Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	sbin/iked/util.c	Lines:	0	316	0.0 %
Date:	2016-12-06	Branches:	0	222	0.0 %


/*	$OpenBSD: util.c,v 1.30 2015/11/23 19:28:34 reyk Exp $	*/

/*
 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/uio.h>

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#include <fcntl.h>
#include <ctype.h>
#include <event.h>

#include "iked.h"
#include "ikev2.h"

/* log.c */
extern int	 debug;
extern int	 verbose;

int
socket_af(struct sockaddr *sa, in_port_t port)
{
	errno = 0;
	switch (sa->sa_family) {
	case AF_INET:
		((struct sockaddr_in *)sa)->sin_port = port;
		((struct sockaddr_in *)sa)->sin_len =
		    sizeof(struct sockaddr_in);
		break;
	case AF_INET6:
		((struct sockaddr_in6 *)sa)->sin6_port = port;
		((struct sockaddr_in6 *)sa)->sin6_len =
		    sizeof(struct sockaddr_in6);
		break;
	default:
		errno = EPFNOSUPPORT;
		return (-1);
	}

	return (0);
}

in_port_t
socket_getport(struct sockaddr *sa)
{
	switch (sa->sa_family) {
	case AF_INET:
		return (ntohs(((struct sockaddr_in *)sa)->sin_port));
	case AF_INET6:
		return (ntohs(((struct sockaddr_in6 *)sa)->sin6_port));
	default:
		return (0);
	}

	/* NOTREACHED */
	return (0);
}

int
socket_setport(struct sockaddr *sa, in_port_t port)
{
	switch (sa->sa_family) {
	case AF_INET:
		((struct sockaddr_in *)sa)->sin_port = htons(port);
		break;
	case AF_INET6:
		((struct sockaddr_in6 *)sa)->sin6_port = htons(port);
		break;
	default:
		return (-1);
	}
	return (0);
}

int
socket_getaddr(int s, struct sockaddr_storage *ss)
{
	socklen_t sslen;

	return (getsockname(s, (struct sockaddr *)ss, &sslen));
}

int
socket_bypass(int s, struct sockaddr *sa)
{
	int	 v, *a;
	int	 a4[] = {
		    IPPROTO_IP,
		    IP_AUTH_LEVEL,
		    IP_ESP_TRANS_LEVEL,
		    IP_ESP_NETWORK_LEVEL,
#ifdef IPV6_IPCOMP_LEVEL
		    IP_IPCOMP_LEVEL
#endif
	};
	int	 a6[] = {
		    IPPROTO_IPV6,
		    IPV6_AUTH_LEVEL,
		    IPV6_ESP_TRANS_LEVEL,
		    IPV6_ESP_NETWORK_LEVEL,
#ifdef IPV6_IPCOMP_LEVEL
		    IPV6_IPCOMP_LEVEL
#endif
	};

	switch (sa->sa_family) {
	case AF_INET:
		a = a4;
		break;
	case AF_INET6:
		a = a6;
		break;
	default:
		log_warn("%s: invalid address family", __func__);
		return (-1);
	}

	v = IPSEC_LEVEL_BYPASS;
	if (setsockopt(s, a[0], a[1], &v, sizeof(v)) == -1) {
		log_warn("%s: AUTH_LEVEL", __func__);
		return (-1);
	}
	if (setsockopt(s, a[0], a[2], &v, sizeof(v)) == -1) {
		log_warn("%s: ESP_TRANS_LEVEL", __func__);
		return (-1);
	}
	if (setsockopt(s, a[0], a[3], &v, sizeof(v)) == -1) {
		log_warn("%s: ESP_NETWORK_LEVEL", __func__);
		return (-1);
	}
#ifdef IP_IPCOMP_LEVEL
	if (setsockopt(s, a[0], a[4], &v, sizeof(v)) == -1) {
		log_warn("%s: IPCOMP_LEVEL", __func__);
		return (-1);
	}
#endif

	return (0);
}

int
udp_bind(struct sockaddr *sa, in_port_t port)
{
	int	 s, val;

	if (socket_af(sa, port) == -1) {
		log_warn("%s: failed to set UDP port", __func__);
		return (-1);
	}

	if ((s = socket(sa->sa_family,
	    SOCK_DGRAM | SOCK_NONBLOCK, IPPROTO_UDP)) == -1) {
		log_warn("%s: failed to get UDP socket", __func__);
		return (-1);
	}

	/* Skip IPsec processing (don't encrypt) for IKE messages */
	if (socket_bypass(s, sa) == -1) {
		log_warn("%s: failed to bypass IPsec on IKE socket",
		    __func__);
		goto bad;
	}

	val = 1;
	if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1) {
		log_warn("%s: failed to set reuseport", __func__);
		goto bad;
	}
	val = 1;
	if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(int)) == -1) {
		log_warn("%s: failed to set reuseaddr", __func__);
		goto bad;
	}

	if (sa->sa_family == AF_INET) {
		val = 1;
		if (setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR,
		    &val, sizeof(int)) == -1) {
			log_warn("%s: failed to set IPv4 packet info",
			    __func__);
			goto bad;
		}
	} else {
		val = 1;
		if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO,
		    &val, sizeof(int)) == -1) {
			log_warn("%s: failed to set IPv6 packet info",
			    __func__);
			goto bad;
		}
	}

	if (bind(s, sa, sa->sa_len) == -1) {
		log_warn("%s: failed to bind UDP socket", __func__);
		goto bad;
	}

	return (s);
 bad:
	close(s);
	return (-1);
}

int
sockaddr_cmp(struct sockaddr *a, struct sockaddr *b, int prefixlen)
{
	struct sockaddr_in	*a4, *b4;
	struct sockaddr_in6	*a6, *b6;
	uint32_t		 av[4], bv[4], mv[4];

	if (a->sa_family == AF_UNSPEC || b->sa_family == AF_UNSPEC)
		return (0);
	else if (a->sa_family > b->sa_family)
		return (1);
	else if (a->sa_family < b->sa_family)
		return (-1);

	if (prefixlen == -1)
		memset(&mv, 0xff, sizeof(mv));

	switch (a->sa_family) {
	case AF_INET:
		a4 = (struct sockaddr_in *)a;
		b4 = (struct sockaddr_in *)b;

		av[0] = a4->sin_addr.s_addr;
		bv[0] = b4->sin_addr.s_addr;
		if (prefixlen != -1)
			mv[0] = prefixlen2mask(prefixlen);

		if ((av[0] & mv[0]) > (bv[0] & mv[0]))
			return (1);
		if ((av[0] & mv[0]) < (bv[0] & mv[0]))
			return (-1);
		break;
	case AF_INET6:
		a6 = (struct sockaddr_in6 *)a;
		b6 = (struct sockaddr_in6 *)b;

		memcpy(&av, &a6->sin6_addr.s6_addr, 16);
		memcpy(&bv, &b6->sin6_addr.s6_addr, 16);
		if (prefixlen != -1)
			prefixlen2mask6(prefixlen, mv);

		if ((av[3] & mv[3]) > (bv[3] & mv[3]))
			return (1);
		if ((av[3] & mv[3]) < (bv[3] & mv[3]))
			return (-1);
		if ((av[2] & mv[2]) > (bv[2] & mv[2]))
			return (1);
		if ((av[2] & mv[2]) < (bv[2] & mv[2]))
			return (-1);
		if ((av[1] & mv[1]) > (bv[1] & mv[1]))
			return (1);
		if ((av[1] & mv[1]) < (bv[1] & mv[1]))
			return (-1);
		if ((av[0] & mv[0]) > (bv[0] & mv[0]))
			return (1);
		if ((av[0] & mv[0]) < (bv[0] & mv[0]))
			return (-1);
		break;
	}

	return (0);
}

ssize_t
recvfromto(int s, void *buf, size_t len, int flags, struct sockaddr *from,
    socklen_t *fromlen, struct sockaddr *to, socklen_t *tolen)
{
	struct iovec		 iov;
	struct msghdr		 msg;
	struct cmsghdr		*cmsg;
	struct in6_pktinfo	*pkt6;
	struct sockaddr_in	*in;
	struct sockaddr_in6	*in6;
	ssize_t			 ret;
	union {
		struct cmsghdr hdr;
		char	buf[CMSG_SPACE(sizeof(struct sockaddr_storage))];
	} cmsgbuf;

	bzero(&msg, sizeof(msg));
	bzero(&cmsgbuf.buf, sizeof(cmsgbuf.buf));

	iov.iov_base = buf;
	iov.iov_len = len;
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;
	msg.msg_name = from;
	msg.msg_namelen = *fromlen;
	msg.msg_control = &cmsgbuf.buf;
	msg.msg_controllen = sizeof(cmsgbuf.buf);

	if ((ret = recvmsg(s, &msg, 0)) == -1)
		return (-1);

	*fromlen = from->sa_len;
	*tolen = 0;

	if (getsockname(s, to, tolen) != 0)
		*tolen = 0;

	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
	    cmsg = CMSG_NXTHDR(&msg, cmsg)) {
		switch (from->sa_family) {
		case AF_INET:
			if (cmsg->cmsg_level == IPPROTO_IP &&
			    cmsg->cmsg_type == IP_RECVDSTADDR) {
				in = (struct sockaddr_in *)to;
				in->sin_family = AF_INET;
				in->sin_len = *tolen = sizeof(*in);
				memcpy(&in->sin_addr, CMSG_DATA(cmsg),
				    sizeof(struct in_addr));
			}
			break;
		case AF_INET6:
			if (cmsg->cmsg_level == IPPROTO_IPV6 &&
			    cmsg->cmsg_type == IPV6_PKTINFO) {
				in6 = (struct sockaddr_in6 *)to;
				in6->sin6_family = AF_INET6;
				in6->sin6_len = *tolen = sizeof(*in6);
				pkt6 = (struct in6_pktinfo *)CMSG_DATA(cmsg);
				memcpy(&in6->sin6_addr, &pkt6->ipi6_addr,
				    sizeof(struct in6_addr));
				if (IN6_IS_ADDR_LINKLOCAL(&in6->sin6_addr))
					in6->sin6_scope_id =
					    pkt6->ipi6_ifindex;
			}
			break;
		}
	}

	return (ret);
}

const char *
print_spi(uint64_t spi, int size)
{
	static char		 buf[IKED_CYCLE_BUFFERS][32];
	static int		 i = 0;
	char			*ptr;

	ptr = buf[i];

	switch (size) {
	case 2:
		snprintf(ptr, 32, "0x%04x", (uint16_t)spi);
		break;
	case 4:
		snprintf(ptr, 32, "0x%08x", (uint32_t)spi);
		break;
	case 8:
		snprintf(ptr, 32, "0x%016llx", spi);
		break;
	default:
		snprintf(ptr, 32, "%llu", spi);
		break;
	}

	if (++i >= IKED_CYCLE_BUFFERS)
		i = 0;

	return (ptr);
}

const char *
print_map(unsigned int type, struct iked_constmap *map)
{
	unsigned int		 i;
	static char		 buf[IKED_CYCLE_BUFFERS][32];
	static int		 idx = 0;
	const char		*name = NULL;

	if (idx >= IKED_CYCLE_BUFFERS)
		idx = 0;
	bzero(buf[idx], sizeof(buf[idx]));

	for (i = 0; map[i].cm_name != NULL; i++) {
		if (map[i].cm_type == type)
			name = map[i].cm_name;
	}

	if (name == NULL)
		snprintf(buf[idx], sizeof(buf[idx]), "<UNKNOWN:%u>", type);
	else
		strlcpy(buf[idx], name, sizeof(buf[idx]));

	return (buf[idx++]);
}

void
lc_string(char *str)
{
	for (; *str != '\0'; str++)
		*str = tolower((unsigned char)*str);
}

void
print_hex(uint8_t *buf, off_t offset, size_t length)
{
	unsigned int	 i;
	extern int	 verbose;

	if (verbose < 3 || !length)
		return;

	for (i = 0; i < length; i++) {
		if (i && (i % 4) == 0) {
			if ((i % 32) == 0)
				print_debug("\n");
			else
				print_debug(" ");
		}
		print_debug("%02x", buf[offset + i]);
	}
	print_debug("\n");
}

void
print_hexval(uint8_t *buf, off_t offset, size_t length)
{
	unsigned int	 i;
	extern int	 verbose;

	if (verbose < 2 || !length)
		return;

	print_debug("0x");
	for (i = 0; i < length; i++)
		print_debug("%02x", buf[offset + i]);
	print_debug("\n");
}

const char *
print_bits(unsigned short v, unsigned char *bits)
{
	static char	 buf[IKED_CYCLE_BUFFERS][BUFSIZ];
	static int	 idx = 0;
	unsigned int	 i, any = 0, j = 0;
	unsigned char	 c;

	if (!bits)
		return ("");

	if (++idx >= IKED_CYCLE_BUFFERS)
		idx = 0;

	bzero(buf[idx], sizeof(buf[idx]));

	bits++;
	while ((i = *bits++)) {
		if (v & (1 << (i-1))) {
			if (any) {
				buf[idx][j++] = ',';
				if (j >= sizeof(buf[idx]))
					return (buf[idx]);
			}
			any = 1;
			for (; (c = *bits) > 32; bits++) {
				buf[idx][j++] = tolower((unsigned char)c);
				if (j >= sizeof(buf[idx]))
					return (buf[idx]);
			}
		} else
			for (; *bits > 32; bits++)
				;
	}

	return (buf[idx]);
}

uint8_t
mask2prefixlen(struct sockaddr *sa)
{
	struct sockaddr_in	*sa_in = (struct sockaddr_in *)sa;
	in_addr_t		 ina = sa_in->sin_addr.s_addr;

	if (ina == 0)
		return (0);
	else
		return (33 - ffs(ntohl(ina)));
}

uint8_t
mask2prefixlen6(struct sockaddr *sa)
{
	struct sockaddr_in6	*sa_in6 = (struct sockaddr_in6 *)sa;
	uint8_t			 l = 0, *ap, *ep;

	/*
	 * sin6_len is the size of the sockaddr so substract the offset of
	 * the possibly truncated sin6_addr struct.
	 */
	ap = (uint8_t *)&sa_in6->sin6_addr;
	ep = (uint8_t *)sa_in6 + sa_in6->sin6_len;
	for (; ap < ep; ap++) {
		/* this "beauty" is adopted from sbin/route/show.c ... */
		switch (*ap) {
		case 0xff:
			l += 8;
			break;
		case 0xfe:
			l += 7;
			return (l);
		case 0xfc:
			l += 6;
			return (l);
		case 0xf8:
			l += 5;
			return (l);
		case 0xf0:
			l += 4;
			return (l);
		case 0xe0:
			l += 3;
			return (l);
		case 0xc0:
			l += 2;
			return (l);
		case 0x80:
			l += 1;
			return (l);
		case 0x00:
			return (l);
		default:
			return (0);
		}
	}

	return (l);
}

uint32_t
prefixlen2mask(uint8_t prefixlen)
{
	if (prefixlen == 0)
		return (0);

	if (prefixlen > 32)
		prefixlen = 32;

	return (htonl(0xffffffff << (32 - prefixlen)));
}

struct in6_addr *
prefixlen2mask6(uint8_t prefixlen, uint32_t *mask)
{
	static struct in6_addr  s6;
	int			i;

	if (prefixlen > 128)
		prefixlen = 128;

	bzero(&s6, sizeof(s6));
	for (i = 0; i < prefixlen / 8; i++)
		s6.s6_addr[i] = 0xff;
	i = prefixlen % 8;
	if (i)
		s6.s6_addr[prefixlen / 8] = 0xff00 >> i;

	memcpy(mask, &s6, sizeof(s6));

	return (&s6);
}

const char *
print_host(struct sockaddr *sa, char *buf, size_t len)
{
	static char	sbuf[IKED_CYCLE_BUFFERS][NI_MAXHOST + 7];
	static int	idx = 0;
	char		pbuf[7];
	in_port_t	port;

	if (buf == NULL) {
		buf = sbuf[idx];
		len = sizeof(sbuf[idx]);
		if (++idx >= IKED_CYCLE_BUFFERS)
			idx = 0;
	}

	if (sa->sa_family == AF_UNSPEC) {
		strlcpy(buf, "any", len);
		return (buf);
	}

	if (getnameinfo(sa, sa->sa_len,
	    buf, len, NULL, 0, NI_NUMERICHOST) != 0) {
		buf[0] = '\0';
		return (NULL);
	}

	if ((port = socket_getport(sa)) != 0) {
		snprintf(pbuf, sizeof(pbuf), ":%d", port);
		(void)strlcat(buf, pbuf, len);
	}

	return (buf);
}

char *
get_string(uint8_t *ptr, size_t len)
{
	size_t	 i;

	for (i = 0; i < len; i++)
		if (!isprint(ptr[i]))
			break;

	return strndup(ptr, i);
}

const char *
print_proto(uint8_t proto)
{
	struct protoent *p;
	static char	 buf[IKED_CYCLE_BUFFERS][BUFSIZ];
	static int	 idx = 0;

	if (idx >= IKED_CYCLE_BUFFERS)
		idx = 0;

	if ((p = getprotobynumber(proto)) != NULL)
		strlcpy(buf[idx], p->p_name, sizeof(buf[idx]));
	else
		snprintf(buf[idx], sizeof(buf), "%u", proto);


	return (buf[idx++]);
}

int
expand_string(char *label, size_t len, const char *srch, const char *repl)
{
	char *tmp;
	char *p, *q;

	if ((tmp = calloc(1, len)) == NULL) {
		log_debug("expand_string: calloc");
		return (-1);
	}
	p = q = label;
	while ((q = strstr(p, srch)) != NULL) {
		*q = '\0';
		if ((strlcat(tmp, p, len) >= len) ||
		    (strlcat(tmp, repl, len) >= len)) {
			log_debug("expand_string: string too long");
			free(tmp);
			return (-1);
		}
		q += strlen(srch);
		p = q;
	}
	if (strlcat(tmp, p, len) >= len) {
		log_debug("expand_string: string too long");
		free(tmp);
		return (-1);
	}
	strlcpy(label, tmp, len);	/* always fits */
	free(tmp);

	return (0);
}

uint8_t *
string2unicode(const char *ascii, size_t *outlen)
{
	uint8_t		*uc = NULL;
	size_t		 i, len = strlen(ascii);

	if ((uc = calloc(1, (len * 2) + 2)) == NULL)
		return (NULL);

	for (i = 0; i < len; i++) {
		/* XXX what about the byte order? */
		uc[i * 2] = ascii[i];
	}
	*outlen = len * 2;

	return (uc);
}

void
print_debug(const char *emsg, ...)
{
	va_list	 ap;

	if (debug && verbose > 2) {
		va_start(ap, emsg);
		vfprintf(stderr, emsg, ap);
		va_end(ap);
	}
}

void
print_verbose(const char *emsg, ...)
{
	va_list	 ap;

	if (verbose) {
		va_start(ap, emsg);
		vfprintf(stderr, emsg, ap);
		va_end(ap);
	}
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: util.c,v 1.30 2015/11/23 19:28:34 reyk Exp $ */
2
3			/*
4			* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
5			*
6			* Permission to use, copy, modify, and distribute this software for any
7			* purpose with or without fee is hereby granted, provided that the above
8			* copyright notice and this permission notice appear in all copies.
9			*
10			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13			* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15			* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16			* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17			*/
18
19			#include <sys/types.h>
20			#include <sys/queue.h>
21			#include <sys/socket.h>
22			#include <sys/uio.h>
23
24			#include <netdb.h>
25			#include <stdio.h>
26			#include <stdlib.h>
27			#include <unistd.h>
28			#include <string.h>
29			#include <errno.h>
30			#include <limits.h>
31			#include <fcntl.h>
32			#include <ctype.h>
33			#include <event.h>
34
35			#include "iked.h"
36			#include "ikev2.h"
37
38			/* log.c */
39			extern int debug;
40			extern int verbose;
41
42			int
43			socket_af(struct sockaddr *sa, in_port_t port)
44			{
45			errno = 0;
46			switch (sa->sa_family) {
47			case AF_INET:
48			((struct sockaddr_in *)sa)->sin_port = port;
49			((struct sockaddr_in *)sa)->sin_len =
50			sizeof(struct sockaddr_in);
51			break;
52			case AF_INET6:
53			((struct sockaddr_in6 *)sa)->sin6_port = port;
54			((struct sockaddr_in6 *)sa)->sin6_len =
55			sizeof(struct sockaddr_in6);
56			break;
57			default:
58			errno = EPFNOSUPPORT;
59			return (-1);
60			}
61
62			return (0);
63			}
64
65			in_port_t
66			socket_getport(struct sockaddr *sa)
67			{
68			switch (sa->sa_family) {
69			case AF_INET:
70			return (ntohs(((struct sockaddr_in *)sa)->sin_port));
71			case AF_INET6:
72			return (ntohs(((struct sockaddr_in6 *)sa)->sin6_port));
73			default:
74			return (0);
75			}
76
77			/* NOTREACHED */
78			return (0);
79			}
80
81			int
82			socket_setport(struct sockaddr *sa, in_port_t port)
83			{
84			switch (sa->sa_family) {
85			case AF_INET:
86			((struct sockaddr_in *)sa)->sin_port = htons(port);
87			break;
88			case AF_INET6:
89			((struct sockaddr_in6 *)sa)->sin6_port = htons(port);
90			break;
91			default:
92			return (-1);
93			}
94			return (0);
95			}
96
97			int
98			socket_getaddr(int s, struct sockaddr_storage *ss)
99			{
100			socklen_t sslen;
101
102			return (getsockname(s, (struct sockaddr *)ss, &sslen));
103			}
104
105			int
106			socket_bypass(int s, struct sockaddr *sa)
107			{
108			int v, *a;
109			int a4[] = {
110			IPPROTO_IP,
111			IP_AUTH_LEVEL,
112			IP_ESP_TRANS_LEVEL,
113			IP_ESP_NETWORK_LEVEL,
114			#ifdef IPV6_IPCOMP_LEVEL
115			IP_IPCOMP_LEVEL
116			#endif
117			};
118			int a6[] = {
119			IPPROTO_IPV6,
120			IPV6_AUTH_LEVEL,
121			IPV6_ESP_TRANS_LEVEL,
122			IPV6_ESP_NETWORK_LEVEL,
123			#ifdef IPV6_IPCOMP_LEVEL
124			IPV6_IPCOMP_LEVEL
125			#endif
126			};
127
128			switch (sa->sa_family) {
129			case AF_INET:
130			a = a4;
131			break;
132			case AF_INET6:
133			a = a6;
134			break;
135			default:
136			log_warn("%s: invalid address family", __func__);
137			return (-1);
138			}
139
140			v = IPSEC_LEVEL_BYPASS;
141			if (setsockopt(s, a[0], a[1], &v, sizeof(v)) == -1) {
142			log_warn("%s: AUTH_LEVEL", __func__);
143			return (-1);
144			}
145			if (setsockopt(s, a[0], a[2], &v, sizeof(v)) == -1) {
146			log_warn("%s: ESP_TRANS_LEVEL", __func__);
147			return (-1);
148			}
149			if (setsockopt(s, a[0], a[3], &v, sizeof(v)) == -1) {
150			log_warn("%s: ESP_NETWORK_LEVEL", __func__);
151			return (-1);
152			}
153			#ifdef IP_IPCOMP_LEVEL
154			if (setsockopt(s, a[0], a[4], &v, sizeof(v)) == -1) {
155			log_warn("%s: IPCOMP_LEVEL", __func__);
156			return (-1);
157			}
158			#endif
159
160			return (0);
161			}
162
163			int
164			udp_bind(struct sockaddr *sa, in_port_t port)
165			{
166			int s, val;
167
168			if (socket_af(sa, port) == -1) {
169			log_warn("%s: failed to set UDP port", __func__);
170			return (-1);
171			}
172
173			if ((s = socket(sa->sa_family,
174			SOCK_DGRAM \| SOCK_NONBLOCK, IPPROTO_UDP)) == -1) {
175			log_warn("%s: failed to get UDP socket", __func__);
176			return (-1);
177			}
178
179			/* Skip IPsec processing (don't encrypt) for IKE messages */
180			if (socket_bypass(s, sa) == -1) {
181			log_warn("%s: failed to bypass IPsec on IKE socket",
182			__func__);
183			goto bad;
184			}
185
186			val = 1;
187			if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(int)) == -1) {
188			log_warn("%s: failed to set reuseport", __func__);
189			goto bad;
190			}
191			val = 1;
192			if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(int)) == -1) {
193			log_warn("%s: failed to set reuseaddr", __func__);
194			goto bad;
195			}
196
197			if (sa->sa_family == AF_INET) {
198			val = 1;
199			if (setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR,
200			&val, sizeof(int)) == -1) {
201			log_warn("%s: failed to set IPv4 packet info",
202			__func__);
203			goto bad;
204			}
205			} else {
206			val = 1;
207			if (setsockopt(s, IPPROTO_IPV6, IPV6_RECVPKTINFO,
208			&val, sizeof(int)) == -1) {
209			log_warn("%s: failed to set IPv6 packet info",
210			__func__);
211			goto bad;
212			}
213			}
214
215			if (bind(s, sa, sa->sa_len) == -1) {
216			log_warn("%s: failed to bind UDP socket", __func__);
217			goto bad;
218			}
219
220			return (s);
221			bad:
222			close(s);
223			return (-1);
224			}
225
226			int
227			sockaddr_cmp(struct sockaddr a, struct sockaddr b, int prefixlen)
228			{
229			struct sockaddr_in a4, b4;
230			struct sockaddr_in6 a6, b6;
231			uint32_t av[4], bv[4], mv[4];
232
233			if (a->sa_family == AF_UNSPEC \|\| b->sa_family == AF_UNSPEC)
234			return (0);
235			else if (a->sa_family > b->sa_family)
236			return (1);
237			else if (a->sa_family < b->sa_family)
238			return (-1);
239
240			if (prefixlen == -1)
241			memset(&mv, 0xff, sizeof(mv));
242
243			switch (a->sa_family) {
244			case AF_INET:
245			a4 = (struct sockaddr_in *)a;
246			b4 = (struct sockaddr_in *)b;
247
248			av[0] = a4->sin_addr.s_addr;
249			bv[0] = b4->sin_addr.s_addr;
250			if (prefixlen != -1)
251			mv[0] = prefixlen2mask(prefixlen);
252
253			if ((av[0] & mv[0]) > (bv[0] & mv[0]))
254			return (1);
255			if ((av[0] & mv[0]) < (bv[0] & mv[0]))
256			return (-1);
257			break;
258			case AF_INET6:
259			a6 = (struct sockaddr_in6 *)a;
260			b6 = (struct sockaddr_in6 *)b;
261
262			memcpy(&av, &a6->sin6_addr.s6_addr, 16);
263			memcpy(&bv, &b6->sin6_addr.s6_addr, 16);
264			if (prefixlen != -1)
265			prefixlen2mask6(prefixlen, mv);
266
267			if ((av[3] & mv[3]) > (bv[3] & mv[3]))
268			return (1);
269			if ((av[3] & mv[3]) < (bv[3] & mv[3]))
270			return (-1);
271			if ((av[2] & mv[2]) > (bv[2] & mv[2]))
272			return (1);
273			if ((av[2] & mv[2]) < (bv[2] & mv[2]))
274			return (-1);
275			if ((av[1] & mv[1]) > (bv[1] & mv[1]))
276			return (1);
277			if ((av[1] & mv[1]) < (bv[1] & mv[1]))
278			return (-1);
279			if ((av[0] & mv[0]) > (bv[0] & mv[0]))
280			return (1);
281			if ((av[0] & mv[0]) < (bv[0] & mv[0]))
282			return (-1);
283			break;
284			}
285
286			return (0);
287			}
288
289			ssize_t
290			recvfromto(int s, void buf, size_t len, int flags, struct sockaddr from,
291			socklen_t fromlen, struct sockaddr to, socklen_t *tolen)
292			{
293			struct iovec iov;
294			struct msghdr msg;
295			struct cmsghdr *cmsg;
296			struct in6_pktinfo *pkt6;
297			struct sockaddr_in *in;
298			struct sockaddr_in6 *in6;
299			ssize_t ret;
300			union {
301			struct cmsghdr hdr;
302			char buf[CMSG_SPACE(sizeof(struct sockaddr_storage))];
303			} cmsgbuf;
304
305			bzero(&msg, sizeof(msg));
306			bzero(&cmsgbuf.buf, sizeof(cmsgbuf.buf));
307
308			iov.iov_base = buf;
309			iov.iov_len = len;
310			msg.msg_iov = &iov;
311			msg.msg_iovlen = 1;
312			msg.msg_name = from;
313			msg.msg_namelen = *fromlen;
314			msg.msg_control = &cmsgbuf.buf;
315			msg.msg_controllen = sizeof(cmsgbuf.buf);
316
317			if ((ret = recvmsg(s, &msg, 0)) == -1)
318			return (-1);
319
320			*fromlen = from->sa_len;
321			*tolen = 0;
322
323			if (getsockname(s, to, tolen) != 0)
324			*tolen = 0;
325
326			for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
327			cmsg = CMSG_NXTHDR(&msg, cmsg)) {
328			switch (from->sa_family) {
329			case AF_INET:
330			if (cmsg->cmsg_level == IPPROTO_IP &&
331			cmsg->cmsg_type == IP_RECVDSTADDR) {
332			in = (struct sockaddr_in *)to;
333			in->sin_family = AF_INET;
334			in->sin_len = tolen = sizeof(in);
335			memcpy(&in->sin_addr, CMSG_DATA(cmsg),
336			sizeof(struct in_addr));
337			}
338			break;
339			case AF_INET6:
340			if (cmsg->cmsg_level == IPPROTO_IPV6 &&
341			cmsg->cmsg_type == IPV6_PKTINFO) {
342			in6 = (struct sockaddr_in6 *)to;
343			in6->sin6_family = AF_INET6;
344			in6->sin6_len = tolen = sizeof(in6);
345			pkt6 = (struct in6_pktinfo *)CMSG_DATA(cmsg);
346			memcpy(&in6->sin6_addr, &pkt6->ipi6_addr,
347			sizeof(struct in6_addr));
348			if (IN6_IS_ADDR_LINKLOCAL(&in6->sin6_addr))
349			in6->sin6_scope_id =
350			pkt6->ipi6_ifindex;
351			}
352			break;
353			}
354			}
355
356			return (ret);
357			}
358
359			const char *
360			print_spi(uint64_t spi, int size)
361			{
362			static char buf[IKED_CYCLE_BUFFERS][32];
363			static int i = 0;
364			char *ptr;
365
366			ptr = buf[i];
367
368			switch (size) {
369			case 2:
370			snprintf(ptr, 32, "0x%04x", (uint16_t)spi);
371			break;
372			case 4:
373			snprintf(ptr, 32, "0x%08x", (uint32_t)spi);
374			break;
375			case 8:
376			snprintf(ptr, 32, "0x%016llx", spi);
377			break;
378			default:
379			snprintf(ptr, 32, "%llu", spi);
380			break;
381			}
382
383			if (++i >= IKED_CYCLE_BUFFERS)
384			i = 0;
385
386			return (ptr);
387			}
388
389			const char *
390			print_map(unsigned int type, struct iked_constmap *map)
391			{
392			unsigned int i;
393			static char buf[IKED_CYCLE_BUFFERS][32];
394			static int idx = 0;
395			const char *name = NULL;
396
397			if (idx >= IKED_CYCLE_BUFFERS)
398			idx = 0;
399			bzero(buf[idx], sizeof(buf[idx]));
400
401			for (i = 0; map[i].cm_name != NULL; i++) {
402			if (map[i].cm_type == type)
403			name = map[i].cm_name;
404			}
405
406			if (name == NULL)
407			snprintf(buf[idx], sizeof(buf[idx]), "<UNKNOWN:%u>", type);
408			else
409			strlcpy(buf[idx], name, sizeof(buf[idx]));
410
411			return (buf[idx++]);
412			}
413
414			void
415			lc_string(char *str)
416			{
417			for (; *str != '\0'; str++)
418			str = tolower((unsigned char)str);
419			}
420
421			void
422			print_hex(uint8_t *buf, off_t offset, size_t length)
423			{
424			unsigned int i;
425			extern int verbose;
426
427			if (verbose < 3 \|\| !length)
428			return;
429
430			for (i = 0; i < length; i++) {
431			if (i && (i % 4) == 0) {
432			if ((i % 32) == 0)
433			print_debug("\n");
434			else
435			print_debug(" ");
436			}
437			print_debug("%02x", buf[offset + i]);
438			}
439			print_debug("\n");
440			}
441
442			void
443			print_hexval(uint8_t *buf, off_t offset, size_t length)
444			{
445			unsigned int i;
446			extern int verbose;
447
448			if (verbose < 2 \|\| !length)
449			return;
450
451			print_debug("0x");
452			for (i = 0; i < length; i++)
453			print_debug("%02x", buf[offset + i]);
454			print_debug("\n");
455			}
456
457			const char *
458			print_bits(unsigned short v, unsigned char *bits)
459			{
460			static char buf[IKED_CYCLE_BUFFERS][BUFSIZ];
461			static int idx = 0;
462			unsigned int i, any = 0, j = 0;
463			unsigned char c;
464
465			if (!bits)
466			return ("");
467
468			if (++idx >= IKED_CYCLE_BUFFERS)
469			idx = 0;
470
471			bzero(buf[idx], sizeof(buf[idx]));
472
473			bits++;
474			while ((i = *bits++)) {
475			if (v & (1 << (i-1))) {
476			if (any) {
477			buf[idx][j++] = ',';
478			if (j >= sizeof(buf[idx]))
479			return (buf[idx]);
480			}
481			any = 1;
482			for (; (c = *bits) > 32; bits++) {
483			buf[idx][j++] = tolower((unsigned char)c);
484			if (j >= sizeof(buf[idx]))
485			return (buf[idx]);
486			}
487			} else
488			for (; *bits > 32; bits++)
489			;
490			}
491
492			return (buf[idx]);
493			}
494
495			uint8_t
496			mask2prefixlen(struct sockaddr *sa)
497			{
498			struct sockaddr_in sa_in = (struct sockaddr_in )sa;
499			in_addr_t ina = sa_in->sin_addr.s_addr;
500
501			if (ina == 0)
502			return (0);
503			else
504			return (33 - ffs(ntohl(ina)));
505			}
506
507			uint8_t
508			mask2prefixlen6(struct sockaddr *sa)
509			{
510			struct sockaddr_in6 sa_in6 = (struct sockaddr_in6 )sa;
511			uint8_t l = 0, ap, ep;
512
513			/*
514			* sin6_len is the size of the sockaddr so substract the offset of
515			* the possibly truncated sin6_addr struct.
516			*/
517			ap = (uint8_t *)&sa_in6->sin6_addr;
518			ep = (uint8_t *)sa_in6 + sa_in6->sin6_len;
519			for (; ap < ep; ap++) {
520			/* this "beauty" is adopted from sbin/route/show.c ... */
521			switch (*ap) {
522			case 0xff:
523			l += 8;
524			break;
525			case 0xfe:
526			l += 7;
527			return (l);
528			case 0xfc:
529			l += 6;
530			return (l);
531			case 0xf8:
532			l += 5;
533			return (l);
534			case 0xf0:
535			l += 4;
536			return (l);
537			case 0xe0:
538			l += 3;
539			return (l);
540			case 0xc0:
541			l += 2;
542			return (l);
543			case 0x80:
544			l += 1;
545			return (l);
546			case 0x00:
547			return (l);
548			default:
549			return (0);
550			}
551			}
552
553			return (l);
554			}
555
556			uint32_t
557			prefixlen2mask(uint8_t prefixlen)
558			{
559			if (prefixlen == 0)
560			return (0);
561
562			if (prefixlen > 32)
563			prefixlen = 32;
564
565			return (htonl(0xffffffff << (32 - prefixlen)));
566			}
567
568			struct in6_addr *
569			prefixlen2mask6(uint8_t prefixlen, uint32_t *mask)
570			{
571			static struct in6_addr s6;
572			int i;
573
574			if (prefixlen > 128)
575			prefixlen = 128;
576
577			bzero(&s6, sizeof(s6));
578			for (i = 0; i < prefixlen / 8; i++)
579			s6.s6_addr[i] = 0xff;
580			i = prefixlen % 8;
581			if (i)
582			s6.s6_addr[prefixlen / 8] = 0xff00 >> i;
583
584			memcpy(mask, &s6, sizeof(s6));
585
586			return (&s6);
587			}
588
589			const char *
590			print_host(struct sockaddr sa, char buf, size_t len)
591			{
592			static char sbuf[IKED_CYCLE_BUFFERS][NI_MAXHOST + 7];
593			static int idx = 0;
594			char pbuf[7];
595			in_port_t port;
596
597			if (buf == NULL) {
598			buf = sbuf[idx];
599			len = sizeof(sbuf[idx]);
600			if (++idx >= IKED_CYCLE_BUFFERS)
601			idx = 0;
602			}
603
604			if (sa->sa_family == AF_UNSPEC) {
605			strlcpy(buf, "any", len);
606			return (buf);
607			}
608
609			if (getnameinfo(sa, sa->sa_len,
610			buf, len, NULL, 0, NI_NUMERICHOST) != 0) {
611			buf[0] = '\0';
612			return (NULL);
613			}
614
615			if ((port = socket_getport(sa)) != 0) {
616			snprintf(pbuf, sizeof(pbuf), ":%d", port);
617			(void)strlcat(buf, pbuf, len);
618			}
619
620			return (buf);
621			}
622
623			char *
624			get_string(uint8_t *ptr, size_t len)
625			{
626			size_t i;
627
628			for (i = 0; i < len; i++)
629			if (!isprint(ptr[i]))
630			break;
631
632			return strndup(ptr, i);
633			}
634
635			const char *
636			print_proto(uint8_t proto)
637			{
638			struct protoent *p;
639			static char buf[IKED_CYCLE_BUFFERS][BUFSIZ];
640			static int idx = 0;
641
642			if (idx >= IKED_CYCLE_BUFFERS)
643			idx = 0;
644
645			if ((p = getprotobynumber(proto)) != NULL)
646			strlcpy(buf[idx], p->p_name, sizeof(buf[idx]));
647			else
648			snprintf(buf[idx], sizeof(buf), "%u", proto);
649
650
651			return (buf[idx++]);
652			}
653
654			int
655			expand_string(char label, size_t len, const char srch, const char *repl)
656			{
657			char *tmp;
658			char p, q;
659
660			if ((tmp = calloc(1, len)) == NULL) {
661			log_debug("expand_string: calloc");
662			return (-1);
663			}
664			p = q = label;
665			while ((q = strstr(p, srch)) != NULL) {
666			*q = '\0';
667			if ((strlcat(tmp, p, len) >= len) \|\|
668			(strlcat(tmp, repl, len) >= len)) {
669			log_debug("expand_string: string too long");
670			free(tmp);
671			return (-1);
672			}
673			q += strlen(srch);
674			p = q;
675			}
676			if (strlcat(tmp, p, len) >= len) {
677			log_debug("expand_string: string too long");
678			free(tmp);
679			return (-1);
680			}
681			strlcpy(label, tmp, len); /* always fits */
682			free(tmp);
683
684			return (0);
685			}
686
687			uint8_t *
688			string2unicode(const char ascii, size_t outlen)
689			{
690			uint8_t *uc = NULL;
691			size_t i, len = strlen(ascii);
692
693			if ((uc = calloc(1, (len * 2) + 2)) == NULL)
694			return (NULL);
695
696			for (i = 0; i < len; i++) {
697			/* XXX what about the byte order? */
698			uc[i * 2] = ascii[i];
699			}
700			outlen = len 2;
701
702			return (uc);
703			}
704
705			void
706			print_debug(const char *emsg, ...)
707			{
708			va_list ap;
709
710			if (debug && verbose > 2) {
711			va_start(ap, emsg);
712			vfprintf(stderr, emsg, ap);
713			va_end(ap);
714			}
715			}
716
717			void
718			print_verbose(const char *emsg, ...)
719			{
720			va_list ap;
721
722			if (verbose) {
723			va_start(ap, emsg);
724			vfprintf(stderr, emsg, ap);
725			va_end(ap);
726			}
727			}