Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 1 | /* |
Darren Reed | 6683cea | 2012-07-22 08:04:24 +0000 | [diff] [blame] | 2 | * Copyright (C) 2012 by Darren Reed. |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 3 | * |
Darren Reed | 9e45c8c | 2006-06-15 16:31:54 +0000 | [diff] [blame] | 4 | * See the IPFILTER.LICENCE file for details on licencing. |
| 5 | * |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 6 | */ |
| 7 | #if !defined(lint) |
| 8 | static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; |
| 9 | static const char rcsid[] = "@(#)$Id$"; |
| 10 | #endif |
Darren Reed | 9e45c8c | 2006-06-15 16:31:54 +0000 | [diff] [blame] | 11 | #include <sys/param.h> |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 12 | #include <sys/types.h> |
| 13 | #include <sys/time.h> |
| 14 | #include <sys/socket.h> |
| 15 | #include <netinet/in.h> |
| 16 | #include <netinet/in_systm.h> |
| 17 | #include <netinet/ip.h> |
Darren Reed | 9e45c8c | 2006-06-15 16:31:54 +0000 | [diff] [blame] | 18 | #include <stdio.h> |
| 19 | #include <string.h> |
| 20 | #include <stdlib.h> |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 21 | #ifndef linux |
| 22 | #include <netinet/ip_var.h> |
| 23 | #endif |
| 24 | #include <netinet/tcp.h> |
| 25 | #include <arpa/inet.h> |
| 26 | #include "ipsend.h" |
| 27 | |
| 28 | |
| 29 | #ifndef __P |
| 30 | # ifdef __STDC__ |
| 31 | # define __P(x) x |
| 32 | # else |
| 33 | # define __P(x) () |
| 34 | # endif |
| 35 | #endif |
| 36 | |
| 37 | |
| 38 | struct ipopt_names ionames[] = { |
| 39 | { IPOPT_EOL, 0x01, 1, "eol" }, |
| 40 | { IPOPT_NOP, 0x02, 1, "nop" }, |
| 41 | { IPOPT_RR, 0x04, 3, "rr" }, /* 1 route */ |
| 42 | { IPOPT_TS, 0x08, 8, "ts" }, /* 1 TS */ |
| 43 | { IPOPT_SECURITY, 0x08, 11, "sec-level" }, |
| 44 | { IPOPT_LSRR, 0x10, 7, "lsrr" }, /* 1 route */ |
| 45 | { IPOPT_SATID, 0x20, 4, "satid" }, |
| 46 | { IPOPT_SSRR, 0x40, 7, "ssrr" }, /* 1 route */ |
| 47 | { 0, 0, 0, NULL } /* must be last */ |
| 48 | }; |
| 49 | |
| 50 | struct ipopt_names secnames[] = { |
| 51 | { IPOPT_SECUR_UNCLASS, 0x0100, 0, "unclass" }, |
| 52 | { IPOPT_SECUR_CONFID, 0x0200, 0, "confid" }, |
| 53 | { IPOPT_SECUR_EFTO, 0x0400, 0, "efto" }, |
| 54 | { IPOPT_SECUR_MMMM, 0x0800, 0, "mmmm" }, |
| 55 | { IPOPT_SECUR_RESTR, 0x1000, 0, "restr" }, |
| 56 | { IPOPT_SECUR_SECRET, 0x2000, 0, "secret" }, |
| 57 | { IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" }, |
| 58 | { 0, 0, 0, NULL } /* must be last */ |
| 59 | }; |
| 60 | |
| 61 | |
Darren Reed | 9e45c8c | 2006-06-15 16:31:54 +0000 | [diff] [blame] | 62 | u_short ipseclevel(slevel) |
Martti Kuparinen | 74b6c5c | 2007-10-25 12:55:40 +0000 | [diff] [blame] | 63 | char *slevel; |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 64 | { |
| 65 | struct ipopt_names *so; |
| 66 | |
| 67 | for (so = secnames; so->on_name; so++) |
| 68 | if (!strcasecmp(slevel, so->on_name)) |
| 69 | break; |
| 70 | |
| 71 | if (!so->on_name) { |
| 72 | fprintf(stderr, "no such security level: %s\n", slevel); |
| 73 | return 0; |
| 74 | } |
| 75 | return so->on_value; |
| 76 | } |
| 77 | |
| 78 | |
| 79 | int addipopt(op, io, len, class) |
Martti Kuparinen | 74b6c5c | 2007-10-25 12:55:40 +0000 | [diff] [blame] | 80 | char *op; |
| 81 | struct ipopt_names *io; |
| 82 | int len; |
| 83 | char *class; |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 84 | { |
| 85 | struct in_addr ipadr; |
| 86 | int olen = len, srr = 0; |
| 87 | u_short val; |
| 88 | u_char lvl; |
| 89 | char *s = op, *t; |
| 90 | |
| 91 | if ((len + io->on_siz) > 48) { |
| 92 | fprintf(stderr, "options too long\n"); |
| 93 | return 0; |
| 94 | } |
| 95 | len += io->on_siz; |
| 96 | *op++ = io->on_value; |
| 97 | if (io->on_siz > 1) { |
| 98 | /* |
| 99 | * Allow option to specify RR buffer length in bytes. |
| 100 | */ |
| 101 | if (io->on_value == IPOPT_RR) { |
| 102 | val = (class && *class) ? atoi(class) : 4; |
| 103 | *op++ = val + io->on_siz; |
| 104 | len += val; |
| 105 | } else |
| 106 | *op++ = io->on_siz; |
Darren Reed | d4718fc | 2006-06-15 17:00:40 +0000 | [diff] [blame] | 107 | if (io->on_value == IPOPT_TS) |
| 108 | *op++ = IPOPT_MINOFF + 1; |
| 109 | else |
| 110 | *op++ = IPOPT_MINOFF; |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 111 | |
| 112 | while (class && *class) { |
| 113 | t = NULL; |
| 114 | switch (io->on_value) |
| 115 | { |
| 116 | case IPOPT_SECURITY : |
Darren Reed | 9e45c8c | 2006-06-15 16:31:54 +0000 | [diff] [blame] | 117 | lvl = ipseclevel(class); |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 118 | *(op - 1) = lvl; |
| 119 | break; |
| 120 | case IPOPT_LSRR : |
| 121 | case IPOPT_SSRR : |
| 122 | if ((t = strchr(class, ','))) |
| 123 | *t = '\0'; |
| 124 | ipadr.s_addr = inet_addr(class); |
| 125 | srr++; |
| 126 | bcopy((char *)&ipadr, op, sizeof(ipadr)); |
| 127 | op += sizeof(ipadr); |
| 128 | break; |
| 129 | case IPOPT_SATID : |
| 130 | val = atoi(class); |
| 131 | bcopy((char *)&val, op, 2); |
| 132 | break; |
| 133 | } |
| 134 | |
| 135 | if (t) |
| 136 | *t++ = ','; |
| 137 | class = t; |
| 138 | } |
| 139 | if (srr) |
| 140 | s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr; |
| 141 | if (io->on_value == IPOPT_RR) |
| 142 | op += val; |
| 143 | else |
| 144 | op += io->on_siz - 3; |
| 145 | } |
| 146 | return len - olen; |
| 147 | } |
| 148 | |
| 149 | |
| 150 | u_32_t buildopts(cp, op, len) |
Martti Kuparinen | 74b6c5c | 2007-10-25 12:55:40 +0000 | [diff] [blame] | 151 | char *cp, *op; |
| 152 | int len; |
Darren Reed | bd81eb3 | 2006-06-15 16:06:55 +0000 | [diff] [blame] | 153 | { |
| 154 | struct ipopt_names *io; |
| 155 | u_32_t msk = 0; |
| 156 | char *s, *t; |
| 157 | int inc, lastop = -1; |
| 158 | |
| 159 | for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) { |
| 160 | if ((t = strchr(s, '='))) |
| 161 | *t++ = '\0'; |
| 162 | for (io = ionames; io->on_name; io++) { |
| 163 | if (strcasecmp(s, io->on_name) || (msk & io->on_bit)) |
| 164 | continue; |
| 165 | lastop = io->on_value; |
| 166 | if ((inc = addipopt(op, io, len, t))) { |
| 167 | op += inc; |
| 168 | len += inc; |
| 169 | } |
| 170 | msk |= io->on_bit; |
| 171 | break; |
| 172 | } |
| 173 | if (!io->on_name) { |
| 174 | fprintf(stderr, "unknown IP option name %s\n", s); |
| 175 | return 0; |
| 176 | } |
| 177 | } |
| 178 | |
| 179 | if (len & 3) { |
| 180 | while (len & 3) { |
| 181 | *op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP; |
| 182 | len++; |
| 183 | } |
| 184 | } else { |
| 185 | if (lastop != IPOPT_EOL) { |
| 186 | if (lastop == IPOPT_NOP) |
| 187 | *(op - 1) = IPOPT_EOL; |
| 188 | else { |
| 189 | *op++ = IPOPT_NOP; |
| 190 | *op++ = IPOPT_NOP; |
| 191 | *op++ = IPOPT_NOP; |
| 192 | *op = IPOPT_EOL; |
| 193 | len += 4; |
| 194 | } |
| 195 | } |
| 196 | } |
| 197 | return len; |
| 198 | } |