1 /* $FreeBSD$ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 */ 9 #if !defined(lint) 10 static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed"; 11 static const char rcsid[] = "@(#)$Id$"; 12 #endif 13 #include <sys/param.h> 14 #include <sys/types.h> 15 #include <sys/time.h> 16 #include <sys/socket.h> 17 #include <netinet/in.h> 18 #include <netinet/in_systm.h> 19 #include <netinet/ip.h> 20 #include <stdio.h> 21 #include <string.h> 22 #include <stdlib.h> 23 #include <netinet/ip_var.h> 24 #include <netinet/tcp.h> 25 #include <arpa/inet.h> 26 #include "ipsend.h" 27 28 29 #ifndef __P 30 # define __P(x) x 31 #endif 32 33 34 struct ipopt_names ionames[] = { 35 { IPOPT_EOL, 0x01, 1, "eol" }, 36 { IPOPT_NOP, 0x02, 1, "nop" }, 37 { IPOPT_RR, 0x04, 3, "rr" }, /* 1 route */ 38 { IPOPT_TS, 0x08, 8, "ts" }, /* 1 TS */ 39 { IPOPT_SECURITY, 0x08, 11, "sec-level" }, 40 { IPOPT_LSRR, 0x10, 7, "lsrr" }, /* 1 route */ 41 { IPOPT_SATID, 0x20, 4, "satid" }, 42 { IPOPT_SSRR, 0x40, 7, "ssrr" }, /* 1 route */ 43 { 0, 0, 0, NULL } /* must be last */ 44 }; 45 46 struct ipopt_names secnames[] = { 47 { IPOPT_SECUR_UNCLASS, 0x0100, 0, "unclass" }, 48 { IPOPT_SECUR_CONFID, 0x0200, 0, "confid" }, 49 { IPOPT_SECUR_EFTO, 0x0400, 0, "efto" }, 50 { IPOPT_SECUR_MMMM, 0x0800, 0, "mmmm" }, 51 { IPOPT_SECUR_RESTR, 0x1000, 0, "restr" }, 52 { IPOPT_SECUR_SECRET, 0x2000, 0, "secret" }, 53 { IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" }, 54 { 0, 0, 0, NULL } /* must be last */ 55 }; 56 57 58 u_short ipseclevel(slevel) 59 char *slevel; 60 { 61 struct ipopt_names *so; 62 63 for (so = secnames; so->on_name; so++) 64 if (!strcasecmp(slevel, so->on_name)) 65 break; 66 67 if (!so->on_name) { 68 fprintf(stderr, "no such security level: %s\n", slevel); 69 return 0; 70 } 71 return so->on_value; 72 } 73 74 75 int addipopt(op, io, len, class) 76 char *op; 77 struct ipopt_names *io; 78 int len; 79 char *class; 80 { 81 struct in_addr ipadr; 82 int olen = len, srr = 0; 83 u_short val; 84 u_char lvl; 85 char *s = op, *t; 86 87 if ((len + io->on_siz) > 48) { 88 fprintf(stderr, "options too long\n"); 89 return 0; 90 } 91 len += io->on_siz; 92 *op++ = io->on_value; 93 if (io->on_siz > 1) { 94 /* 95 * Allow option to specify RR buffer length in bytes. 96 */ 97 if (io->on_value == IPOPT_RR) { 98 val = (class && *class) ? atoi(class) : 4; 99 *op++ = val + io->on_siz; 100 len += val; 101 } else 102 *op++ = io->on_siz; 103 if (io->on_value == IPOPT_TS) 104 *op++ = IPOPT_MINOFF + 1; 105 else 106 *op++ = IPOPT_MINOFF; 107 108 while (class && *class) { 109 t = NULL; 110 switch (io->on_value) 111 { 112 case IPOPT_SECURITY : 113 lvl = ipseclevel(class); 114 *(op - 1) = lvl; 115 break; 116 case IPOPT_LSRR : 117 case IPOPT_SSRR : 118 if ((t = strchr(class, ','))) 119 *t = '\0'; 120 ipadr.s_addr = inet_addr(class); 121 srr++; 122 bcopy((char *)&ipadr, op, sizeof(ipadr)); 123 op += sizeof(ipadr); 124 break; 125 case IPOPT_SATID : 126 val = atoi(class); 127 bcopy((char *)&val, op, 2); 128 break; 129 } 130 131 if (t) 132 *t++ = ','; 133 class = t; 134 } 135 if (srr) 136 s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr; 137 if (io->on_value == IPOPT_RR) 138 op += val; 139 else 140 op += io->on_siz - 3; 141 } 142 return len - olen; 143 } 144 145 146 u_32_t buildopts(cp, op, len) 147 char *cp, *op; 148 int len; 149 { 150 struct ipopt_names *io; 151 u_32_t msk = 0; 152 char *s, *t; 153 int inc, lastop = -1; 154 155 for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) { 156 if ((t = strchr(s, '='))) 157 *t++ = '\0'; 158 for (io = ionames; io->on_name; io++) { 159 if (strcasecmp(s, io->on_name) || (msk & io->on_bit)) 160 continue; 161 lastop = io->on_value; 162 if ((inc = addipopt(op, io, len, t))) { 163 op += inc; 164 len += inc; 165 } 166 msk |= io->on_bit; 167 break; 168 } 169 if (!io->on_name) { 170 fprintf(stderr, "unknown IP option name %s\n", s); 171 return 0; 172 } 173 } 174 175 if (len & 3) { 176 while (len & 3) { 177 *op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP; 178 len++; 179 } 180 } else { 181 if (lastop != IPOPT_EOL) { 182 if (lastop == IPOPT_NOP) 183 *(op - 1) = IPOPT_EOL; 184 else { 185 *op++ = IPOPT_NOP; 186 *op++ = IPOPT_NOP; 187 *op++ = IPOPT_NOP; 188 *op = IPOPT_EOL; 189 len += 4; 190 } 191 } 192 } 193 return len; 194 } 195