summaryrefslogtreecommitdiff
path: root/programs/spigrp/spigrp.c
diff options
context:
space:
mode:
Diffstat (limited to 'programs/spigrp/spigrp.c')
-rw-r--r--programs/spigrp/spigrp.c491
1 files changed, 0 insertions, 491 deletions
diff --git a/programs/spigrp/spigrp.c b/programs/spigrp/spigrp.c
deleted file mode 100644
index 4cbac304d..000000000
--- a/programs/spigrp/spigrp.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * SA grouping
- * Copyright (C) 1996 John Ioannidis.
- * Copyright (C) 1997, 1998, 1999, 2000, 2001 Richard Guy Briggs.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-char spigrp_c_version[] = "RCSID $Id: spigrp.c,v 1.2 2004/06/07 15:16:34 as Exp $";
-
-
-#include <sys/types.h>
-#include <linux/types.h> /* new */
-#include <string.h>
-#include <errno.h>
-#include <sys/stat.h> /* open() */
-#include <fcntl.h> /* open() */
-#include <stdlib.h> /* system(), strtoul() */
-
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-/* #include <linux/ip.h> */
-
-#include <unistd.h>
-#include <stdio.h>
-#include <netdb.h>
-#include <freeswan.h>
-#if 0
-#include <linux/autoconf.h> /* CONFIG_IPSEC_PFKEYv2 */
-#endif
-
-#include <signal.h>
-#include <pfkeyv2.h>
-#include <pfkey.h>
-
-#include "freeswan/radij.h"
-#include "freeswan/ipsec_encap.h"
-#include "freeswan/ipsec_ah.h"
-
-
-char *program_name;
-
-int pfkey_sock;
-fd_set pfkey_socks;
-uint32_t pfkey_seq = 0;
-
-struct said_af {
- int af;
- ip_said said;
-}; /* to store the given saids and their address families in an array */
- /* XXX: Note that we do *not* check if the address families of all SAID?s are the same.
- * This can make it possible to group SAs for IPv4 addresses with SAs for
- * IPv6 addresses (perhaps some kind of IPv4-over-secIPv6 or vice versa).
- * Do not know, if this is a bug or feature */
-
-static void
-usage(char *s)
-{
- fprintf(stdout, "usage: Note: position of options and arguments is important!\n");
- fprintf(stdout, "usage: %s [ --debug ] [ --label <label> ] af1 dst1 spi1 proto1 [ af2 dst2 spi2 proto2 [ af3 dst3 spi3 proto3 [ af4 dst4 spi4 proto4 ] ] ]\n", s);
- fprintf(stdout, "usage: %s [ --debug ] [ --label <label> ] --said <SA1> [ <SA2> [ <SA3> [ <SA4> ] ] ]\n", s);
- fprintf(stdout, "usage: %s --help\n", s);
- fprintf(stdout, "usage: %s --version\n", s);
- fprintf(stdout, "usage: %s\n", s);
- fprintf(stdout, " [ --debug ] is optional to any %s command.\n", s);
- fprintf(stdout, " [ --label <label> ] is optional to any %s command.\n", s);
-}
-
-
-int
-main(int argc, char **argv)
-{
- int i, nspis;
- char *endptr;
- int said_opt = 0;
-
- const char* error_s = NULL;
- char ipaddr_txt[ADDRTOT_BUF];
- int debug = 0;
- int j;
- struct said_af said_af_array[4];
-
- int error = 0;
-
- struct sadb_ext *extensions[SADB_EXT_MAX + 1];
- struct sadb_msg *pfkey_msg;
-#if 0
- ip_address pfkey_address_s_ska;
-#endif
-
- program_name = argv[0];
- for(i = 0; i < 4; i++) {
- memset(&said_af_array[i], 0, sizeof(struct said_af));
- }
-
- if(argc > 1 && strcmp(argv[1], "--debug") == 0) {
- debug = 1;
- if(debug) {
- fprintf(stdout, "\"--debug\" option requested.\n");
- }
- argv += 1;
- argc -= 1;
- pfkey_lib_debug = PF_KEY_DEBUG_PARSE_MAX;
- }
-
- if(debug) {
- fprintf(stdout, "argc=%d (%d incl. --debug option).\n",
- argc,
- argc + 1);
- }
-
- if(argc > 1 && strcmp(argv[1], "--label") == 0) {
- if(argc > 2) {
- program_name = malloc(strlen(argv[0])
- + 10 /* update this when changing the sprintf() */
- + strlen(argv[2]));
- sprintf(program_name, "%s --label %s",
- argv[0],
- argv[2]);
- if(debug) {
- fprintf(stdout, "using \"%s\" as a label.\n", program_name);
- }
- argv += 2;
- argc -= 2;
- } else {
- fprintf(stderr, "%s: --label option requires an argument.\n",
- program_name);
- exit(1);
- }
- }
-
- if(debug) {
- fprintf(stdout, "...After check for --label option.\n");
- }
-
- if(argc == 1) {
- system("cat /proc/net/ipsec_spigrp");
- exit(0);
- }
-
- if(debug) {
- fprintf(stdout, "...After check for no option to print /proc/net/ipsec_spigrp.\n");
- }
-
- if(strcmp(argv[1], "--help") == 0) {
- if(debug) {
- fprintf(stdout, "\"--help\" option requested.\n");
- }
- usage(program_name);
- exit(1);
- }
-
- if(debug) {
- fprintf(stdout, "...After check for --help option.\n");
- }
-
- if(strcmp(argv[1], "--version") == 0) {
- if(debug) {
- fprintf(stdout, "\"--version\" option requested.\n");
- }
- fprintf(stderr, "%s, %s\n", program_name, spigrp_c_version);
- exit(1);
- }
-
- if(debug) {
- fprintf(stdout, "...After check for --version option.\n");
- }
-
- if(strcmp(argv[1], "--said") == 0) {
- if(debug) {
- fprintf(stdout, "processing %d args with --said flag.\n", argc);
- }
- said_opt = 1;
- }
-
- if(debug) {
- fprintf(stdout, "...After check for --said option.\n");
- }
-
- if(said_opt) {
- if (argc < 3 /*|| argc > 5*/) {
- fprintf(stderr, "expecting 3 or more args with --said, got %d.\n", argc);
- usage(program_name);
- exit(1);
- }
- nspis = argc - 2;
- } else {
- if ((argc < 5) || (argc > 17) || ((argc % 4) != 1)) {
- fprintf(stderr, "expecting 5 or more args without --said, got %d.\n", argc);
- usage(program_name);
- exit(1);
- }
- nspis = argc / 4;
- }
-
- if(debug) {
- fprintf(stdout, "processing %d nspis.\n", nspis);
- }
-
- for(i = 0; i < nspis; i++) {
- if(debug) {
- fprintf(stdout, "processing spi #%d.\n", i);
- }
-
- if(said_opt) {
- error_s = ttosa((const char *)argv[i+2], 0, (ip_said*)&(said_af_array[i].said));
- if(error_s != NULL) {
- fprintf(stderr, "%s: Error, %s converting --sa argument:%s\n",
- program_name, error_s, argv[i+2]);
- exit (1);
- }
- said_af_array[i].af = addrtypeof(&(said_af_array[i].said.dst));
- if(debug) {
- addrtot(&said_af_array[i].said.dst, 0, ipaddr_txt, sizeof(ipaddr_txt));
- fprintf(stdout, "said[%d].dst=%s.\n", i, ipaddr_txt);
- }
- } else {
- if(!strcmp(argv[i*4+4], "ah")) {
- said_af_array[i].said.proto = SA_AH;
- }
- if(!strcmp(argv[i*4+4], "esp")) {
- said_af_array[i].said.proto = SA_ESP;
- }
- if(!strcmp(argv[i*4+4], "tun")) {
- said_af_array[i].said.proto = SA_IPIP;
- }
- if(!strcmp(argv[i*4+4], "comp")) {
- said_af_array[i].said.proto = SA_COMP;
- }
- if(said_af_array[i].said.proto == 0) {
- fprintf(stderr, "%s: Badly formed proto: %s\n",
- program_name, argv[i*4+4]);
- exit(1);
- }
- said_af_array[i].said.spi = htonl(strtoul(argv[i*4+3], &endptr, 0));
- if(!(endptr == argv[i*4+3] + strlen(argv[i*4+3]))) {
- fprintf(stderr, "%s: Badly formed spi: %s\n",
- program_name, argv[i*4+3]);
- exit(1);
- }
- if(!strcmp(argv[i*4+1], "inet")) {
- said_af_array[i].af = AF_INET;
- }
- if(!strcmp(argv[i*4+1], "inet6")) {
- said_af_array[i].af = AF_INET6;
- }
- if((said_af_array[i].af != AF_INET) && (said_af_array[i].af != AF_INET6)) {
- fprintf(stderr, "%s: Address family %s not supported\n",
- program_name, argv[i*4+1]);
- exit(1);
- }
- error_s = ttoaddr(argv[i*4+2], 0, said_af_array[i].af, &(said_af_array[i].said.dst));
- if(error_s != NULL) {
- fprintf(stderr, "%s: Error, %s converting %dth address argument:%s\n",
- program_name, error_s, i, argv[i*4+2]);
- exit (1);
- }
- }
- if(debug) {
- fprintf(stdout, "SA %d contains: ", i+1);
- fprintf(stdout, "\n");
- fprintf(stdout, "proto = %d\n", said_af_array[i].said.proto);
- fprintf(stdout, "spi = %08x\n", said_af_array[i].said.spi);
- addrtot(&said_af_array[i].said.dst, 0, ipaddr_txt, sizeof(ipaddr_txt));
- fprintf(stdout, "edst = %s\n", ipaddr_txt);
- }
- }
-
- if(debug) {
- fprintf(stdout, "Opening pfkey socket.\n");
- }
-
- if((pfkey_sock = socket(PF_KEY, SOCK_RAW, PF_KEY_V2) ) < 0) {
- fprintf(stderr, "%s: Trouble opening PF_KEY family socket with error: ",
- program_name);
- switch(errno) {
- case ENOENT:
- fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n");
- break;
- case EACCES:
- fprintf(stderr, "access denied. ");
- if(getuid() == 0) {
- fprintf(stderr, "Check permissions. Should be 600.\n");
- } else {
- fprintf(stderr, "You must be root to open this file.\n");
- }
- break;
- case EUNATCH:
- fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n");
- break;
- case ENODEV:
- fprintf(stderr, "KLIPS not loaded or enabled.\n");
- break;
- case EBUSY:
- fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n");
- break;
- case EINVAL:
- fprintf(stderr, "Invalid argument, KLIPS not loaded or check kernel log messages for specifics.\n");
- break;
- case ENOBUFS:
- fprintf(stderr, "No kernel memory to allocate SA.\n");
- break;
- case ESOCKTNOSUPPORT:
- fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n");
- break;
- case EEXIST:
- fprintf(stderr, "SA already in use. Delete old one first.\n");
- break;
- case ENXIO:
- fprintf(stderr, "SA does not exist. Cannot delete.\n");
- break;
- case EAFNOSUPPORT:
- fprintf(stderr, "KLIPS not loaded or enabled.\n");
- break;
- default:
- fprintf(stderr, "Unknown file open error %d. Please report as much detail as possible to development team.\n", errno);
- }
- exit(1);
- }
-
- for(i = 0; i < (((nspis - 1) < 2) ? 1 : (nspis - 1)); i++) {
- if(debug) {
- fprintf(stdout, "processing %dth pfkey message.\n", i);
- }
-
- pfkey_extensions_init(extensions);
- for(j = 0; j < ((nspis == 1) ? 1 : 2); j++) {
- if(debug) {
- fprintf(stdout, "processing %dth said of %dth pfkey message.\n", j, i);
- }
-
- /* Build an SADB_X_GRPSA message to send down. */
- /* It needs <base, SA, SA2, address(D,D2) > minimum. */
- if(!j) {
- if((error = pfkey_msg_hdr_build(&extensions[0],
- SADB_X_GRPSA,
- proto2satype(said_af_array[i].said.proto),
- 0,
- ++pfkey_seq,
- getpid()))) {
- fprintf(stderr, "%s: Trouble building message header, error=%d.\n",
- program_name, error);
- pfkey_extensions_free(extensions);
- exit(1);
- }
- } else {
- if(debug) {
- fprintf(stdout, "setting x_satype proto=%d satype=%d\n",
- said_af_array[i+j].said.proto,
- proto2satype(said_af_array[i+j].said.proto)
- );
- }
-
- if((error = pfkey_x_satype_build(&extensions[SADB_X_EXT_SATYPE2],
- proto2satype(said_af_array[i+j].said.proto)
- ))) {
- fprintf(stderr, "%s: Trouble building message header, error=%d.\n",
- program_name, error);
- pfkey_extensions_free(extensions);
- exit(1);
- }
- }
-
- if((error = pfkey_sa_build(&extensions[!j ? SADB_EXT_SA : SADB_X_EXT_SA2],
- !j ? SADB_EXT_SA : SADB_X_EXT_SA2,
- said_af_array[i+j].said.spi, /* in network order */
- 0,
- 0,
- 0,
- 0,
- 0))) {
- fprintf(stderr, "%s: Trouble building sa extension, error=%d.\n",
- program_name, error);
- pfkey_extensions_free(extensions);
- exit(1);
- }
-
-#if 0
- if(!j) {
- anyaddr(said_af_array[i].af, &pfkey_address_s_ska); /* Is the address family correct ?? */
- if((error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC],
- SADB_EXT_ADDRESS_SRC,
- 0,
- 0,
- sockaddrof(&pfkey_address_s_ska)))) {
- addrtot(&pfkey_address_s_ska, 0, ipaddr_txt, sizeof(ipaddr_txt));
- fprintf(stderr, "%s: Trouble building address_s extension (%s), error=%d.\n",
- program_name, ipaddr_txt, error);
- pfkey_extensions_free(extensions);
- exit(1);
- }
- }
-#endif
- if((error = pfkey_address_build(&extensions[!j ? SADB_EXT_ADDRESS_DST : SADB_X_EXT_ADDRESS_DST2],
- !j ? SADB_EXT_ADDRESS_DST : SADB_X_EXT_ADDRESS_DST2,
- 0,
- 0,
- sockaddrof(&said_af_array[i+j].said.dst)))) {
- addrtot(&said_af_array[i+j].said.dst,
- 0, ipaddr_txt, sizeof(ipaddr_txt));
- fprintf(stderr, "%s: Trouble building address_d extension (%s), error=%d.\n",
- program_name, ipaddr_txt, error);
- pfkey_extensions_free(extensions);
- exit(1);
- }
-
- }
-
- if((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_IN))) {
- fprintf(stderr, "%s: Trouble building pfkey message, error=%d.\n",
- program_name, error);
- pfkey_extensions_free(extensions);
- pfkey_msg_free(&pfkey_msg);
- exit(1);
- }
-
- if((error = write(pfkey_sock,
- pfkey_msg,
- pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) !=
- (ssize_t)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)) {
- fprintf(stderr, "%s: pfkey write failed, returning %d with errno=%d.\n",
- program_name, error, errno);
- pfkey_extensions_free(extensions);
- pfkey_msg_free(&pfkey_msg);
- switch(errno) {
- case EACCES:
- fprintf(stderr, "access denied. ");
- if(getuid() == 0) {
- fprintf(stderr, "Check permissions. Should be 600.\n");
- } else {
- fprintf(stderr, "You must be root to open this file.\n");
- }
- break;
- case EUNATCH:
- fprintf(stderr, "Netlink not enabled OR KLIPS not loaded.\n");
- break;
- case EBUSY:
- fprintf(stderr, "KLIPS is busy. Most likely a serious internal error occured in a previous command. Please report as much detail as possible to development team.\n");
- break;
- case EINVAL:
- fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
- break;
- case ENODEV:
- fprintf(stderr, "KLIPS not loaded or enabled.\n");
- fprintf(stderr, "No device?!?\n");
- break;
- case ENOBUFS:
- fprintf(stderr, "No kernel memory to allocate SA.\n");
- break;
- case ESOCKTNOSUPPORT:
- fprintf(stderr, "Algorithm support not available in the kernel. Please compile in support.\n");
- break;
- case EEXIST:
- fprintf(stderr, "SA already in use. Delete old one first.\n");
- break;
- case ENOENT:
- fprintf(stderr, "device does not exist. See FreeS/WAN installation procedure.\n");
- break;
- case ENXIO:
- fprintf(stderr, "SA does not exist. Cannot delete.\n");
- break;
- case ENOSPC:
- fprintf(stderr, "no room in kernel SAref table. Cannot process request.\n");
- break;
- case ESPIPE:
- fprintf(stderr, "kernel SAref table internal error. Cannot process request.\n");
- break;
- default:
- fprintf(stderr, "Unknown socket write error %d. Please report as much detail as possible to development team.\n", errno);
- }
- exit(1);
- }
- if(pfkey_msg) {
- pfkey_extensions_free(extensions);
- pfkey_msg_free(&pfkey_msg);
- }
- }
-
- (void) close(pfkey_sock); /* close the socket */
- exit(0);
-}