ipsec-292.tar.gz

[apple/ipsec.git] / ipsec-tools / setkey / setkey.c
diff --git a/ipsec-tools/setkey/setkey.c b/ipsec-tools/setkey/setkey.c

index 1c9445fdfb31f8c8a5148be9ab8c022f7ed18a16..972416d73b561fad81ff8c21869afbc350a892d7 100644 (file)
--- a/ipsec-tools/setkey/setkey.c
+++ b/ipsec-tools/setkey/setkey.c
@@ -41,11 +41,7 @@
  #include <sys/sysctl.h>
  #include <err.h>
  #include <netinet/in.h>
  #include <sys/sysctl.h>
  #include <err.h>
  #include <netinet/in.h>
-#ifdef __APPLE__
-#include <System/net/pfkeyv2.h>
-#else
  #include <net/pfkeyv2.h>
  #include <net/pfkeyv2.h>
-#endif
  #ifdef HAVE_NETINET6_IPSEC
  #  include <netinet6/ipsec.h>
  #else 
  #ifdef HAVE_NETINET6_IPSEC
  #  include <netinet6/ipsec.h>
  #else 
@@ -70,27 +66,29 @@
  #endif
  
  #include "config.h"
  #endif
  
  #include "config.h"
+#include "var.h"
  #include "libpfkey.h"
  //#include "package_version.h"
  #define extern /* so that variables in extern.h are not extern... */
  #include "extern.h"
  #include "libpfkey.h"
  //#include "package_version.h"
  #define extern /* so that variables in extern.h are not extern... */
  #include "extern.h"
-
-#define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0')
-
-void usage __P((/*int*/));
-int main __P((int, char **));
-int get_supported __P((void));
-void sendkeyshort __P((u_int));
-void promisc __P((void));
-int postproc __P((struct sadb_msg *, int));
-int verifypriority __P((struct sadb_msg *m));
-int fileproc __P((const char *));
-const char *numstr __P((int));
-void shortdump_hdr __P((void));
-void shortdump __P((struct sadb_msg *));
-static void printdate __P((void));
-static int32_t gmt2local __P((time_t));
-void stdin_loop __P((void));
+#include "ipsecPolicyTracer.h"
+#include "ipsecMessageTracer.h"
+
+
+void usage (/*int*/);
+int main (int, char **);
+int get_supported (void);
+void sendkeyshort (u_int);
+void promisc (void);
+int postproc (struct sadb_msg *, int);
+int verifypriority (struct sadb_msg *m);
+int fileproc (const char *);
+const char *numstr (int);
+void shortdump_hdr (void);
+void shortdump (struct sadb_msg *);
+static void printdate (void);
+static int32_t gmt2local (time_t);
+void stdin_loop (void);
  
  #define MODE_SCRIPT    1
  #define MODE_CMDDUMP   2
  
  #define MODE_SCRIPT    1
  #define MODE_CMDDUMP   2
@@ -154,7 +152,7 @@ main(argc, argv)
         int c;
  
         if (argc == 1) {
         int c;
  
         if (argc == 1) {
-               usage(0);
+               usage();
                 /* NOTREACHED */
         }
  
                 /* NOTREACHED */
         }
  
@@ -172,6 +170,10 @@ main(argc, argv)
                 case 'f':
                         f_mode = MODE_SCRIPT;
                         if ((fp = fopen(optarg, "r")) == NULL) {
                 case 'f':
                         f_mode = MODE_SCRIPT;
                         if ((fp = fopen(optarg, "r")) == NULL) {
+                IPSECPOLICYTRACEREVENT(optarg,
+                                       IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                                       CONSTSTR("could not open policy file"),
+                                       CONSTSTR("setkey -f : fopen erred"));
                                 err(1, "fopen");
                                 /*NOTREACHED*/
                         }
                                 err(1, "fopen");
                                 /*NOTREACHED*/
                         }
@@ -225,7 +227,7 @@ main(argc, argv)
  #endif
                         break;
                 case 'V':
  #endif
                         break;
                 case 'V':
-                       usage(1);
+                       usage();
                         break;
                         /*NOTREACHED*/
  #ifndef __NetBSD__
                         break;
                         /*NOTREACHED*/
  #ifndef __NetBSD__
@@ -233,7 +235,7 @@ main(argc, argv)
  #endif
                 case '?':
                 default:
  #endif
                 case '?':
                 default:
-                       usage(0);
+                       usage();
                         /*NOTREACHED*/
                 }
         }
                         /*NOTREACHED*/
                 }
         }
@@ -244,6 +246,10 @@ main(argc, argv)
         if (argc > 0) {
                 while (argc--)
                         if (fileproc(*argv++) < 0) {
         if (argc > 0) {
                 while (argc--)
                         if (fileproc(*argv++) < 0) {
+                IPSECPOLICYTRACEREVENT(argv[-1],
+                                       IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                                       CONSTSTR("could not parse policy file"),
+                                       CONSTSTR("setkey: fileproc erred"));
                                 err(1, "%s", argv[-1]);
                                 /*NOTREACHED*/
                         }
                                 err(1, "%s", argv[-1]);
                                 /*NOTREACHED*/
                         }
@@ -252,6 +258,10 @@ main(argc, argv)
  
         so = pfkey_open();
         if (so < 0) {
  
         so = pfkey_open();
         if (so < 0) {
+        IPSECPOLICYTRACEREVENT(argv[-1],
+                               IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                               CONSTSTR("couldn't open pfkey socket"),
+                               CONSTSTR("setkey: pfkey_open erred"));
                 perror("pfkey_open");
                 exit(1);
         }
                 perror("pfkey_open");
                 exit(1);
         }
@@ -273,6 +283,10 @@ main(argc, argv)
                 break;
         case MODE_STDIN:
                 if (get_supported() < 0) {
                 break;
         case MODE_STDIN:
                 if (get_supported() < 0) {
+            IPSECPOLICYTRACEREVENT("STDIN",
+                                   IPSECPOLICYEVENTCODE_SETKEY_ERROR,
+                                   CONSTSTR(ipsec_strerror()),
+                                   CONSTSTR("setkey: get_supported erred"));
                         errx(1, "%s", ipsec_strerror());
                         /*NOTREACHED*/
                 }
                         errx(1, "%s", ipsec_strerror());
                         /*NOTREACHED*/
                 }
@@ -282,7 +296,7 @@ main(argc, argv)
                 promisc();
                 /*NOTREACHED*/
         default:
                 promisc();
                 /*NOTREACHED*/
         default:
-               usage(0);
+               usage();
                 /*NOTREACHED*/
         }
  
                 /*NOTREACHED*/
         }
  
@@ -320,8 +334,7 @@ stdin_loop()
  #else
                 char rbuf[1024];
                 rbuf[0] = '\0';
  #else
                 char rbuf[1024];
                 rbuf[0] = '\0';
-               fgets (rbuf, sizeof(rbuf), stdin);
-               if (!rbuf[0])
+               if (fgets(rbuf, sizeof(rbuf), stdin) == NULL)
                         break;
                 if (rbuf[strlen(rbuf)-1] == '\n')
                         rbuf[strlen(rbuf)-1] = '\0';
                         break;
                 if (rbuf[strlen(rbuf)-1] == '\n')
                         rbuf[strlen(rbuf)-1] = '\0';
@@ -389,7 +402,10 @@ void
  promisc()
  {
         struct sadb_msg msg;
  promisc()
  {
         struct sadb_msg msg;
-       u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
+    union {                             // Wcast-align fix - force alignment
+        u_int64_t force_align;
+        u_char rbuf[1024 * 32];        /* XXX: Enough ? Should I do MSG_PEEK ? */
+    } u_buf;
         ssize_t l;
  
         msg.sadb_msg_version = PF_KEY_V2;
         ssize_t l;
  
         msg.sadb_msg_version = PF_KEY_V2;
@@ -409,7 +425,7 @@ promisc()
         while (1) {
                 struct sadb_msg *base;
  
         while (1) {
                 struct sadb_msg *base;
  
-               if ((l = recv(so, rbuf, sizeof(*base), MSG_PEEK)) < 0) {
+               if ((l = recv(so, u_buf.rbuf, sizeof(*base), MSG_PEEK)) < 0) {
                         err(1, "recv");
                         /*NOTREACHED*/
                 }
                         err(1, "recv");
                         /*NOTREACHED*/
                 }
@@ -417,8 +433,8 @@ promisc()
                 if (l != sizeof(*base))
                         continue;
  
                 if (l != sizeof(*base))
                         continue;
  
-               base = (struct sadb_msg *)rbuf;
-               if ((l = recv(so, rbuf, PFKEY_UNUNIT64(base->sadb_msg_len),
+               base = (struct sadb_msg *)&u_buf;
+               if ((l = recv(so, u_buf.rbuf, PFKEY_UNUNIT64(base->sadb_msg_len),
                                 0)) < 0) {
                         err(1, "recv");
                         /*NOTREACHED*/
                                 0)) < 0) {
                         err(1, "recv");
                         /*NOTREACHED*/
@@ -429,7 +445,7 @@ promisc()
                         for (i = 0; i < l; i++) {
                                 if (i % 16 == 0)
                                         printf("%08x: ", i);
                         for (i = 0; i < l; i++) {
                                 if (i % 16 == 0)
                                         printf("%08x: ", i);
-                               printf("%02x ", rbuf[i] & 0xff);
+                               printf("%02x ", u_buf.rbuf[i] & 0xff);
                                 if (i % 16 == 15)
                                         printf("\n");
                         }
                                 if (i % 16 == 15)
                                         printf("\n");
                         }
@@ -456,7 +472,10 @@ sendkeymsg(buf, len)
         char *buf;
         size_t len;
  {
         char *buf;
         size_t len;
  {
-       u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
+    union {                             // Wcast-align fix - force alignment
+        u_int64_t force_align;
+        u_char rbuf[1024 * 32];        /* XXX: Enough ? Should I do MSG_PEEK ? */
+    } u_buf;
         ssize_t l;
         struct sadb_msg *msg;
  
         ssize_t l;
         struct sadb_msg *msg;
  
@@ -478,7 +497,7 @@ sendkeymsg(buf, len)
                 shortdump_hdr();
  again:
         if (f_verbose) {
                 shortdump_hdr();
  again:
         if (f_verbose) {
-               kdebug_sadb((struct sadb_msg *)buf);
+               kdebug_sadb(ALIGNED_CAST(struct sadb_msg *)buf);    // Wcast-align fix - aligned message buffer
                 printf("\n");
         }
         if (f_hexdump) {
                 printf("\n");
         }
         if (f_hexdump) {
@@ -499,9 +518,9 @@ again:
                 goto end;
         }
  
                 goto end;
         }
  
-       msg = (struct sadb_msg *)rbuf;
+       msg = (struct sadb_msg *)&u_buf;
         do {
         do {
-               if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
+               if ((l = recv(so, u_buf.rbuf, sizeof(u_buf.rbuf), 0)) < 0) {
                         perror("recv");
                         goto end;
                 }
                         perror("recv");
                         goto end;
                 }
@@ -512,7 +531,7 @@ again:
                 }
  
                 if (f_verbose) {
                 }
  
                 if (f_verbose) {
-                       kdebug_sadb((struct sadb_msg *)rbuf);
+                       kdebug_sadb((struct sadb_msg *)&u_buf);
                         printf("\n");
                 }
                 if (postproc(msg, l) < 0)
                         printf("\n");
                 }
                 if (postproc(msg, l) < 0)
@@ -585,7 +604,7 @@ postproc(msg, len)
                         struct sadb_sa *sa;
                         pfkey_align(msg, mhp);
                         pfkey_check(mhp);
                         struct sadb_sa *sa;
                         pfkey_align(msg, mhp);
                         pfkey_check(mhp);
-                       if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
+                       if ((sa = ALIGNED_CAST(struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {     // Wcast-align (void*) - buffer of pointers to aligned structs in malloc'd buffer
                                 if (sa->sadb_sa_state == SADB_SASTATE_DEAD)
                                         break;
                         }
                                 if (sa->sadb_sa_state == SADB_SASTATE_DEAD)
                                         break;
                         }
@@ -599,8 +618,8 @@ postproc(msg, len)
                         else
                                 pfkey_sadump(msg);
                 }
                         else
                                 pfkey_sadump(msg);
                 }
-               msg = (struct sadb_msg *)((caddr_t)msg +
-                                    PFKEY_UNUNIT64(msg->sadb_msg_len));
+               msg = ALIGNED_CAST(struct sadb_msg *)((caddr_t)msg +
+                                    PFKEY_UNUNIT64(msg->sadb_msg_len));           // Wcast-align fix (void*) - aligned msg buffer passed into function
                 if (f_verbose) {
                         kdebug_sadb((struct sadb_msg *)msg);
                         printf("\n");
                 if (f_verbose) {
                         kdebug_sadb((struct sadb_msg *)msg);
                         printf("\n");
@@ -620,7 +639,7 @@ postproc(msg, len)
                 else
                         pfkey_spdump(msg);
                 if (msg->sadb_msg_seq == 0) break;
                 else
                         pfkey_spdump(msg);
                 if (msg->sadb_msg_seq == 0) break;
-               msg = (struct sadb_msg *)((caddr_t)msg +
+               msg = ALIGNED_CAST(struct sadb_msg *)((caddr_t)msg +          // Wcast-align fix (void*) - aligned msg buffer passed into function
                                      PFKEY_UNUNIT64(msg->sadb_msg_len));
                 if (f_verbose) {
                         kdebug_sadb((struct sadb_msg *)msg);
                                      PFKEY_UNUNIT64(msg->sadb_msg_len));
                 if (f_verbose) {
                         kdebug_sadb((struct sadb_msg *)msg);
@@ -711,12 +730,12 @@ fileproc(filename)
         ep = rbuf + l;
  
         while (p < ep) {
         ep = rbuf + l;
  
         while (p < ep) {
-               msg = (struct sadb_msg *)p;
+               msg = ALIGNED_CAST(struct sadb_msg *)p;
                 len = PFKEY_UNUNIT64(msg->sadb_msg_len);
                 postproc(msg, len);
                 p += len;
         }
                 len = PFKEY_UNUNIT64(msg->sadb_msg_len);
                 postproc(msg, len);
                 p += len;
         }
-
+    
         return (0);
  }
  
         return (0);
  }
  
@@ -783,15 +802,15 @@ shortdump(msg)
  
         printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype));
  
  
         printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype));
  
-       if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
+       if ((sa = ALIGNED_CAST(struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
                 printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate));
                 printf(" %08x", (u_int32_t)ntohl(sa->sadb_sa_spi));
         } else
                 printf("%-1s %-8s", "?", "?");
  
                 printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate));
                 printf(" %08x", (u_int32_t)ntohl(sa->sadb_sa_spi));
         } else
                 printf("%-1s %-8s", "?", "?");
  
-       lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
-       lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
-       ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
+       lts = ALIGNED_CAST(struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
+       lth = ALIGNED_CAST(struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
+       ltc = ALIGNED_CAST(struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
         if (lts && lth && ltc) {
                 if (ltc->sadb_lifetime_addtime == 0)
                         t = (u_long)0;
         if (lts && lth && ltc) {
                 if (ltc->sadb_lifetime_addtime == 0)
                         t = (u_long)0;
@@ -814,11 +833,11 @@ shortdump(msg)
  
         printf(" ");
  
  
         printf(" ");
  
-       if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
+       if ((saddr = ALIGNED_CAST(struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
                 if (saddr->sadb_address_proto)
                         printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
                 if (saddr->sadb_address_proto)
                         printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
-               s = (struct sockaddr *)(saddr + 1);
-               getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
+               s = (struct sockaddr *)(saddr + 1);                      
+               getnameinfo(s, sysdep_sa_len((struct sockaddr *)s), buf, sizeof(buf),
                         pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
                 if (strcmp(pbuf, "0") != 0)
                         printf("%s[%s]", buf, pbuf);
                         pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
                 if (strcmp(pbuf, "0") != 0)
                         printf("%s[%s]", buf, pbuf);
@@ -829,7 +848,7 @@ shortdump(msg)
  
         printf(" -> ");
  
  
         printf(" -> ");
  
-       if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
+       if ((saddr = ALIGNED_CAST(struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
                 if (saddr->sadb_address_proto)
                         printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
  
                 if (saddr->sadb_address_proto)
                         printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));