ipsec-292.tar.gz

[apple/ipsec.git] / ipsec-tools / setkey / setkey.c

diff --git a/ipsec-tools/setkey/setkey.c b/ipsec-tools/setkey/setkey.c
index 1c9445fdfb31f8c8a5148be9ab8c022f7ed18a16..972416d73b561fad81ff8c21869afbc350a892d7 100644 (file)
--- a/ipsec-tools/setkey/setkey.c
+++ b/ipsec-tools/setkey/setkey.c
@@ -41,11 +41,7 @@
 #include <sys/sysctl.h>
 #include <err.h>
 #include <netinet/in.h>
-#ifdef __APPLE__
-#include <System/net/pfkeyv2.h>
-#else
 #include <net/pfkeyv2.h>
-#endif
 #ifdef HAVE_NETINET6_IPSEC
 #  include <netinet6/ipsec.h>
 #else 
@@ -70,27 +66,29 @@
 #endif
 
 #include "config.h"
+#include "var.h"
 #include "libpfkey.h"
 //#include "package_version.h"
 #define extern /* so that variables in extern.h are not extern... */
 #include "extern.h"
-
-#define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0')
-
-void usage __P((/*int*/));
-int main __P((int, char **));
-int get_supported __P((void));
-void sendkeyshort __P((u_int));
-void promisc __P((void));
-int postproc __P((struct sadb_msg *, int));
-int verifypriority __P((struct sadb_msg *m));
-int fileproc __P((const char *));
-const char *numstr __P((int));
-void shortdump_hdr __P((void));
-void shortdump __P((struct sadb_msg *));
-static void printdate __P((void));
-static int32_t gmt2local __P((time_t));
-void stdin_loop __P((void));
+#include "ipsecPolicyTracer.h"
+#include "ipsecMessageTracer.h"
+
+
+void usage (/*int*/);
+int main (int, char **);
+int get_supported (void);
+void sendkeyshort (u_int);
+void promisc (void);
+int postproc (struct sadb_msg *, int);
+int verifypriority (struct sadb_msg *m);
+int fileproc (const char *);
+const char *numstr (int);
+void shortdump_hdr (void);
+void shortdump (struct sadb_msg *);
+static void printdate (void);
+static int32_t gmt2local (time_t);
+void stdin_loop (void);
 
 #define MODE_SCRIPT    1
 #define MODE_CMDDUMP   2
@@ -154,7 +152,7 @@ main(argc, argv)
        int c;
 
        if (argc == 1) {
-               usage(0);
+               usage();
                /* NOTREACHED */
        }
 
@@ -172,6 +170,10 @@ main(argc, argv)
                case 'f':
                        f_mode = MODE_SCRIPT;
                        if ((fp = fopen(optarg, "r")) == NULL) {
+                IPSECPOLICYTRACEREVENT(optarg,
+                                       IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                                       CONSTSTR("could not open policy file"),
+                                       CONSTSTR("setkey -f : fopen erred"));
                                err(1, "fopen");
                                /*NOTREACHED*/
                        }
@@ -225,7 +227,7 @@ main(argc, argv)
 #endif
                        break;
                case 'V':
-                       usage(1);
+                       usage();
                        break;
                        /*NOTREACHED*/
 #ifndef __NetBSD__
@@ -233,7 +235,7 @@ main(argc, argv)
 #endif
                case '?':
                default:
-                       usage(0);
+                       usage();
                        /*NOTREACHED*/
                }
        }
@@ -244,6 +246,10 @@ main(argc, argv)
        if (argc > 0) {
                while (argc--)
                        if (fileproc(*argv++) < 0) {
+                IPSECPOLICYTRACEREVENT(argv[-1],
+                                       IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                                       CONSTSTR("could not parse policy file"),
+                                       CONSTSTR("setkey: fileproc erred"));
                                err(1, "%s", argv[-1]);
                                /*NOTREACHED*/
                        }
@@ -252,6 +258,10 @@ main(argc, argv)
 
        so = pfkey_open();
        if (so < 0) {
+        IPSECPOLICYTRACEREVENT(argv[-1],
+                               IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                               CONSTSTR("couldn't open pfkey socket"),
+                               CONSTSTR("setkey: pfkey_open erred"));
                perror("pfkey_open");
                exit(1);
        }
@@ -273,6 +283,10 @@ main(argc, argv)
                break;
        case MODE_STDIN:
                if (get_supported() < 0) {
+            IPSECPOLICYTRACEREVENT("STDIN",
+                                   IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                                   CONSTSTR(ipsec_strerror()),
+                                   CONSTSTR("setkey: get_supported erred"));
                        errx(1, "%s", ipsec_strerror());
                        /*NOTREACHED*/
                }
@@ -282,7 +296,7 @@ main(argc, argv)
                promisc();
                /*NOTREACHED*/
        default:
-               usage(0);
+               usage();
                /*NOTREACHED*/
        }
 
@@ -320,8 +334,7 @@ stdin_loop()
 #else
                char rbuf[1024];
                rbuf[0] = '\0';
-               fgets (rbuf, sizeof(rbuf), stdin);
-               if (!rbuf[0])
+               if (fgets(rbuf, sizeof(rbuf), stdin) == NULL)
                        break;
                if (rbuf[strlen(rbuf)-1] == '\n')
                        rbuf[strlen(rbuf)-1] = '\0';
@@ -389,7 +402,10 @@ void
 promisc()
 {
        struct sadb_msg msg;
-       u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
+    union {                             // Wcast-align fix - force alignment
+        u_int64_t force_align;
+        u_char rbuf[1024 * 32];        /* XXX: Enough ? Should I do MSG_PEEK ? */
+    } u_buf;
        ssize_t l;
 
        msg.sadb_msg_version = PF_KEY_V2;
@@ -409,7 +425,7 @@ promisc()
        while (1) {
                struct sadb_msg *base;
 
-               if ((l = recv(so, rbuf, sizeof(*base), MSG_PEEK)) < 0) {
+               if ((l = recv(so, u_buf.rbuf, sizeof(*base), MSG_PEEK)) < 0) {
                        err(1, "recv");
                        /*NOTREACHED*/
                }
@@ -417,8 +433,8 @@ promisc()
                if (l != sizeof(*base))
                        continue;
 
-               base = (struct sadb_msg *)rbuf;
-               if ((l = recv(so, rbuf, PFKEY_UNUNIT64(base->sadb_msg_len),
+               base = (struct sadb_msg *)&u_buf;
+               if ((l = recv(so, u_buf.rbuf, PFKEY_UNUNIT64(base->sadb_msg_len),
                                0)) < 0) {
                        err(1, "recv");
                        /*NOTREACHED*/
@@ -429,7 +445,7 @@ promisc()
                        for (i = 0; i < l; i++) {
                                if (i % 16 == 0)
                                        printf("%08x: ", i);
-                               printf("%02x ", rbuf[i] & 0xff);
+                               printf("%02x ", u_buf.rbuf[i] & 0xff);
                                if (i % 16 == 15)
                                        printf("\n");
                        }
@@ -456,7 +472,10 @@ sendkeymsg(buf, len)
        char *buf;
        size_t len;
 {
-       u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
+    union {                             // Wcast-align fix - force alignment
+        u_int64_t force_align;
+        u_char rbuf[1024 * 32];        /* XXX: Enough ? Should I do MSG_PEEK ? */
+    } u_buf;
        ssize_t l;
        struct sadb_msg *msg;
 
@@ -478,7 +497,7 @@ sendkeymsg(buf, len)
                shortdump_hdr();
 again:
        if (f_verbose) {
-               kdebug_sadb((struct sadb_msg *)buf);
+               kdebug_sadb(ALIGNED_CAST(struct sadb_msg *)buf);    // Wcast-align fix - aligned message buffer
                printf("\n");
        }
        if (f_hexdump) {
@@ -499,9 +518,9 @@ again:
                goto end;
        }
 
-       msg = (struct sadb_msg *)rbuf;
+       msg = (struct sadb_msg *)&u_buf;
        do {
-               if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
+               if ((l = recv(so, u_buf.rbuf, sizeof(u_buf.rbuf), 0)) < 0) {
                        perror("recv");
                        goto end;
                }
@@ -512,7 +531,7 @@ again:
                }
 
                if (f_verbose) {
-                       kdebug_sadb((struct sadb_msg *)rbuf);
+                       kdebug_sadb((struct sadb_msg *)&u_buf);
                        printf("\n");
                }
                if (postproc(msg, l) < 0)
@@ -585,7 +604,7 @@ postproc(msg, len)
                        struct sadb_sa *sa;
                        pfkey_align(msg, mhp);
                        pfkey_check(mhp);
-                       if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
+                       if ((sa = ALIGNED_CAST(struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {     // Wcast-align (void*) - buffer of pointers to aligned structs in malloc'd buffer
                                if (sa->sadb_sa_state == SADB_SASTATE_DEAD)
                                        break;
                        }
@@ -599,8 +618,8 @@ postproc(msg, len)
                        else
                                pfkey_sadump(msg);
                }
-               msg = (struct sadb_msg *)((caddr_t)msg +
-                                    PFKEY_UNUNIT64(msg->sadb_msg_len));
+               msg = ALIGNED_CAST(struct sadb_msg *)((caddr_t)msg +
+                                    PFKEY_UNUNIT64(msg->sadb_msg_len));           // Wcast-align fix (void*) - aligned msg buffer passed into function
                if (f_verbose) {
                        kdebug_sadb((struct sadb_msg *)msg);
                        printf("\n");
@@ -620,7 +639,7 @@ postproc(msg, len)
                else
                        pfkey_spdump(msg);
                if (msg->sadb_msg_seq == 0) break;
-               msg = (struct sadb_msg *)((caddr_t)msg +
+               msg = ALIGNED_CAST(struct sadb_msg *)((caddr_t)msg +          // Wcast-align fix (void*) - aligned msg buffer passed into function
                                     PFKEY_UNUNIT64(msg->sadb_msg_len));
                if (f_verbose) {
                        kdebug_sadb((struct sadb_msg *)msg);
@@ -711,12 +730,12 @@ fileproc(filename)
        ep = rbuf + l;
 
        while (p < ep) {
-               msg = (struct sadb_msg *)p;
+               msg = ALIGNED_CAST(struct sadb_msg *)p;
                len = PFKEY_UNUNIT64(msg->sadb_msg_len);
                postproc(msg, len);
                p += len;
        }
-
+    
        return (0);
 }
 
@@ -783,15 +802,15 @@ shortdump(msg)
 
        printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype));
 
-       if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
+       if ((sa = ALIGNED_CAST(struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
                printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate));
                printf(" %08x", (u_int32_t)ntohl(sa->sadb_sa_spi));
        } else
                printf("%-1s %-8s", "?", "?");
 
-       lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
-       lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
-       ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
+       lts = ALIGNED_CAST(struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
+       lth = ALIGNED_CAST(struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
+       ltc = ALIGNED_CAST(struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
        if (lts && lth && ltc) {
                if (ltc->sadb_lifetime_addtime == 0)
                        t = (u_long)0;
@@ -814,11 +833,11 @@ shortdump(msg)
 
        printf(" ");
 
-       if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
+       if ((saddr = ALIGNED_CAST(struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
                if (saddr->sadb_address_proto)
                        printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
-               s = (struct sockaddr *)(saddr + 1);
-               getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
+               s = (struct sockaddr *)(saddr + 1);                      
+               getnameinfo(s, sysdep_sa_len((struct sockaddr *)s), buf, sizeof(buf),
                        pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
                if (strcmp(pbuf, "0") != 0)
                        printf("%s[%s]", buf, pbuf);
@@ -829,7 +848,7 @@ shortdump(msg)
 
        printf(" -> ");
 
-       if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
+       if ((saddr = ALIGNED_CAST(struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
                if (saddr->sadb_address_proto)
                        printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));