xref: /netbsd-src/external/bsd/ipf/dist/ipsend/ipsopt.c (revision 07967fb18af5b87d2d477c5b3e1e438bf0c293fb) 
1 /*	$NetBSD: ipsopt.c,v 1.3 2018/02/04 08:19:42 mrg Exp $	*/
2 
3 /*
4  * Copyright (C) 2012 by Darren Reed.
5  *
6  * See the IPFILTER.LICENCE file for details on licencing.
7  *
8  */
9 #if !defined(lint)
10 static __attribute__((__used__)) const char sccsid[] = "@(#)ipsopt.c	1.2 1/11/96 (C)1995 Darren Reed";
11 static __attribute__((__used__)) const char rcsid[] = "@(#)Id: ipsopt.c,v 1.1.1.2 2012/07/22 13:44:36 darrenr Exp $";
12 #endif
13 #include <sys/param.h>
14 #include <sys/types.h>
15 #include <sys/time.h>
16 #include <sys/socket.h>
17 #include <netinet/in.h>
18 #include <netinet/in_systm.h>
19 #include <netinet/ip.h>
20 #include <stdio.h>
21 #include <string.h>
22 #include <stdlib.h>
23 #ifndef	linux
24 #include <netinet/ip_var.h>
25 #endif
26 #include <netinet/tcp.h>
27 #include <arpa/inet.h>
28 #include "ipsend.h"
29 
30 
31 #ifndef	__P
32 # ifdef	__STDC__
33 #  define	__P(x)	x
34 # else
35 #  define	__P(x)	()
36 # endif
37 #endif
38 
39 
40 struct ipopt_names ionames[] = {
41 	{ IPOPT_EOL,	0x01,	1, "eol" },
42 	{ IPOPT_NOP,	0x02,	1, "nop" },
43 	{ IPOPT_RR,	0x04,	3, "rr" },	/* 1 route */
44 	{ IPOPT_TS,	0x08,	8, "ts" },	/* 1 TS */
45 	{ IPOPT_SECURITY, 0x08,	11, "sec-level" },
46 	{ IPOPT_LSRR,	0x10,	7, "lsrr" },	/* 1 route */
47 	{ IPOPT_SATID,	0x20,	4, "satid" },
48 	{ IPOPT_SSRR,	0x40,	7, "ssrr" },	/* 1 route */
49 	{ 0, 0, 0, NULL }	/* must be last */
50 };
51 
52 struct	ipopt_names secnames[] = {
53 	{ IPOPT_SECUR_UNCLASS,	0x0100,	0, "unclass" },
54 	{ IPOPT_SECUR_CONFID,	0x0200,	0, "confid" },
55 	{ IPOPT_SECUR_EFTO,	0x0400,	0, "efto" },
56 	{ IPOPT_SECUR_MMMM,	0x0800,	0, "mmmm" },
57 	{ IPOPT_SECUR_RESTR,	0x1000,	0, "restr" },
58 	{ IPOPT_SECUR_SECRET,	0x2000,	0, "secret" },
59 	{ IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" },
60 	{ 0, 0, 0, NULL }	/* must be last */
61 };
62 
63 
ipseclevel(slevel)64 u_short ipseclevel(slevel)
65 	char *slevel;
66 {
67 	struct ipopt_names *so;
68 
69 	for (so = secnames; so->on_name; so++)
70 		if (!strcasecmp(slevel, so->on_name))
71 			break;
72 
73 	if (!so->on_name) {
74 		fprintf(stderr, "no such security level: %s\n", slevel);
75 		return 0;
76 	}
77 	return so->on_value;
78 }
79 
80 
addipopt(op,io,len,class)81 int addipopt(op, io, len, class)
82 	char *op;
83 	struct ipopt_names *io;
84 	int len;
85 	char *class;
86 {
87 	struct in_addr ipadr;
88 	int olen = len, srr = 0;
89 	u_short val;
90 	u_char lvl;
91 	char *s = op, *t;
92 
93 	if ((len + io->on_siz) > 48) {
94 		fprintf(stderr, "options too long\n");
95 		return 0;
96 	}
97 	len += io->on_siz;
98 	*op++ = io->on_value;
99 	if (io->on_siz > 1) {
100 		/*
101 		 * Allow option to specify RR buffer length in bytes.
102 		 */
103 		if (io->on_value == IPOPT_RR) {
104 			val = (class && *class) ? atoi(class) : 4;
105 			*op++ = val + io->on_siz;
106 			len += val;
107 		} else
108 			*op++ = io->on_siz;
109 		if (io->on_value == IPOPT_TS)
110 			*op++ = IPOPT_MINOFF + 1;
111 		else
112 			*op++ = IPOPT_MINOFF;
113 
114 		while (class && *class) {
115 			t = NULL;
116 			switch (io->on_value)
117 			{
118 			case IPOPT_SECURITY :
119 				lvl = ipseclevel(class);
120 				*(op - 1) = lvl;
121 				break;
122 			case IPOPT_LSRR :
123 			case IPOPT_SSRR :
124 				if ((t = strchr(class, ',')))
125 					*t = '\0';
126 				ipadr.s_addr = inet_addr(class);
127 				srr++;
128 				bcopy((char *)&ipadr, op, sizeof(ipadr));
129 				op += sizeof(ipadr);
130 				break;
131 			case IPOPT_SATID :
132 				val = atoi(class);
133 				bcopy((char *)&val, op, 2);
134 				break;
135 			}
136 
137 			if (t)
138 				*t++ = ',';
139 			class = t;
140 		}
141 		if (srr)
142 			s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr;
143 		if (io->on_value == IPOPT_RR)
144 			op += val;
145 		else
146 			op += io->on_siz - 3;
147 	}
148 	return len - olen;
149 }
150 
151 
buildopts(cp,op,len)152 u_32_t buildopts(cp, op, len)
153 	char *cp, *op;
154 	int len;
155 {
156 	struct ipopt_names *io;
157 	u_32_t msk = 0;
158 	char *s, *t;
159 	int inc, lastop = -1;
160 
161 	for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
162 		if ((t = strchr(s, '=')))
163 			*t++ = '\0';
164 		for (io = ionames; io->on_name; io++) {
165 			if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
166 				continue;
167 			lastop = io->on_value;
168 			if ((inc = addipopt(op, io, len, t))) {
169 				op += inc;
170 				len += inc;
171 			}
172 			msk |= io->on_bit;
173 			break;
174 		}
175 		if (!io->on_name) {
176 			fprintf(stderr, "unknown IP option name %s\n", s);
177 			return 0;
178 		}
179 	}
180 
181 	if (len & 3) {
182 		while (len & 3) {
183 			*op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP;
184 			len++;
185 		}
186 	} else {
187 		if (lastop != IPOPT_EOL) {
188 			if (lastop == IPOPT_NOP)
189 				*(op - 1) = IPOPT_EOL;
190 			else {
191 				*op++ = IPOPT_NOP;
192 				*op++ = IPOPT_NOP;
193 				*op++ = IPOPT_NOP;
194 				*op = IPOPT_EOL;
195 				len += 4;
196 			}
197 		}
198 	}
199 	return len;
200 }
201