xref: /freebsd/lib/libipsec/test-policy.c (revision f63e7634ac231cf8d68ca60f1716f15fce01950f) 
19a4365d0SYoshinobu Inoue /*
29a4365d0SYoshinobu Inoue  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
39a4365d0SYoshinobu Inoue  * All rights reserved.
49a4365d0SYoshinobu Inoue  *
59a4365d0SYoshinobu Inoue  * Redistribution and use in source and binary forms, with or without
69a4365d0SYoshinobu Inoue  * modification, are permitted provided that the following conditions
79a4365d0SYoshinobu Inoue  * are met:
89a4365d0SYoshinobu Inoue  * 1. Redistributions of source code must retain the above copyright
99a4365d0SYoshinobu Inoue  *    notice, this list of conditions and the following disclaimer.
109a4365d0SYoshinobu Inoue  * 2. Redistributions in binary form must reproduce the above copyright
119a4365d0SYoshinobu Inoue  *    notice, this list of conditions and the following disclaimer in the
129a4365d0SYoshinobu Inoue  *    documentation and/or other materials provided with the distribution.
139a4365d0SYoshinobu Inoue  * 3. Neither the name of the project nor the names of its contributors
149a4365d0SYoshinobu Inoue  *    may be used to endorse or promote products derived from this software
159a4365d0SYoshinobu Inoue  *    without specific prior written permission.
169a4365d0SYoshinobu Inoue  *
179a4365d0SYoshinobu Inoue  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
189a4365d0SYoshinobu Inoue  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
199a4365d0SYoshinobu Inoue  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
209a4365d0SYoshinobu Inoue  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
219a4365d0SYoshinobu Inoue  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
229a4365d0SYoshinobu Inoue  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
239a4365d0SYoshinobu Inoue  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
249a4365d0SYoshinobu Inoue  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
259a4365d0SYoshinobu Inoue  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
269a4365d0SYoshinobu Inoue  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
279a4365d0SYoshinobu Inoue  * SUCH DAMAGE.
289a4365d0SYoshinobu Inoue  *
299a4365d0SYoshinobu Inoue  * $FreeBSD$
309a4365d0SYoshinobu Inoue  */
319a4365d0SYoshinobu Inoue 
329a4365d0SYoshinobu Inoue #include <sys/types.h>
339a4365d0SYoshinobu Inoue #include <sys/param.h>
349a4365d0SYoshinobu Inoue #include <sys/socket.h>
359a4365d0SYoshinobu Inoue 
369a4365d0SYoshinobu Inoue #include <netinet/in.h>
379a4365d0SYoshinobu Inoue #include <netinet6/in6.h>
38f63e7634SYoshinobu Inoue #include <net/pfkeyv2.h>
399a4365d0SYoshinobu Inoue #include <netkey/key_debug.h>
409a4365d0SYoshinobu Inoue #include <netinet6/ipsec.h>
419a4365d0SYoshinobu Inoue 
429a4365d0SYoshinobu Inoue #include <stdio.h>
439a4365d0SYoshinobu Inoue #include <stdlib.h>
449a4365d0SYoshinobu Inoue #include <unistd.h>
459a4365d0SYoshinobu Inoue #include <string.h>
469a4365d0SYoshinobu Inoue #include <err.h>
479a4365d0SYoshinobu Inoue 
489a4365d0SYoshinobu Inoue char *requests[] = {
499a4365d0SYoshinobu Inoue "must_error",				/* error */
509a4365d0SYoshinobu Inoue "in ipsec must_error",			/* error */
519a4365d0SYoshinobu Inoue "out ipsec esp/must_error",		/* error */
529a4365d0SYoshinobu Inoue "out discard",
539a4365d0SYoshinobu Inoue "out none",
549a4365d0SYoshinobu Inoue "in entrust",
559a4365d0SYoshinobu Inoue "out entrust",
569a4365d0SYoshinobu Inoue "in bypass",				/* may be error */
579a4365d0SYoshinobu Inoue "out ipsec esp",			/* error */
589a4365d0SYoshinobu Inoue "in ipsec ah/transport",
599a4365d0SYoshinobu Inoue "in ipsec ah/tunnel",			/* error */
609a4365d0SYoshinobu Inoue "out ipsec ah/transport/",
619a4365d0SYoshinobu Inoue "out ipsec ah/tunnel/",			/* error */
629a4365d0SYoshinobu Inoue "in ipsec esp / transport / 10.0.0.1-10.0.0.2",
639a4365d0SYoshinobu Inoue "in ipsec esp/tunnel/::1-::2",
649a4365d0SYoshinobu Inoue "in ipsec esp/tunnel/10.0.0.1-::2",	/* error */
659a4365d0SYoshinobu Inoue "in ipsec esp/tunnel/::1-::2/require",
669a4365d0SYoshinobu Inoue "out ipsec ah/transport//use",
679a4365d0SYoshinobu Inoue "out ipsec ah/transport esp/use",
689a4365d0SYoshinobu Inoue "in ipsec ah/transport esp/tunnel",	/* error */
699a4365d0SYoshinobu Inoue "in ipsec
709a4365d0SYoshinobu Inoue 	ah / transport
719a4365d0SYoshinobu Inoue 	esp / tunnel / ::1-::2",
729a4365d0SYoshinobu Inoue "
739a4365d0SYoshinobu Inoue out ipsec
749a4365d0SYoshinobu Inoue ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require
759a4365d0SYoshinobu Inoue ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require
769a4365d0SYoshinobu Inoue ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require
779a4365d0SYoshinobu Inoue ",
789a4365d0SYoshinobu Inoue "out ipsec esp/transport/fec0::10-fec0::11/use",
799a4365d0SYoshinobu Inoue };
809a4365d0SYoshinobu Inoue 
819a4365d0SYoshinobu Inoue int test(char *buf, int family);
829a4365d0SYoshinobu Inoue 
839a4365d0SYoshinobu Inoue int
849a4365d0SYoshinobu Inoue main(ac, av)
859a4365d0SYoshinobu Inoue 	int ac;
869a4365d0SYoshinobu Inoue 	char **av;
879a4365d0SYoshinobu Inoue {
889a4365d0SYoshinobu Inoue 	int do_setsockopt;
899a4365d0SYoshinobu Inoue 	char *buf;
909a4365d0SYoshinobu Inoue 	int i;
919a4365d0SYoshinobu Inoue 
929a4365d0SYoshinobu Inoue 	if (ac != 1)
939a4365d0SYoshinobu Inoue 		do_setsockopt = 1;
949a4365d0SYoshinobu Inoue 	else
959a4365d0SYoshinobu Inoue 		do_setsockopt = 0;
969a4365d0SYoshinobu Inoue 
979a4365d0SYoshinobu Inoue 	for (i = 0; i < sizeof(requests)/sizeof(requests[0]); i++) {
989a4365d0SYoshinobu Inoue 		printf("*** requests ***\n");
999a4365d0SYoshinobu Inoue 		printf("\t[%s]\n", requests[i]);
1009a4365d0SYoshinobu Inoue 
1019a4365d0SYoshinobu Inoue 		buf = ipsec_set_policy(requests[i], strlen(requests[i]));
1029a4365d0SYoshinobu Inoue 		if (buf == NULL) {
1039a4365d0SYoshinobu Inoue 			printf("ipsec_set_policy: %s\n", ipsec_strerror());
1049a4365d0SYoshinobu Inoue 			continue;
1059a4365d0SYoshinobu Inoue 		}
1069a4365d0SYoshinobu Inoue 
1079a4365d0SYoshinobu Inoue 		printf("\tsetlen:%d\n", ipsec_get_policylen(buf));
1089a4365d0SYoshinobu Inoue 
1099a4365d0SYoshinobu Inoue 		if (do_setsockopt) {
1109a4365d0SYoshinobu Inoue 			printf("\tPF_INET:\n");
1119a4365d0SYoshinobu Inoue 			test(buf, PF_INET);
1129a4365d0SYoshinobu Inoue 
1139a4365d0SYoshinobu Inoue 			printf("\tPF_INET6:\n");
1149a4365d0SYoshinobu Inoue 			test(buf, PF_INET6);
1159a4365d0SYoshinobu Inoue 		} else {
1169a4365d0SYoshinobu Inoue 			kdebug_sadb_x_policy((struct sadb_ext *)buf);
1179a4365d0SYoshinobu Inoue 		}
1189a4365d0SYoshinobu Inoue 		free(buf);
1199a4365d0SYoshinobu Inoue 	}
1209a4365d0SYoshinobu Inoue 
1219a4365d0SYoshinobu Inoue 	return 0;
1229a4365d0SYoshinobu Inoue }
1239a4365d0SYoshinobu Inoue 
1249a4365d0SYoshinobu Inoue int
1259a4365d0SYoshinobu Inoue test(policy, family)
1269a4365d0SYoshinobu Inoue 	char *policy;
1279a4365d0SYoshinobu Inoue 	int family;
1289a4365d0SYoshinobu Inoue {
1299a4365d0SYoshinobu Inoue 	int so, proto, optname;
1309a4365d0SYoshinobu Inoue 	int len;
1319a4365d0SYoshinobu Inoue 	char getbuf[1024];
1329a4365d0SYoshinobu Inoue 
1339a4365d0SYoshinobu Inoue 	switch (family) {
1349a4365d0SYoshinobu Inoue 	case PF_INET:
1359a4365d0SYoshinobu Inoue 		proto = IPPROTO_IP;
1369a4365d0SYoshinobu Inoue 		optname = IP_IPSEC_POLICY;
1379a4365d0SYoshinobu Inoue 		break;
1389a4365d0SYoshinobu Inoue 	case PF_INET6:
1399a4365d0SYoshinobu Inoue 		proto = IPPROTO_IPV6;
1409a4365d0SYoshinobu Inoue 		optname = IPV6_IPSEC_POLICY;
1419a4365d0SYoshinobu Inoue 		break;
1429a4365d0SYoshinobu Inoue 	}
1439a4365d0SYoshinobu Inoue 
1449a4365d0SYoshinobu Inoue 	if ((so = socket(family, SOCK_DGRAM, 0)) < 0)
1459a4365d0SYoshinobu Inoue 		err(1, "socket");
1469a4365d0SYoshinobu Inoue 
1479a4365d0SYoshinobu Inoue 	len = ipsec_get_policylen(policy);
1489a4365d0SYoshinobu Inoue 	if (setsockopt(so, proto, optname, policy, len) < 0) {
1499a4365d0SYoshinobu Inoue 		printf("error on setsockopt");
1509a4365d0SYoshinobu Inoue 		goto end;
1519a4365d0SYoshinobu Inoue 	}
1529a4365d0SYoshinobu Inoue 
1539a4365d0SYoshinobu Inoue 	len = sizeof(getbuf);
1549a4365d0SYoshinobu Inoue 	memset(getbuf, 0, sizeof(getbuf));
1559a4365d0SYoshinobu Inoue 	if (getsockopt(so, proto, optname, getbuf, &len) < 0) {
1569a4365d0SYoshinobu Inoue 		printf("error on getsockopt");
1579a4365d0SYoshinobu Inoue 		goto end;
1589a4365d0SYoshinobu Inoue 	}
1599a4365d0SYoshinobu Inoue 
1609a4365d0SYoshinobu Inoue     {
1619a4365d0SYoshinobu Inoue 	char *buf = NULL;
1629a4365d0SYoshinobu Inoue 
1639a4365d0SYoshinobu Inoue 	printf("\tgetlen:%d\n", len);
1649a4365d0SYoshinobu Inoue 
1659a4365d0SYoshinobu Inoue 	if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) {
1669a4365d0SYoshinobu Inoue 		printf("%s\n", ipsec_strerror());
1679a4365d0SYoshinobu Inoue 		goto end;
1689a4365d0SYoshinobu Inoue 	} else {
1699a4365d0SYoshinobu Inoue 		printf("\t[%s]\n", buf);
1709a4365d0SYoshinobu Inoue 		free(buf);
1719a4365d0SYoshinobu Inoue 	}
1729a4365d0SYoshinobu Inoue     }
1739a4365d0SYoshinobu Inoue 
1749a4365d0SYoshinobu Inoue     end:
1759a4365d0SYoshinobu Inoue 	close (so);
1769a4365d0SYoshinobu Inoue 
1779a4365d0SYoshinobu Inoue 	return 0;
1789a4365d0SYoshinobu Inoue }
1799a4365d0SYoshinobu Inoue 
180