4 * Copyright (C) 2012 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
10 static const char sccsid[] = "@(#)ipsopt.c 1.2 1/11/96 (C)1995 Darren Reed";
11 static const char rcsid[] = "@(#)$Id$";
13 #include <sys/param.h>
14 #include <sys/types.h>
16 #include <sys/socket.h>
17 #include <netinet/in.h>
18 #include <netinet/in_systm.h>
19 #include <netinet/ip.h>
23 #include <netinet/ip_var.h>
24 #include <netinet/tcp.h>
25 #include <arpa/inet.h>
34 struct ipopt_names ionames[] = {
35 { IPOPT_EOL, 0x01, 1, "eol" },
36 { IPOPT_NOP, 0x02, 1, "nop" },
37 { IPOPT_RR, 0x04, 3, "rr" }, /* 1 route */
38 { IPOPT_TS, 0x08, 8, "ts" }, /* 1 TS */
39 { IPOPT_SECURITY, 0x08, 11, "sec-level" },
40 { IPOPT_LSRR, 0x10, 7, "lsrr" }, /* 1 route */
41 { IPOPT_SATID, 0x20, 4, "satid" },
42 { IPOPT_SSRR, 0x40, 7, "ssrr" }, /* 1 route */
43 { 0, 0, 0, NULL } /* must be last */
46 struct ipopt_names secnames[] = {
47 { IPOPT_SECUR_UNCLASS, 0x0100, 0, "unclass" },
48 { IPOPT_SECUR_CONFID, 0x0200, 0, "confid" },
49 { IPOPT_SECUR_EFTO, 0x0400, 0, "efto" },
50 { IPOPT_SECUR_MMMM, 0x0800, 0, "mmmm" },
51 { IPOPT_SECUR_RESTR, 0x1000, 0, "restr" },
52 { IPOPT_SECUR_SECRET, 0x2000, 0, "secret" },
53 { IPOPT_SECUR_TOPSECRET, 0x4000,0, "topsecret" },
54 { 0, 0, 0, NULL } /* must be last */
58 u_short ipseclevel(slevel)
61 struct ipopt_names *so;
63 for (so = secnames; so->on_name; so++)
64 if (!strcasecmp(slevel, so->on_name))
68 fprintf(stderr, "no such security level: %s\n", slevel);
75 int addipopt(op, io, len, class)
77 struct ipopt_names *io;
82 int olen = len, srr = 0;
87 if ((len + io->on_siz) > 48) {
88 fprintf(stderr, "options too long\n");
95 * Allow option to specify RR buffer length in bytes.
97 if (io->on_value == IPOPT_RR) {
98 val = (class && *class) ? atoi(class) : 4;
99 *op++ = val + io->on_siz;
103 if (io->on_value == IPOPT_TS)
104 *op++ = IPOPT_MINOFF + 1;
106 *op++ = IPOPT_MINOFF;
108 while (class && *class) {
110 switch (io->on_value)
112 case IPOPT_SECURITY :
113 lvl = ipseclevel(class);
118 if ((t = strchr(class, ',')))
120 ipadr.s_addr = inet_addr(class);
122 bcopy((char *)&ipadr, op, sizeof(ipadr));
127 bcopy((char *)&val, op, 2);
136 s[IPOPT_OLEN] = IPOPT_MINOFF - 1 + 4 * srr;
137 if (io->on_value == IPOPT_RR)
140 op += io->on_siz - 3;
146 u_32_t buildopts(cp, op, len)
150 struct ipopt_names *io;
153 int inc, lastop = -1;
155 for (s = strtok(cp, ","); s; s = strtok(NULL, ",")) {
156 if ((t = strchr(s, '=')))
158 for (io = ionames; io->on_name; io++) {
159 if (strcasecmp(s, io->on_name) || (msk & io->on_bit))
161 lastop = io->on_value;
162 if ((inc = addipopt(op, io, len, t))) {
170 fprintf(stderr, "unknown IP option name %s\n", s);
177 *op++ = ((len & 3) == 3) ? IPOPT_EOL : IPOPT_NOP;
181 if (lastop != IPOPT_EOL) {
182 if (lastop == IPOPT_NOP)
183 *(op - 1) = IPOPT_EOL;