10a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $NetBSD: test-policy.c,v 1.4 2006/09/09 16:22:09 manu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $KAME: test-policy.c,v 1.16 2003/08/26 03:24:08 itojun Exp $ */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/in.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <net/pfkeyv2.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netinet/ipsec.h> 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdio.h> 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <err.h> 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "libpfkey.h" 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstruct req_t { 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int result; /* expected result; 0:ok 1:ng */ 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *str; 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} reqs[] = { 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "out ipsec" }, 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "must_error" }, 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "in ipsec must_error" }, 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "out ipsec esp/must_error" }, 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "out discard" }, 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "out none" }, 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in entrust" }, 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "out entrust" }, 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "out ipsec esp" }, 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in ipsec ah/transport" }, 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "in ipsec ah/tunnel" }, 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "out ipsec ah/transport/" }, 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "out ipsec ah/tunnel/" }, 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" }, 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in ipsec esp/tunnel/::1-::2" }, 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "in ipsec esp/tunnel/10.0.0.1-::2" }, 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in ipsec esp/tunnel/::1-::2/require" }, 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "out ipsec ah/transport//use" }, 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "out ipsec ah/transport esp/use" }, 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1, "in ipsec ah/transport esp/tunnel" }, 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in ipsec ah/transport esp/tunnel/::1-::1" }, 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "in ipsec 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ah / transport 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang esp / tunnel / ::1-::2" }, 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "out ipsec 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ah/transport/::1-::2 esp/tunnel/::3-::4/use ah/transport/::5-::6/require 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang " }, 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 0, "out ipsec esp/transport/fec0::10-fec0::11/use" }, 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint test1 __P((void)); 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint test1sub1 __P((struct req_t *)); 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint test1sub2 __P((char *, int)); 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint test2 __P((void)); 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint test2sub __P((int)); 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangmain(ac, av) 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ac; 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char **av; 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang test1(); 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang test2(); 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang exit(0); 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangtest1() 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int i; 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int result; 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("TEST1\n"); 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < sizeof(reqs)/sizeof(reqs[0]); i++) { 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("#%d [%s]\n", i + 1, reqs[i].str); 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang result = test1sub1(&reqs[i]); 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (result == 0 && reqs[i].result == 1) { 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang warnx("ERROR: expecting failure."); 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else if (result == 1 && reqs[i].result == 0) { 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang warnx("ERROR: expecting success."); 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangtest1sub1(req) 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct req_t *req; 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *buf; 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang buf = ipsec_set_policy(req->str, strlen(req->str)); 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (buf == NULL) { 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("ipsec_set_policy: %s\n", ipsec_strerror()); 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (test1sub2(buf, PF_INET) != 0 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang || test1sub2(buf, PF_INET6) != 0) { 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(buf); 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang kdebug_sadb_x_policy((struct sadb_ext *)buf); 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(buf); 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangtest1sub2(policy, family) 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *policy; 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int family; 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so; 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int proto = 0, optname = 0; 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len; 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char getbuf[1024]; 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (family) { 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PF_INET: 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang proto = IPPROTO_IP; 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang optname = IP_IPSEC_POLICY; 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case PF_INET6: 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang proto = IPPROTO_IPV6; 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang optname = IPV6_IPSEC_POLICY; 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((so = socket(family, SOCK_DGRAM, 0)) < 0) 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang err(1, "socket"); 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len = ipsec_get_policylen(policy); 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("\tsetlen:%d\n", len); 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (setsockopt(so, proto, optname, policy, len) < 0) { 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("fail to set sockopt; %s\n", strerror(errno)); 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close(so); 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memset(getbuf, 0, sizeof(getbuf)); 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(getbuf, policy, sizeof(struct sadb_x_policy)); 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (getsockopt(so, proto, optname, getbuf, &len) < 0) { 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("fail to get sockopt; %s\n", strerror(errno)); 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close(so); 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang { 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *buf = NULL; 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("\tgetlen:%d\n", len); 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((buf = ipsec_dump_policy(getbuf, NULL)) == NULL) { 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("%s\n", ipsec_strerror()); 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close(so); 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 1; 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("\t[%s]\n", buf); 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(buf); 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang close (so); 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 2130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangchar addr[] = { 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 28, 28, 0, 0, 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 0, 0, 0, 0, 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 0, 0, 0, 0, 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang}; 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangtest2() 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so; 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pol1 = "out ipsec"; 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *pol2 = "out ipsec ah/transport//use"; 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *sp1, *sp2; 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int splen1, splen2; 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int spid; 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sadb_msg *m; 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("TEST2\n"); 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (getuid() != 0) 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "root privilege required."); 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sp1 = ipsec_set_policy(pol1, strlen(pol1)); 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splen1 = ipsec_get_policylen(sp1); 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sp2 = ipsec_set_policy(pol2, strlen(pol2)); 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang splen2 = ipsec_get_policylen(sp2); 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((so = pfkey_open()) < 0) 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdflush()\n"); 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdflush(so) < 0) 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang m = pfkey_recv(so); 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(m); 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdsetidx()\n"); 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdsetidx(so, (struct sockaddr *)addr, 128, 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (struct sockaddr *)addr, 128, 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 255, sp1, splen1, 0) < 0) 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang m = pfkey_recv(so); 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(m); 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdupdate()\n"); 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128, 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (struct sockaddr *)addr, 128, 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 255, sp2, splen2, 0) < 0) 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang m = pfkey_recv(so); 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(m); 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("sleep(4)\n"); 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sleep(4); 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spddelete()\n"); 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spddelete(so, (struct sockaddr *)addr, 128, 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (struct sockaddr *)addr, 128, 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 255, sp1, splen1, 0) < 0) 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang m = pfkey_recv(so); 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(m); 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdadd()\n"); 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdadd(so, (struct sockaddr *)addr, 128, 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (struct sockaddr *)addr, 128, 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 255, sp2, splen2, 0) < 0) 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang spid = test2sub(so); 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdget(%u)\n", spid); 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdget(so, spid) < 0) 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang m = pfkey_recv(so); 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(m); 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("sleep(4)\n"); 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sleep(4); 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spddelete2()\n"); 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spddelete2(so, spid) < 0) 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang m = pfkey_recv(so); 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang free(m); 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdadd() with lifetime's 10(s)\n"); 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdadd2(so, (struct sockaddr *)addr, 128, 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (struct sockaddr *)addr, 128, 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 255, 0, 10, sp2, splen2, 0) < 0) 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: %s", ipsec_strerror()); 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang spid = test2sub(so); 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* expecting failure */ 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang printf("spdupdate()\n"); 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_send_spdupdate(so, (struct sockaddr *)addr, 128, 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (struct sockaddr *)addr, 128, 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 255, sp2, splen2, 0) == 0) { 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang warnx("ERROR: expecting failure."); 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangtest2sub(so) 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int so; 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sadb_msg *msg; 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang caddr_t mhp[SADB_EXT_MAX + 1]; 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if ((msg = pfkey_recv(so)) == NULL) 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: pfkey_recv failure."); 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (pfkey_align(msg, mhp) < 0) 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang errx(1, "ERROR: pfkey_align failure."); 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return ((struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY])->sadb_x_policy_id; 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 333