (p == NULL)
73			break;
74		while (*p && isspace(*p))
75			p++;
76		if (!*p) {
77			p = NULL;
78			continue;
79		}
80		error = ipsecsetup0(af, fd, p, 1);
81		if (error < 0)
82			break;
83		p = NULL;
84	}
85
86	free(p0);
87	return error;
88}
89
90int
91ipsecsetup_test(policy)
92	const char *policy;
93{
94	char *p0, *p;
95	char *buf;
96	int error;
97
98	if (!policy)
99		return -1;
100	p0 = p = strdup((char *)policy);
101
102	error = 0;
103	while (1) {
104		p = strtok(p, ";");
105		if (p == NULL)
106			break;
107		while (*p && isspace(*p))
108			p++;
109		if (!*p) {
110			p = NULL;
111			continue;
112		}
113		buf = ipsec_set_policy((char *)p, strlen(p));
114		if (buf == NULL) {
115			error = -1;
116			break;
117		}
118		free(buf);
119		p = NULL;
120	}
121
122	free(p0);
123	return error;
124}
125
126int
127ipsecsetup0(af, fd, policy, commit)
128	int af;
129	int fd;
130	const char *policy;
131	int commit;
132{
133	int level;
134	int opt;
135	char *buf;
136	int error;
137
138	switch (af) {
139	case AF_INET:
140		level = IPPROTO_IP;
141		opt = IP_IPSEC_POLICY;
142		break;
143#ifdef INET6
144	case AF_INET6:
145		level = IPPROTO_IPV6;
146		opt = IPV6_IPSEC_POLICY;
147		break;
148#endif
149	default:
150		return -1;
151	}
152
153	buf = ipsec_set_policy((char *)policy, strlen(policy));
154	if (buf != NULL) {
155		error = 0;
156		if (commit && setsockopt(fd, level, opt,
157				buf, ipsec_get_policylen(buf)) < 0) {
158			error = -1;
159		}
160		free(buf);
161	} else
162		error = -1;
163	return error;
164}
165#endif
166