19713f5c1SHajimu UMEMOTO /* $KAME: test-policy.c,v 1.16 2003/08/26 03:24:08 itojun Exp $ */
23c62e87aSJun-ichiro itojun Hagino
3*8a16b7a1SPedro F. Giffuni /*-
4*8a16b7a1SPedro F. Giffuni * SPDX-License-Identifier: BSD-3-Clause
5*8a16b7a1SPedro F. Giffuni *
69a4365d0SYoshinobu Inoue * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
79a4365d0SYoshinobu Inoue * All rights reserved.
89a4365d0SYoshinobu Inoue *
99a4365d0SYoshinobu Inoue * Redistribution and use in source and binary forms, with or without
109a4365d0SYoshinobu Inoue * modification, are permitted provided that the following conditions
119a4365d0SYoshinobu Inoue * are met:
129a4365d0SYoshinobu Inoue * 1. Redistributions of source code must retain the above copyright
139a4365d0SYoshinobu Inoue * notice, this list of conditions and the following disclaimer.
149a4365d0SYoshinobu Inoue * 2. Redistributions in binary form must reproduce the above copyright
159a4365d0SYoshinobu Inoue * notice, this list of conditions and the following disclaimer in the
169a4365d0SYoshinobu Inoue * documentation and/or other materials provided with the distribution.
179a4365d0SYoshinobu Inoue * 3. Neither the name of the project nor the names of its contributors
189a4365d0SYoshinobu Inoue * may be used to endorse or promote products derived from this software
199a4365d0SYoshinobu Inoue * without specific prior written permission.
209a4365d0SYoshinobu Inoue *
219a4365d0SYoshinobu Inoue * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
229a4365d0SYoshinobu Inoue * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
239a4365d0SYoshinobu Inoue * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
249a4365d0SYoshinobu Inoue * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
259a4365d0SYoshinobu Inoue * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
269a4365d0SYoshinobu Inoue * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
279a4365d0SYoshinobu Inoue * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
289a4365d0SYoshinobu Inoue * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
299a4365d0SYoshinobu Inoue * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
309a4365d0SYoshinobu Inoue * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
319a4365d0SYoshinobu Inoue * SUCH DAMAGE.
329a4365d0SYoshinobu Inoue */
339a4365d0SYoshinobu Inoue
349a4365d0SYoshinobu Inoue #include <sys/types.h>
359a4365d0SYoshinobu Inoue #include <sys/param.h>
369a4365d0SYoshinobu Inoue #include <sys/socket.h>
379a4365d0SYoshinobu Inoue
389a4365d0SYoshinobu Inoue #include <netinet/in.h>
39f63e7634SYoshinobu Inoue #include <net/pfkeyv2.h>
408409aedfSGeorge V. Neville-Neil #include <netipsec/key_debug.h>
418409aedfSGeorge V. Neville-Neil #include <netipsec/ipsec.h>
429a4365d0SYoshinobu Inoue
439a4365d0SYoshinobu Inoue #include <stdio.h>
449a4365d0SYoshinobu Inoue #include <stdlib.h>
459a4365d0SYoshinobu Inoue #include <unistd.h>
469a4365d0SYoshinobu Inoue #include <string.h>
473c62e87aSJun-ichiro itojun Hagino #include <errno.h>
489a4365d0SYoshinobu Inoue #include <err.h>
499a4365d0SYoshinobu Inoue
5033841545SHajimu UMEMOTO #include "libpfkey.h"
5133841545SHajimu UMEMOTO
523c62e87aSJun-ichiro itojun Hagino struct req_t {
533c62e87aSJun-ichiro itojun Hagino int result; /* expected result; 0:ok 1:ng */
543c62e87aSJun-ichiro itojun Hagino char *str;
553c62e87aSJun-ichiro itojun Hagino } reqs[] = {
563c62e87aSJun-ichiro itojun Hagino { 0, "out ipsec" },
573c62e87aSJun-ichiro itojun Hagino { 1, "must_error" },
583c62e87aSJun-ichiro itojun Hagino { 1, "in ipsec must_error" },
593c62e87aSJun-ichiro itojun Hagino { 1, "out ipsec esp/must_error" },
603c62e87aSJun-ichiro itojun Hagino { 1, "out discard" },
613c62e87aSJun-ichiro itojun Hagino { 1, "out none" },
623c62e87aSJun-ichiro itojun Hagino { 0, "in entrust" },
633c62e87aSJun-ichiro itojun Hagino { 0, "out entrust" },
643c62e87aSJun-ichiro itojun Hagino { 1, "out ipsec esp" },
653c62e87aSJun-ichiro itojun Hagino { 0, "in ipsec ah/transport" },
663c62e87aSJun-ichiro itojun Hagino { 1, "in ipsec ah/tunnel" },
673c62e87aSJun-ichiro itojun Hagino { 0, "out ipsec ah/transport/" },
683c62e87aSJun-ichiro itojun Hagino { 1, "out ipsec ah/tunnel/" },
693c62e87aSJun-ichiro itojun Hagino { 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" },
703c62e87aSJun-ichiro itojun Hagino { 0, "in ipsec esp/tunnel/::1-::2" },
713c62e87aSJun-ichiro itojun Hagino { 1, "in ipsec esp/tunnel/10.0.0.1-::2" },
723c62e87aSJun-ichiro itojun Hagino { 0, "in ipsec esp/tunnel/::1-::2/require" },
733c62e87aSJun-ichiro itojun Hagino { 0, "out ipsec ah/transport//use" },
743c62e87aSJun-ichiro itojun Hagino { 1, "out ipsec ah/transport esp/use" },
753c62e87aSJun-ichiro itojun Hagino { 1, "in ipsec ah/transport esp/tunnel" },
763c62e87aSJun-ichiro itojun Hagino { 0, "in ipsec ah/transport esp/tunnel/::1-::1" },
7783ad5a86SGleb Smirnoff { 0, "in ipsec\n"
7883ad5a86SGleb Smirnoff "ah / transport\n"
7983ad5a86SGleb Smirnoff "esp / tunnel / ::1-::2" },
8083ad5a86SGleb Smirnoff { 0, "out ipsec\n"
8183ad5a86SGleb Smirnoff "ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
8283ad5a86SGleb Smirnoff "ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n"
8383ad5a86SGleb Smirnoff "ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require\n" },
843c62e87aSJun-ichiro itojun Hagino { 0, "out ipsec esp/transport/fec0::10-fec0::11/use" },
859a4365d0SYoshinobu Inoue };
869a4365d0SYoshinobu Inoue
8769160b1eSDavid E. O'Brien int test1(void);
8869160b1eSDavid E. O'Brien int test1sub1(struct req_t *);
8969160b1eSDavid E. O'Brien int test1sub2(char *, int);
9069160b1eSDavid E. O'Brien int test2(void);
9169160b1eSDavid E. O'Brien int test2sub(int);
929a4365d0SYoshinobu Inoue
939a4365d0SYoshinobu Inoue int
main(ac,av)949a4365d0SYoshinobu Inoue main(ac, av)
959a4365d0SYoshinobu Inoue int ac;
969a4365d0SYoshinobu Inoue char **av;
979a4365d0SYoshinobu Inoue {
983c62e87aSJun-ichiro itojun Hagino test1();
993c62e87aSJun-ichiro itojun Hagino test2();
1003c62e87aSJun-ichiro itojun Hagino
1013c62e87aSJun-ichiro itojun Hagino exit(0);
1023c62e87aSJun-ichiro itojun Hagino }
1033c62e87aSJun-ichiro itojun Hagino
1043c62e87aSJun-ichiro itojun Hagino int
test1()1053c62e87aSJun-ichiro itojun Hagino test1()
1063c62e87aSJun-ichiro itojun Hagino {
1079a4365d0SYoshinobu Inoue int i;
1083c62e87aSJun-ichiro itojun Hagino int result;
1099a4365d0SYoshinobu Inoue
1103c62e87aSJun-ichiro itojun Hagino printf("TEST1\n");
1113c62e87aSJun-ichiro itojun Hagino for (i = 0; i < sizeof(reqs)/sizeof(reqs[0]); i++) {
1123c62e87aSJun-ichiro itojun Hagino printf("#%d [%s]\n", i + 1, reqs[i].str);
1139a4365d0SYoshinobu Inoue
1143c62e87aSJun-ichiro itojun Hagino result = test1sub1(&reqs[i]);
1153c62e87aSJun-ichiro itojun Hagino if (result == 0 && reqs[i].result == 1) {
1169713f5c1SHajimu UMEMOTO warnx("ERROR: expecting failure.");
1173c62e87aSJun-ichiro itojun Hagino } else if (result == 1 && reqs[i].result == 0) {
1189713f5c1SHajimu UMEMOTO warnx("ERROR: expecting success.");
1199a4365d0SYoshinobu Inoue }
1209a4365d0SYoshinobu Inoue }
1219a4365d0SYoshinobu Inoue
1229a4365d0SYoshinobu Inoue return 0;
1239a4365d0SYoshinobu Inoue }
1249a4365d0SYoshinobu Inoue
1259a4365d0SYoshinobu Inoue int
test1sub1(req)1263c62e87aSJun-ichiro itojun Hagino test1sub1(req)
1273c62e87aSJun-ichiro itojun Hagino struct req_t *req;
1283c62e87aSJun-ichiro itojun Hagino {
1293c62e87aSJun-ichiro itojun Hagino char *buf;
1303c62e87aSJun-ichiro itojun Hagino
1313c62e87aSJun-ichiro itojun Hagino buf = ipsec_set_policy(req->str, strlen(req->str));
1323c62e87aSJun-ichiro itojun Hagino if (buf == NULL) {
1333c62e87aSJun-ichiro itojun Hagino printf("ipsec_set_policy: %s\n", ipsec_strerror());
1343c62e87aSJun-ichiro itojun Hagino return 1;
1353c62e87aSJun-ichiro itojun Hagino }
1363c62e87aSJun-ichiro itojun Hagino
1373c62e87aSJun-ichiro itojun Hagino if (test1sub2(buf, PF_INET) != 0
1383c62e87aSJun-ichiro itojun Hagino || test1sub2(buf, PF_INET6) != 0) {
1393c62e87aSJun-ichiro itojun Hagino free(buf);
1403c62e87aSJun-ichiro itojun Hagino return 1;
1413c62e87aSJun-ichiro itojun Hagino }
1423c62e87aSJun-ichiro itojun Hagino #if 0
1433c62e87aSJun-ichiro itojun Hagino kdebug_sadb_x_policy((struct sadb_ext *)buf);
1443c62e87aSJun-ichiro itojun Hagino #endif
1453c62e87aSJun-ichiro itojun Hagino
1463c62e87aSJun-ichiro itojun Hagino free(buf);
1473c62e87aSJun-ichiro itojun Hagino return 0;
1483c62e87aSJun-ichiro itojun Hagino }
1493c62e87aSJun-ichiro itojun Hagino
1503c62e87aSJun-ichiro itojun Hagino int
test1sub2(policy,family)1513c62e87aSJun-ichiro itojun Hagino test1sub2(policy, family)
1529a4365d0SYoshinobu Inoue char *policy;
1539a4365d0SYoshinobu Inoue int family;
1549a4365d0SYoshinobu Inoue {
1553c62e87aSJun-ichiro itojun Hagino int so;
1563c62e87aSJun-ichiro itojun Hagino int proto = 0, optname = 0;
1579a4365d0SYoshinobu Inoue int len;
1589a4365d0SYoshinobu Inoue char getbuf[1024];
1599a4365d0SYoshinobu Inoue
1609a4365d0SYoshinobu Inoue switch (family) {
1619a4365d0SYoshinobu Inoue case PF_INET:
1629a4365d0SYoshinobu Inoue proto = IPPROTO_IP;
1639a4365d0SYoshinobu Inoue optname = IP_IPSEC_POLICY;
1649a4365d0SYoshinobu Inoue break;
1659a4365d0SYoshinobu Inoue case PF_INET6:
1669a4365d0SYoshinobu Inoue proto = IPPROTO_IPV6;
1679a4365d0SYoshinobu Inoue optname = IPV6_IPSEC_POLICY;
1689a4365d0SYoshinobu Inoue break;
1699a4365d0SYoshinobu Inoue }
1709a4365d0SYoshinobu Inoue
1719a4365d0SYoshinobu Inoue if ((so = socket(family, SOCK_DGRAM, 0)) < 0)
1729a4365d0SYoshinobu Inoue err(1, "socket");
1739a4365d0SYoshinobu Inoue
1749a4365d0SYoshinobu Inoue len = ipsec_get_policylen(policy);
1753c62e87aSJun-ichiro itojun Hagino #if 0
1763c62e87aSJun-ichiro itojun Hagino printf("\tsetlen:%d\n", len);
1773c62e87aSJun-ichiro itojun Hagino #endif
1783c62e87aSJun-ichiro itojun Hagino
1799a4365d0SYoshinobu Inoue if (setsockopt(so, proto, optname, policy, len) < 0) {
1803c62e87aSJun-ichiro itojun Hagino printf("fail to set sockopt; %s\n", strerror(errno));
1813c62e87aSJun-ichiro itojun Hagino close(so);
1823c62e87aSJun-ichiro itojun Hagino return 1;
1839a4365d0SYoshinobu Inoue }
1849a4365d0SYoshinobu Inoue
1859a4365d0SYoshinobu Inoue memset(getbuf, 0, sizeof(getbuf));
1863c62e87aSJun-ichiro itojun Hagino memcpy(getbuf, policy, sizeof(struct sadb_x_policy));
1879a4365d0SYoshinobu Inoue if (getsockopt(so, proto, optname, getbuf, &len) < 0) {
1883c62e87aSJun-ichiro itojun Hagino printf("fail to get sockopt; %s\n", strerror(errno));
1893c62e87aSJun-ichiro itojun Hagino close(so);
1903c62e87aSJun-ichiro itojun Hagino return 1;
1919a4365d0SYoshinobu Inoue }
1929a4365d0SYoshinobu Inoue
1939a4365d0SYoshinobu Inoue {
1949a4365d0SYoshinobu Inoue char *buf = NULL;
1959a4365d0SYoshinobu Inoue
1963c62e87aSJun-ichiro itojun Hagino #if 0
1979a4365d0SYoshinobu Inoue printf("\tgetlen:%d\n", len);
1983c62e87aSJun-ichiro itojun Hagino #endif
1999a4365d0SYoshinobu Inoue
2009a4365d0SYoshinobu Inoue if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) {
2019a4365d0SYoshinobu Inoue printf("%s\n", ipsec_strerror());
2023c62e87aSJun-ichiro itojun Hagino close(so);
2033c62e87aSJun-ichiro itojun Hagino return 1;
2043c62e87aSJun-ichiro itojun Hagino }
2053c62e87aSJun-ichiro itojun Hagino #if 0
2069a4365d0SYoshinobu Inoue printf("\t[%s]\n", buf);
2073c62e87aSJun-ichiro itojun Hagino #endif
2089a4365d0SYoshinobu Inoue free(buf);
2099a4365d0SYoshinobu Inoue }
2103c62e87aSJun-ichiro itojun Hagino
2113c62e87aSJun-ichiro itojun Hagino close (so);
2123c62e87aSJun-ichiro itojun Hagino return 0;
2139a4365d0SYoshinobu Inoue }
2149a4365d0SYoshinobu Inoue
2153c62e87aSJun-ichiro itojun Hagino char addr[] = {
2163c62e87aSJun-ichiro itojun Hagino 28, 28, 0, 0,
2173c62e87aSJun-ichiro itojun Hagino 0, 0, 0, 0,
2183c62e87aSJun-ichiro itojun Hagino 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,
2193c62e87aSJun-ichiro itojun Hagino 0, 0, 0, 0,
2203c62e87aSJun-ichiro itojun Hagino };
2213c62e87aSJun-ichiro itojun Hagino
2223c62e87aSJun-ichiro itojun Hagino int
test2()2233c62e87aSJun-ichiro itojun Hagino test2()
2243c62e87aSJun-ichiro itojun Hagino {
2253c62e87aSJun-ichiro itojun Hagino int so;
2263c62e87aSJun-ichiro itojun Hagino char *pol1 = "out ipsec";
2273c62e87aSJun-ichiro itojun Hagino char *pol2 = "out ipsec ah/transport//use";
2283c62e87aSJun-ichiro itojun Hagino char *sp1, *sp2;
2293c62e87aSJun-ichiro itojun Hagino int splen1, splen2;
2303c62e87aSJun-ichiro itojun Hagino int spid;
2313c62e87aSJun-ichiro itojun Hagino struct sadb_msg *m;
2323c62e87aSJun-ichiro itojun Hagino
2333c62e87aSJun-ichiro itojun Hagino printf("TEST2\n");
2343c62e87aSJun-ichiro itojun Hagino if (getuid() != 0)
2359713f5c1SHajimu UMEMOTO errx(1, "root privilege required.");
2363c62e87aSJun-ichiro itojun Hagino
2373c62e87aSJun-ichiro itojun Hagino sp1 = ipsec_set_policy(pol1, strlen(pol1));
2383c62e87aSJun-ichiro itojun Hagino splen1 = ipsec_get_policylen(sp1);
2393c62e87aSJun-ichiro itojun Hagino sp2 = ipsec_set_policy(pol2, strlen(pol2));
2403c62e87aSJun-ichiro itojun Hagino splen2 = ipsec_get_policylen(sp2);
2413c62e87aSJun-ichiro itojun Hagino
2423c62e87aSJun-ichiro itojun Hagino if ((so = pfkey_open()) < 0)
2439713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2443c62e87aSJun-ichiro itojun Hagino
2453c62e87aSJun-ichiro itojun Hagino printf("spdflush()\n");
2463c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spdflush(so) < 0)
2479713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2483c62e87aSJun-ichiro itojun Hagino m = pfkey_recv(so);
2493c62e87aSJun-ichiro itojun Hagino free(m);
2503c62e87aSJun-ichiro itojun Hagino
2513c62e87aSJun-ichiro itojun Hagino printf("spdsetidx()\n");
2523c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spdsetidx(so, (struct sockaddr *)addr, 128,
2533c62e87aSJun-ichiro itojun Hagino (struct sockaddr *)addr, 128,
2543c62e87aSJun-ichiro itojun Hagino 255, sp1, splen1, 0) < 0)
2559713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2563c62e87aSJun-ichiro itojun Hagino m = pfkey_recv(so);
2573c62e87aSJun-ichiro itojun Hagino free(m);
2583c62e87aSJun-ichiro itojun Hagino
2593c62e87aSJun-ichiro itojun Hagino printf("spdupdate()\n");
2603c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,
2613c62e87aSJun-ichiro itojun Hagino (struct sockaddr *)addr, 128,
2623c62e87aSJun-ichiro itojun Hagino 255, sp2, splen2, 0) < 0)
2639713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2643c62e87aSJun-ichiro itojun Hagino m = pfkey_recv(so);
2653c62e87aSJun-ichiro itojun Hagino free(m);
2663c62e87aSJun-ichiro itojun Hagino
2679713f5c1SHajimu UMEMOTO printf("sleep(4)\n");
26833841545SHajimu UMEMOTO sleep(4);
26933841545SHajimu UMEMOTO
2703c62e87aSJun-ichiro itojun Hagino printf("spddelete()\n");
2713c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spddelete(so, (struct sockaddr *)addr, 128,
2723c62e87aSJun-ichiro itojun Hagino (struct sockaddr *)addr, 128,
2733c62e87aSJun-ichiro itojun Hagino 255, sp1, splen1, 0) < 0)
2749713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2753c62e87aSJun-ichiro itojun Hagino m = pfkey_recv(so);
2763c62e87aSJun-ichiro itojun Hagino free(m);
2773c62e87aSJun-ichiro itojun Hagino
2783c62e87aSJun-ichiro itojun Hagino printf("spdadd()\n");
2793c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spdadd(so, (struct sockaddr *)addr, 128,
2803c62e87aSJun-ichiro itojun Hagino (struct sockaddr *)addr, 128,
2813c62e87aSJun-ichiro itojun Hagino 255, sp2, splen2, 0) < 0)
2829713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2833c62e87aSJun-ichiro itojun Hagino spid = test2sub(so);
2843c62e87aSJun-ichiro itojun Hagino
2853c62e87aSJun-ichiro itojun Hagino printf("spdget(%u)\n", spid);
2863c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spdget(so, spid) < 0)
2879713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2883c62e87aSJun-ichiro itojun Hagino m = pfkey_recv(so);
2893c62e87aSJun-ichiro itojun Hagino free(m);
2903c62e87aSJun-ichiro itojun Hagino
2919713f5c1SHajimu UMEMOTO printf("sleep(4)\n");
29233841545SHajimu UMEMOTO sleep(4);
29333841545SHajimu UMEMOTO
2943c62e87aSJun-ichiro itojun Hagino printf("spddelete2()\n");
2953c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spddelete2(so, spid) < 0)
2969713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
2973c62e87aSJun-ichiro itojun Hagino m = pfkey_recv(so);
2983c62e87aSJun-ichiro itojun Hagino free(m);
2993c62e87aSJun-ichiro itojun Hagino
30033841545SHajimu UMEMOTO printf("spdadd() with lifetime's 10(s)\n");
30133841545SHajimu UMEMOTO if (pfkey_send_spdadd2(so, (struct sockaddr *)addr, 128,
30233841545SHajimu UMEMOTO (struct sockaddr *)addr, 128,
30333841545SHajimu UMEMOTO 255, 0, 10, sp2, splen2, 0) < 0)
3049713f5c1SHajimu UMEMOTO errx(1, "ERROR: %s", ipsec_strerror());
30533841545SHajimu UMEMOTO spid = test2sub(so);
30633841545SHajimu UMEMOTO
3073c62e87aSJun-ichiro itojun Hagino /* expecting failure */
3083c62e87aSJun-ichiro itojun Hagino printf("spdupdate()\n");
3093c62e87aSJun-ichiro itojun Hagino if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128,
3103c62e87aSJun-ichiro itojun Hagino (struct sockaddr *)addr, 128,
3113c62e87aSJun-ichiro itojun Hagino 255, sp2, splen2, 0) == 0) {
3129713f5c1SHajimu UMEMOTO warnx("ERROR: expecting failure.");
3133c62e87aSJun-ichiro itojun Hagino }
3149a4365d0SYoshinobu Inoue
3159a4365d0SYoshinobu Inoue return 0;
3169a4365d0SYoshinobu Inoue }
3179a4365d0SYoshinobu Inoue
3183c62e87aSJun-ichiro itojun Hagino int
test2sub(so)3193c62e87aSJun-ichiro itojun Hagino test2sub(so)
3203c62e87aSJun-ichiro itojun Hagino int so;
3213c62e87aSJun-ichiro itojun Hagino {
3223c62e87aSJun-ichiro itojun Hagino struct sadb_msg *msg;
3233c62e87aSJun-ichiro itojun Hagino caddr_t mhp[SADB_EXT_MAX + 1];
3243c62e87aSJun-ichiro itojun Hagino
3253c62e87aSJun-ichiro itojun Hagino if ((msg = pfkey_recv(so)) == NULL)
3269713f5c1SHajimu UMEMOTO errx(1, "ERROR: pfkey_recv failure.");
3273c62e87aSJun-ichiro itojun Hagino if (pfkey_align(msg, mhp) < 0)
3289713f5c1SHajimu UMEMOTO errx(1, "ERROR: pfkey_align failure.");
3293c62e87aSJun-ichiro itojun Hagino
3303c62e87aSJun-ichiro itojun Hagino return ((struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY])->sadb_x_policy_id;
3313c62e87aSJun-ichiro itojun Hagino }
3323c62e87aSJun-ichiro itojun Hagino
333