diff options
author | Chia-chi Yeh <chiachi@android.com> | 2009-07-22 06:46:14 +0800 |
---|---|---|
committer | Chia-chi Yeh <chiachi@android.com> | 2009-07-24 16:22:04 +0800 |
commit | c454954382b81262dc81ac54e147f4dc7fc0af75 (patch) | |
tree | 2a183156a982ec019475e391ac2e1e4444a033eb /main.c | |
parent | 4754a116408a7ad661bb573f6ecc8ff3d83bf6d9 (diff) | |
download | ipsec-tools-c454954382b81262dc81ac54e147f4dc7fc0af75.tar.gz |
ipsec-tools: Some fixes for rekeying.
Bind sockets to proper interface in order to avoid using host routes.
Rewrite a part of sockmisc.c to work around the ipi_ifindex bug in linux kernel.
Enable policy generating when responding to phase 2 negotiation.
Reduce the executable size about 4KB by simplifying some functions.
Diffstat (limited to 'main.c')
-rw-r--r-- | main.c | 115 |
1 files changed, 56 insertions, 59 deletions
@@ -18,7 +18,6 @@ #include <stdlib.h> #include <string.h> #include <stdarg.h> -#include <ctype.h> #include <signal.h> #include <unistd.h> #include <sys/types.h> @@ -26,7 +25,8 @@ #include <sys/select.h> #ifdef ANDROID_CHANGES -#include <fcntl.h> +#include <sys/ioctl.h> +#include <linux/if.h> #include <android/log.h> #include <cutils/sockets.h> #include <private/android_filesystem_config.h> @@ -35,7 +35,6 @@ #include "config.h" #include "libpfkey.h" -#include "ipsec_strerror.h" #include "gcmalloc.h" #include "vmbuf.h" #include "crypto_openssl.h" @@ -52,14 +51,6 @@ #include "privsep.h" #include "misc.h" -extern void setup(int argc, char **argv); -int f_local = 0; - -static void terminate(int signal) -{ - exit(1); -} - #ifdef ANDROID_CHANGES static int get_control_and_arguments(int *argc, char ***argv) @@ -77,7 +68,6 @@ static int get_control_and_arguments(int *argc, char ***argv) exit(-1); } close(i); - fcntl(control, F_SETFD, FD_CLOEXEC); args[0] = (*argv)[0]; for (i = 1; i < 256; ++i) { @@ -110,8 +100,46 @@ static int get_control_and_arguments(int *argc, char ***argv) return control; } +static void bind_interface() +{ + struct ifreq ifreqs[64]; + struct ifconf ifconf = {.ifc_len = sizeof(ifreqs), .ifc_req = ifreqs}; + struct myaddrs *p = lcconf->myaddrs; + + if (ioctl(p->sock, SIOCGIFCONF, &ifconf) == -1) { + do_plog(LLV_WARNING, "Cannot list interfaces"); + return; + } + + while (p) { + int i = ifconf.ifc_len / sizeof(struct ifreq) - 1; + while (i >= 0 && cmpsaddrwop(p->addr, &ifreqs[i].ifr_addr)) { + --i; + } + if (i < 0 || setsockopt(p->sock, SOL_SOCKET, SO_BINDTODEVICE, + ifreqs[i].ifr_name, IFNAMSIZ) == -1) { + do_plog(LLV_WARNING, "Cannot bind socket %d to proper interface", + p->sock); + } + p = p->next; + } +} + #endif +extern void setup(int argc, char **argv); +int f_local = 0; + +static void terminate(int signal) +{ + exit(1); +} + +static void terminated() +{ + do_plog(LLV_INFO, "Bye\n"); +} + int main(int argc, char **argv) { fd_set fdset; @@ -124,6 +152,7 @@ int main(int argc, char **argv) do_plog(LLV_INFO, "ipsec-tools 0.7.2 (http://ipsec-tools.sf.net)\n"); + atexit(terminated); signal(SIGHUP, terminate); signal(SIGINT, terminate); signal(SIGTERM, terminate); @@ -140,6 +169,7 @@ int main(int argc, char **argv) } #ifdef ANDROID_CHANGES + bind_interface(); send(control, &code, 1, 0); setuid(AID_VPN); #endif @@ -208,59 +238,13 @@ char *binsanitize(char *data, size_t length) if (output) { size_t i; for (i = 0; i < length; ++i) { - output[i] = isprint(data[i]) ? data[i] : '?'; + output[i] = (data[i] < ' ' || data[i] > '~') ? '?' : data[i]; } output[length] = '\0'; } return output; } -/* libpfkey.h */ - -ipsec_policy_t ipsec_set_policy(__ipsec_const char *message, int length) -{ - struct sadb_x_policy *p; - int direction; - - if (!strcmp("in bypass", message)) { - direction = IPSEC_DIR_INBOUND; - } else if (!strcmp("out bypass", message)) { - direction = IPSEC_DIR_OUTBOUND; - } else { - __ipsec_errcode = EIPSEC_INVAL_POLICY; - return NULL; - } - - p = calloc(1, sizeof(struct sadb_x_policy)); - p->sadb_x_policy_len = PFKEY_UNIT64(sizeof(struct sadb_x_policy)); - p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; - p->sadb_x_policy_type = IPSEC_POLICY_BYPASS; - p->sadb_x_policy_dir = direction; -#ifdef HAVE_PFKEY_POLICY_PRIORITY - p->sadb_x_policy_priority = PRIORITY_DEFAULT; -#endif - __ipsec_errcode = EIPSEC_NO_ERROR; - return (ipsec_policy_t)p; -} - -int ipsec_get_policylen(ipsec_policy_t policy) -{ - return policy ? PFKEY_EXTLEN(policy) : -1; -} - -/* grabmyaddr.h */ - -int getsockmyaddr(struct sockaddr *addr) -{ - struct myaddrs *p; - for (p = lcconf->myaddrs; p; p = p->next) { - if (cmpsaddrstrict(addr, p->addr) == 0) { - return p->sock; - } - } - return -1; -} - /* privsep.h */ int privsep_pfkey_open() @@ -302,6 +286,19 @@ int privsep_script_exec(char *script, int name, char * const *environ) return 0; } +/* grabmyaddr.h */ + +int getsockmyaddr(struct sockaddr *addr) +{ + struct myaddrs *p; + for (p = lcconf->myaddrs; p; p = p->next) { + if (cmpsaddrstrict(addr, p->addr) == 0) { + return p->sock; + } + } + return -1; +} + /* misc.h */ int racoon_hexdump(void *data, size_t length) |