ipsec.c revision 1.1
1/* $NetBSD: ipsec.c,v 1.1 2000/01/31 14:28:19 itojun Exp $ */ 2 3/* 4 * Copyright (C) 1999 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/param.h> 33#include <sys/stat.h> 34#include <sys/socket.h> 35 36#include <netinet/in.h> 37#include <arpa/inet.h> 38 39#include <stdio.h> 40#include <stdlib.h> 41#include <string.h> 42#include <unistd.h> 43#include <ctype.h> 44 45#ifdef IPSEC 46#include <netinet6/ipsec.h> 47#ifndef IPSEC_POLICY_IPSEC /* no ipsec support on old ipsec */ 48#undef IPSEC 49#endif 50#endif 51 52#include "ipsec.h" 53 54#ifdef IPSEC 55int 56ipsecsetup(af, fd, policy) 57 int af; 58 int fd; 59 const char *policy; 60{ 61 char *p0, *p; 62 int error; 63 64 if (!policy || policy == '\0') 65 p0 = p = strdup("in entrust; out entrust"); 66 else 67 p0 = p = strdup(policy); 68 69 error = 0; 70 while (1) { 71 p = strtok(p, ";"); 72 if (p == NULL) 73 break; 74 while (*p && isspace(*p)) 75 p++; 76 if (!*p) { 77 p = NULL; 78 continue; 79 } 80 error = ipsecsetup0(af, fd, p, 1); 81 if (error < 0) 82 break; 83 p = NULL; 84 } 85 86 free(p0); 87 return error; 88} 89 90int 91ipsecsetup_test(policy) 92 const char *policy; 93{ 94 char *p0, *p; 95 char *buf; 96 int error; 97 98 if (!policy) 99 return -1; 100 p0 = p = strdup((char *)policy); 101 102 error = 0; 103 while (1) { 104 p = strtok(p, ";"); 105 if (p == NULL) 106 break; 107 while (*p && isspace(*p)) 108 p++; 109 if (!*p) { 110 p = NULL; 111 continue; 112 } 113 buf = ipsec_set_policy((char *)p, strlen(p)); 114 if (buf == NULL) { 115 error = -1; 116 break; 117 } 118 free(buf); 119 p = NULL; 120 } 121 122 free(p0); 123 return error; 124} 125 126int 127ipsecsetup0(af, fd, policy, commit) 128 int af; 129 int fd; 130 const char *policy; 131 int commit; 132{ 133 int level; 134 int opt; 135 char *buf; 136 int error; 137 138 switch (af) { 139 case AF_INET: 140 level = IPPROTO_IP; 141 opt = IP_IPSEC_POLICY; 142 break; 143#ifdef INET6 144 case AF_INET6: 145 level = IPPROTO_IPV6; 146 opt = IPV6_IPSEC_POLICY; 147 break; 148#endif 149 default: 150 return -1; 151 } 152 153 buf = ipsec_set_policy((char *)policy, strlen(policy)); 154 if (buf != NULL) { 155 error = 0; 156 if (commit && setsockopt(fd, level, opt, 157 buf, ipsec_get_policylen(buf)) < 0) { 158 error = -1; 159 } 160 free(buf); 161 } else 162 error = -1; 163 return error; 164} 165#endif 166