xref: /freebsd/sbin/ipf/ipsend/ipsopt.c (revision ec0ea6efa1ad229d75c394c1a9b9cac33af2b1d3)
1 /*	$FreeBSD$	*/
2 
3 /*
4  * Copyright (C) 2012 by Darren Reed.
5  *
6  * See the IPFILTER.LICENCE file for details on licencing.
7  *
8  */
9 #if !defined(lint)
10 static const char sccsid[] = "@(#)ipsopt.c	1.2 1/11/96 (C)1995 Darren Reed";
11 static const char rcsid[] = "@(#)$Id$";
12 #endif
13 #include <sys/param.h>
14 #include <sys/types.h>
15 #include <sys/time.h>
16 #include <sys/socket.h>
17 #include <netinet/in.h>
18 #include <netinet/in_systm.h>
19 #include <netinet/ip.h>
20 #include <stdio.h>
21 #include <string.h>
22 #include <stdlib.h>
23 #include <netinet/ip_var.h>
24 #include <netinet/tcp.h>
25 #include <arpa/inet.h>
26 #include "ipsend.h"
27 
28 
29 #ifndef	__P
30 #  define	__P(x)	x
31 #endif
32 
33 
34 struct ipopt_names ionames[] = {
35 	{ IPOPT_EOL,	0x01,	1, "eol" },
36 	{ IPOPT_NOP,	0x02,	1, "nop" },
37 	{ IPOPT_RR,	0x04,	3, "rr" },	/* 1 route */
38 	{ IPOPT_TS,	0x08,	8, "ts" },	/* 1 TS */
39 	{ IPOPT_SECURITY, 0x08,	11, "sec-level" },
40 	{ IPOPT_LSRR,	0x10,	7, "lsrr" },	/* 1 route */
41 	{ IPOPT_SATID,	0x20,	4, "satid" },
42 	{ IPOPT_SSRR,	0x40,	7, "ssrr" },	/* 1 route */
43 	{ 0, 0, 0, NULL }	/* must be last */
44 };
45 
46 struct	ipopt_names secnames[] = {
47 	{ IPOPT_SECUR_UNCLASS,	0x0100,	0, "unclass" },
48 	{ IPOPT_SECUR_CONFID,	0x0200,	0, "confid" },
49 	{ IPOPT_SECUR_EFTO,	0x0400,	0, "efto" },
50 	{ IPOPT_SECUR_MMMM,	0x0800,	0, "mmmm" },
51 	{ IPOPT_SECUR_RESTR,	0x1000,	0, "restr" },
52 	{ IPOPT_SECUR_SECRET,	0x2000,	0, "secret" },
53 	{ IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" },
54 	{ 0, 0, 0, NULL }	/* must be last */
55 };
56 
57 
58 u_short ipseclevel(slevel)
59 	char *slevel;
60 {
61 	struct ipopt_names *so;
62 
63 	for (so = secnames; so->on_name; so++)
64 		if (!strcasecmp(slevel, so->on_name))
65 			break;
66 
67 	if (!so->on_name) {
68 		fprintf(stderr, "no such security level: %s\n", slevel);
69 		return 0;
70 	}
71 	return so->on_value;
72 }
73 
74 
75 int addipopt(op, io, len, class)
76 	char *op;
77 	struct ipopt_names *io;
78 	int len;
79 	char *class;
80 {
81 	struct in_addr ipadr;
82 	int olen = len, srr = 0;
83 	u_short val;
84 	u_char lvl;
85 	char *s = op, *t;
86 
87 	if ((len + io->on_siz) > 48) {
88 		fprintf(stderr, "options too long\n");
89 		return 0;
90 	}
91 	len += io->on_siz;
92 	*op++ = io->on_value;
93 	if (io->on_siz > 1) {
94 		/*
95 		 * Allow option to specify RR buffer length in bytes.
96 		 */
97 		if (io->on_value == IPOPT_RR) {
98 			val = (class && *class) ? atoi(class) : 4;
99 			*op++ = val + io->on_siz;
100 			len += val;
101 		} else
102 			*op++ = io->on_siz;
103 		if (io->on_value == IPOPT_TS)
104 			*op++ = IPOPT_MINOFF + 1;
105 		else
106 			*op++ = IPOPT_MINOFF;
107 
108 		while (class && *class) {
109 			t = NULL;
110 			switch (io->on_value)
111 			{
112 			case IPOPT_SECURITY :
113 				lvl = ipseclevel(class);
114 				*(op - 1) = lvl;
115 				break;
116 			case IPOPT_LSRR :
117 			case IPOPT_SSRR :
118 				if ((t = strchr(class, ',')))
119 					*t = '\0';
120 				ipadr.s_addr = inet_addr(class);
121 				srr++;
122 				bcopy((char *)&ipadr, op, sizeof(ipadr));
123 				op += sizeof(ipadr);
124 				break;
125 			case IPOPT_SATID :
126 				val = atoi(class);
127 				bcopy((char *)&val, op, 2);
128 				break;
129 			}
130 
131 			if (t)
132 				*t++ = ',';
133 			class = t;
134 		}
135 		if (srr)
136 			s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr;
137 		if (io->on_value == IPOPT_RR)
138 			op += val;
139 		else
140 			op += io->on_siz - 3;
141 	}
142 	return len - olen;
143 }
144 
145 
146 u_32_t buildopts(cp, op, len)
147 	char *cp, *op;
148 	int len;
149 {
150 	struct ipopt_names *io;
151 	u_32_t msk = 0;
152 	char *s, *t;
153 	int inc, lastop = -1;
154 
155 	for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
156 		if ((t = strchr(s, '=')))
157 			*t++ = '\0';
158 		for (io = ionames; io->on_name; io++) {
159 			if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
160 				continue;
161 			lastop = io->on_value;
162 			if ((inc = addipopt(op, io, len, t))) {
163 				op += inc;
164 				len += inc;
165 			}
166 			msk |= io->on_bit;
167 			break;
168 		}
169 		if (!io->on_name) {
170 			fprintf(stderr, "unknown IP option name %s\n", s);
171 			return 0;
172 		}
173 	}
174 
175 	if (len & 3) {
176 		while (len & 3) {
177 			*op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP;
178 			len++;
179 		}
180 	} else {
181 		if (lastop != IPOPT_EOL) {
182 			if (lastop == IPOPT_NOP)
183 				*(op - 1) = IPOPT_EOL;
184 			else {
185 				*op++ = IPOPT_NOP;
186 				*op++ = IPOPT_NOP;
187 				*op++ = IPOPT_NOP;
188 				*op = IPOPT_EOL;
189 				len += 4;
190 			}
191 		}
192 	}
193 	return len;
194 }
195