1*2f1aa25bSmpi /* $OpenBSD: sysdep.c,v 1.38 2018/01/15 09:54:48 mpi Exp $ */
2b2e70f0cSniklas /* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */
32142ce36Sniklas
42142ce36Sniklas /*
50ec1a137Sniklas * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
62142ce36Sniklas *
72142ce36Sniklas * Redistribution and use in source and binary forms, with or without
82142ce36Sniklas * modification, are permitted provided that the following conditions
92142ce36Sniklas * are met:
102142ce36Sniklas * 1. Redistributions of source code must retain the above copyright
112142ce36Sniklas * notice, this list of conditions and the following disclaimer.
122142ce36Sniklas * 2. Redistributions in binary form must reproduce the above copyright
132142ce36Sniklas * notice, this list of conditions and the following disclaimer in the
142142ce36Sniklas * documentation and/or other materials provided with the distribution.
152142ce36Sniklas *
162142ce36Sniklas * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
172142ce36Sniklas * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
182142ce36Sniklas * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
192142ce36Sniklas * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
202142ce36Sniklas * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
212142ce36Sniklas * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
222142ce36Sniklas * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
232142ce36Sniklas * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
242142ce36Sniklas * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
252142ce36Sniklas * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
262142ce36Sniklas */
272142ce36Sniklas
282142ce36Sniklas /*
292142ce36Sniklas * This code was written under funding by Ericsson Radio Systems.
302142ce36Sniklas */
312142ce36Sniklas
322142ce36Sniklas #include <sys/types.h>
332142ce36Sniklas #include <sys/socket.h>
342142ce36Sniklas #include <netinet/in.h>
352142ce36Sniklas #include <arpa/inet.h>
362142ce36Sniklas #include <stdlib.h>
372142ce36Sniklas #include <string.h>
38ae5feee3Smillert #include <errno.h>
392142ce36Sniklas
403a722197Shshoexer #include "app.h"
413a722197Shshoexer #include "log.h"
42da35d433Sho #include "monitor.h"
4336e96ecbSniklas #include "util.h"
4436e96ecbSniklas
45e0d722f1Sho
462142ce36Sniklas /* Force communication on socket FD to go in the clear. */
472142ce36Sniklas int
sysdep_cleartext(int fd,int af)4864528339Sho sysdep_cleartext(int fd, int af)
492142ce36Sniklas {
5064528339Sho int level, sw;
51932f6869Sniklas struct {
5264528339Sho int ip_proto; /* IP protocol */
5364528339Sho int auth_level;
5464528339Sho int esp_trans_level;
5564528339Sho int esp_network_level;
56932f6869Sniklas int ipcomp_level;
57fb9475d6Sderaadt } optsw[] = {
58b2a621aaSniklas {
59b2a621aaSniklas IPPROTO_IP,
60b2a621aaSniklas IP_AUTH_LEVEL,
61b2a621aaSniklas IP_ESP_TRANS_LEVEL,
62b2a621aaSniklas IP_ESP_NETWORK_LEVEL,
63b2a621aaSniklas #ifdef IP_IPCOMP_LEVEL
64b2a621aaSniklas IP_IPCOMP_LEVEL
65b2a621aaSniklas #else
66b2a621aaSniklas 0
67b2a621aaSniklas #endif
68fb9475d6Sderaadt }, {
69b2a621aaSniklas IPPROTO_IPV6,
70b2a621aaSniklas IPV6_AUTH_LEVEL,
71b2a621aaSniklas IPV6_ESP_TRANS_LEVEL,
72b2a621aaSniklas IPV6_ESP_NETWORK_LEVEL,
73b2a621aaSniklas #ifdef IPV6_IPCOMP_LEVEL
74b2a621aaSniklas IPV6_IPCOMP_LEVEL
75b2a621aaSniklas #else
76b2a621aaSniklas 0
77b2a621aaSniklas #endif
78b2a621aaSniklas },
7964528339Sho };
802142ce36Sniklas
812142ce36Sniklas if (app_none)
822142ce36Sniklas return 0;
832142ce36Sniklas
84fb9475d6Sderaadt switch (af) {
8564528339Sho case AF_INET:
8664528339Sho sw = 0;
8764528339Sho break;
8864528339Sho case AF_INET6:
8964528339Sho sw = 1;
9064528339Sho break;
9164528339Sho default:
9264528339Sho log_print("sysdep_cleartext: unsupported protocol family %d", af);
9364528339Sho return -1;
9464528339Sho }
9564528339Sho
962142ce36Sniklas /*
972142ce36Sniklas * Need to bypass system security policy, so I can send and
982142ce36Sniklas * receive key management datagrams in the clear.
992142ce36Sniklas */
1002142ce36Sniklas level = IPSEC_LEVEL_BYPASS;
101da35d433Sho if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].auth_level,
102fb9475d6Sderaadt (char *) &level, sizeof level) == -1) {
1032142ce36Sniklas log_error("sysdep_cleartext: "
10464528339Sho "setsockopt (%d, %d, IP_AUTH_LEVEL, ...) failed", fd,
10564528339Sho optsw[sw].ip_proto);
1062142ce36Sniklas return -1;
1072142ce36Sniklas }
108da35d433Sho if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].esp_trans_level,
109fb9475d6Sderaadt (char *) &level, sizeof level) == -1) {
1102142ce36Sniklas log_error("sysdep_cleartext: "
11163230b17Sniklas "setsockopt (%d, %d, IP_ESP_TRANS_LEVEL, ...) failed", fd,
11263230b17Sniklas optsw[sw].ip_proto);
11364528339Sho return -1;
11464528339Sho }
115da35d433Sho if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].esp_network_level,
116fb9475d6Sderaadt (char *) &level, sizeof level) == -1) {
11764528339Sho log_error("sysdep_cleartext: "
11863230b17Sniklas "setsockopt (%d, %d, IP_ESP_NETWORK_LEVEL, ...) failed", fd,
11963230b17Sniklas optsw[sw].ip_proto);
1202142ce36Sniklas return -1;
1212142ce36Sniklas }
122fb9475d6Sderaadt if (optsw[sw].ipcomp_level &&
123fb9475d6Sderaadt monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].ipcomp_level,
124fb9475d6Sderaadt (char *) &level, sizeof level) == -1 &&
125fb9475d6Sderaadt errno != ENOPROTOOPT) {
126932f6869Sniklas log_error("sysdep_cleartext: "
12795ce5748Sniklas "setsockopt (%d, %d, IP_IPCOMP_LEVEL, ...) failed,", fd,
128932f6869Sniklas optsw[sw].ip_proto);
129932f6869Sniklas return -1;
130932f6869Sniklas }
1312142ce36Sniklas return 0;
1322142ce36Sniklas }
133