25cf1a301a396c38e8adf52c15f537b80d2483f7jl * CDDL HEADER START
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * The contents of this file are subject to the terms of the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Common Development and Distribution License (the "License").
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * You may not use this file except in compliance with the License.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * See the License for the specific language governing permissions
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * and limitations under the License.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * When distributing Covered Code, include this CDDL HEADER in each
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * If applicable, add the following below this CDDL HEADER, with the
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * fields enclosed by brackets "[]" replaced with your own identifying
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * information: Portions Copyright [yyyy] [name of copyright owner]
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * CDDL HEADER END
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Use is subject to license terms.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl#pragma ident "%Z%%M% %I% %E% SMI"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Define the file containing the configured DSCP interface name
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Forward declarations
25cf1a301a396c38e8adf52c15f537b80d2483f7jlstatic int get_ifname(char *);
25cf1a301a396c38e8adf52c15f537b80d2483f7jlstatic int convert_ipv6(struct sockaddr_in6 *, uint32_t *);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl struct sockaddr_in6 *, int *);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * dscpBind()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Properly bind a socket to the local DSCP address.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Optionally bind it to a specific port.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Check arguments */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Get the local DSCP address used to communicate with the SP */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * If the caller specified a port, then update the socket address
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * to also specify the same port.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (port != 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Bind the socket.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * EINVAL means it is already bound.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * EAFNOSUPPORT means try again using IPv6.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * dscpSecure()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Enable DSCP security mechanisms on a socket.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * DSCP uses the IPSec AH (Authentication Headers) protocol with
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * the SHA-1 algorithm.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl/*ARGSUSED*/
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Check arguments */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (sockfd < 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Construct a socket option argument that specifies the protocols
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * and algorithms required for DSCP's use of IPSec.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Set the socket option that enables IPSec usage upon the socket,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * using the socket option argument constructed above.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (setsockopt(sockfd, IPPROTO_IP, IP_SEC_OPT, (const char *)&opt,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl sizeof (opt)) < 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * dscpAuth()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Test whether a connection should be accepted or refused.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * The address of the connection request is compared against
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * the remote address of the specified DSCP link.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl/*ARGSUSED*/
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Check arguments */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get the remote IP address associated with the SP.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (dscpAddr(0, DSCP_ADDR_REMOTE, &daddr, &dlen) != DSCP_OK) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert the request's address to a 32-bit integer.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * This may require a conversion if the caller is
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * using an IPv6 socket.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* LINTED E_BAD_PTR_CAST_ALIGN */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* LINTED E_BAD_PTR_CAST_ALIGN */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert the SP's address to a 32-bit integer.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* LINTED E_BAD_PTR_CAST_ALIGN */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Compare the addresses. Reject if they don't match.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * dscpAddr()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get the addresses associated with a specific DSCP link.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl/*ARGSUSED*/
25cf1a301a396c38e8adf52c15f537b80d2483f7jldscpAddr(int domain_id, int which, struct sockaddr *saddr, int *lenp)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Check arguments */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl ((which != DSCP_ADDR_LOCAL) && (which != DSCP_ADDR_REMOTE))) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get the DSCP interface name.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Open a socket.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get the interface flags.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * The interface must be a PPP link using IPv4.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Get the local or remote address, depending upon 'which'.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (error < 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Copy the sockaddr value back to the caller.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl (void) memcpy(saddr, &lifr.lifr_addr, sizeof (struct sockaddr_in));
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * dscpIdent()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Determine the domain of origin associated with a sockaddr.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * (Map a sockaddr to a domain ID.)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * In the Solaris version, the remote socket address should always
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * be the SP. A call to dscpAuth() is used to confirm this, and
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * then DSCP_IDENT_SP is returned as a special domain ID.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Check arguments */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Confirm that the address is the SP */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * get_ifname()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Retrieve the interface name used by DSCP.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * It should be available from a file in /var/run.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Returns: 0 upon success, -1 upon failure.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Initialize the interface name.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Test for a a valid configuration file.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Open the configuration file and read its contents
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (i <= 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Analyze the interface name that was just read,
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * and clean it up as necessary. The result should
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * be a simple NULL terminated string such as "sppp0"
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * with no extra whitespace or other characters.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Detect the beginning of the interface name */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Fail if no such beginning was found */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (begin < 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Detect the end of the interface name */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Compute the length of the name */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Remove leading whitespace */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (begin > 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl /* Clear out any remaining garbage */
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (0);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * convert_ipv6()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Converts an IPv6 socket address into an equivalent IPv4
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * address. The conversion is to a 32-bit integer because
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * that is sufficient for how libdscp uses IPv4 addresses.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * The IPv4 address is additionally converted from network
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * byte order to host byte order.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Returns: 0 upon success, with 'addrp' updated.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * -1 upon failure, with 'addrp' undefined.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert the IPv6 address into a string.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Use the IPv6 string to construct an IPv4 string.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert the IPv4 string into a 32-bit integer.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (0);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * convert_ipv4()
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert an IPv4 socket address into an equivalent IPv6 address.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Returns: 0 upon success, with 'addr6' and 'lenp' updated.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * -1 upon failure, with 'addr6' and 'lenp' undefined.
25cf1a301a396c38e8adf52c15f537b80d2483f7jlconvert_ipv4(struct sockaddr_in *addr, struct sockaddr_in6 *addr6, int *lenp)
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert the IPv4 socket address into a string.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (inet_ntop(AF_INET, &ipv4addr, ipv4str, sizeof (ipv4str)) == NULL) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Use the IPv4 string to construct an IPv6 string.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl len = snprintf(ipv6str, INET6_ADDRSTRLEN, "::ffff:%s", ipv4str);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl * Convert the IPv6 string to an IPv6 socket address.
25cf1a301a396c38e8adf52c15f537b80d2483f7jl if (inet_pton(AF_INET6, ipv6str, &addr6->sin6_addr) <= 0) {
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (-1);
25cf1a301a396c38e8adf52c15f537b80d2483f7jl return (0);