blob: c827c56c335767ee888723d2505ed36215408c34 [file] [log] [blame] [raw]
Darren Reedbd81eb32006-06-15 16:06:55 +00001/*
Darren Reed6683cea2012-07-22 08:04:24 +00002 * Copyright (C) 2012 by Darren Reed.
Darren Reedbd81eb32006-06-15 16:06:55 +00003 *
Darren Reed9e45c8c2006-06-15 16:31:54 +00004 * See the IPFILTER.LICENCE file for details on licencing.
5 *
Darren Reedbd81eb32006-06-15 16:06:55 +00006 */
7#if !defined(lint)
8static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
9static const char rcsid[] = "@(#)$Id$";
10#endif
Darren Reed9e45c8c2006-06-15 16:31:54 +000011#include <sys/param.h>
Darren Reedbd81eb32006-06-15 16:06:55 +000012#include <sys/types.h>
13#include <sys/time.h>
14#include <sys/socket.h>
15#include <netinet/in.h>
16#include <netinet/in_systm.h>
17#include <netinet/ip.h>
Darren Reed9e45c8c2006-06-15 16:31:54 +000018#include <stdio.h>
19#include <string.h>
20#include <stdlib.h>
Darren Reedbd81eb32006-06-15 16:06:55 +000021#ifndef linux
22#include <netinet/ip_var.h>
23#endif
24#include <netinet/tcp.h>
25#include <arpa/inet.h>
26#include "ipsend.h"
27
28
29#ifndef __P
30# ifdef __STDC__
31# define __P(x) x
32# else
33# define __P(x) ()
34# endif
35#endif
36
37
38struct ipopt_names ionames[] = {
39 { IPOPT_EOL, 0x01, 1, "eol" },
40 { IPOPT_NOP, 0x02, 1, "nop" },
41 { IPOPT_RR, 0x04, 3, "rr" }, /* 1 route */
42 { IPOPT_TS, 0x08, 8, "ts" }, /* 1 TS */
43 { IPOPT_SECURITY, 0x08, 11, "sec-level" },
44 { IPOPT_LSRR, 0x10, 7, "lsrr" }, /* 1 route */
45 { IPOPT_SATID, 0x20, 4, "satid" },
46 { IPOPT_SSRR, 0x40, 7, "ssrr" }, /* 1 route */
47 { 0, 0, 0, NULL } /* must be last */
48};
49
50struct ipopt_names secnames[] = {
51 { IPOPT_SECUR_UNCLASS, 0x0100, 0, "unclass" },
52 { IPOPT_SECUR_CONFID, 0x0200, 0, "confid" },
53 { IPOPT_SECUR_EFTO, 0x0400, 0, "efto" },
54 { IPOPT_SECUR_MMMM, 0x0800, 0, "mmmm" },
55 { IPOPT_SECUR_RESTR, 0x1000, 0, "restr" },
56 { IPOPT_SECUR_SECRET, 0x2000, 0, "secret" },
57 { IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" },
58 { 0, 0, 0, NULL } /* must be last */
59};
60
61
Darren Reed9e45c8c2006-06-15 16:31:54 +000062u_short ipseclevel(slevel)
Martti Kuparinen74b6c5c2007-10-25 12:55:40 +000063 char *slevel;
Darren Reedbd81eb32006-06-15 16:06:55 +000064{
65 struct ipopt_names *so;
66
67 for (so = secnames; so->on_name; so++)
68 if (!strcasecmp(slevel, so->on_name))
69 break;
70
71 if (!so->on_name) {
72 fprintf(stderr, "no such security level: %s\n", slevel);
73 return 0;
74 }
75 return so->on_value;
76}
77
78
79int addipopt(op, io, len, class)
Martti Kuparinen74b6c5c2007-10-25 12:55:40 +000080 char *op;
81 struct ipopt_names *io;
82 int len;
83 char *class;
Darren Reedbd81eb32006-06-15 16:06:55 +000084{
85 struct in_addr ipadr;
86 int olen = len, srr = 0;
87 u_short val;
88 u_char lvl;
89 char *s = op, *t;
90
91 if ((len + io->on_siz) > 48) {
92 fprintf(stderr, "options too long\n");
93 return 0;
94 }
95 len += io->on_siz;
96 *op++ = io->on_value;
97 if (io->on_siz > 1) {
98 /*
99 * Allow option to specify RR buffer length in bytes.
100 */
101 if (io->on_value == IPOPT_RR) {
102 val = (class && *class) ? atoi(class) : 4;
103 *op++ = val + io->on_siz;
104 len += val;
105 } else
106 *op++ = io->on_siz;
Darren Reedd4718fc2006-06-15 17:00:40 +0000107 if (io->on_value == IPOPT_TS)
108 *op++ = IPOPT_MINOFF + 1;
109 else
110 *op++ = IPOPT_MINOFF;
Darren Reedbd81eb32006-06-15 16:06:55 +0000111
112 while (class && *class) {
113 t = NULL;
114 switch (io->on_value)
115 {
116 case IPOPT_SECURITY :
Darren Reed9e45c8c2006-06-15 16:31:54 +0000117 lvl = ipseclevel(class);
Darren Reedbd81eb32006-06-15 16:06:55 +0000118 *(op - 1) = lvl;
119 break;
120 case IPOPT_LSRR :
121 case IPOPT_SSRR :
122 if ((t = strchr(class, ',')))
123 *t = '\0';
124 ipadr.s_addr = inet_addr(class);
125 srr++;
126 bcopy((char *)&ipadr, op, sizeof(ipadr));
127 op += sizeof(ipadr);
128 break;
129 case IPOPT_SATID :
130 val = atoi(class);
131 bcopy((char *)&val, op, 2);
132 break;
133 }
134
135 if (t)
136 *t++ = ',';
137 class = t;
138 }
139 if (srr)
140 s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr;
141 if (io->on_value == IPOPT_RR)
142 op += val;
143 else
144 op += io->on_siz - 3;
145 }
146 return len - olen;
147}
148
149
150u_32_t buildopts(cp, op, len)
Martti Kuparinen74b6c5c2007-10-25 12:55:40 +0000151 char *cp, *op;
152 int len;
Darren Reedbd81eb32006-06-15 16:06:55 +0000153{
154 struct ipopt_names *io;
155 u_32_t msk = 0;
156 char *s, *t;
157 int inc, lastop = -1;
158
159 for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
160 if ((t = strchr(s, '=')))
161 *t++ = '\0';
162 for (io = ionames; io->on_name; io++) {
163 if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
164 continue;
165 lastop = io->on_value;
166 if ((inc = addipopt(op, io, len, t))) {
167 op += inc;
168 len += inc;
169 }
170 msk |= io->on_bit;
171 break;
172 }
173 if (!io->on_name) {
174 fprintf(stderr, "unknown IP option name %s\n", s);
175 return 0;
176 }
177 }
178
179 if (len & 3) {
180 while (len & 3) {
181 *op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP;
182 len++;
183 }
184 } else {
185 if (lastop != IPOPT_EOL) {
186 if (lastop == IPOPT_NOP)
187 *(op - 1) = IPOPT_EOL;
188 else {
189 *op++ = IPOPT_NOP;
190 *op++ = IPOPT_NOP;
191 *op++ = IPOPT_NOP;
192 *op = IPOPT_EOL;
193 len += 4;
194 }
195 }
196 }
197 return len;
198}