diff options
author | shin <shin@FreeBSD.org> | 2000-03-30 01:33:39 +0000 |
---|---|---|
committer | shin <shin@FreeBSD.org> | 2000-03-30 01:33:39 +0000 |
commit | 5bc92eac721d018ebd8bce5e87f57294ccb0fd54 (patch) | |
tree | 1356be94e2894aebba0cd6a0be587d82208270eb /contrib/traceroute | |
parent | 1f6e099839512f63d8774fbe21ab5e84ac17e081 (diff) | |
download | FreeBSD-src-5bc92eac721d018ebd8bce5e87f57294ccb0fd54.zip FreeBSD-src-5bc92eac721d018ebd8bce5e87f57294ccb0fd54.tar.gz |
Bypass IPsec for traceroute invoked by root.
PR: bin/17606
Submitted by: Louis Mamakos <louie@TransSys.COM
Diffstat (limited to 'contrib/traceroute')
-rw-r--r-- | contrib/traceroute/traceroute.c | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/contrib/traceroute/traceroute.c b/contrib/traceroute/traceroute.c index 8d75a55..f714490 100644 --- a/contrib/traceroute/traceroute.c +++ b/contrib/traceroute/traceroute.c @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint @@ -24,7 +26,7 @@ static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1991, 1994, 1995, 1996\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#)$Header: /home/ncvs/src/contrib/traceroute/traceroute.c,v 1.10 1999/05/12 17:28:31 archie Exp $ (LBL)"; + "@(#)$Header: /usr/local/FreeBSD/cvs/src/contrib/traceroute/traceroute.c,v 1.11 1999/06/25 21:48:40 archie Exp $ (LBL)"; #endif /* @@ -217,6 +219,11 @@ static const char rcsid[] = #include <arpa/inet.h> +#ifdef IPSEC +#include <net/route.h> +#include <netinet6/ipsec.h> /* XXX */ +#endif /* IPSEC */ + #include <ctype.h> #include <errno.h> #ifdef HAVE_MALLOC_H @@ -322,6 +329,9 @@ void print(u_char *, int, struct sockaddr_in *); char *getaddr(u_int32_t *, char *); char *getsin(struct sockaddr_in *, char *); char *savestr(const char *); +#ifdef IPSEC +int setpolicy __P((int so, char *policy)); +#endif void send_probe(int, int); void tvsub(struct timeval *, struct timeval *); __dead void usage(void); @@ -646,6 +656,14 @@ main(int argc, char **argv) (void)setsockopt(s, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)); +#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) + if (setpolicy(s, "in bypass") < 0) + errx(1, ipsec_strerror()); + + if (setpolicy(s, "out bypass") < 0) + errx(1, ipsec_strerror()); +#endif /* defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) */ + if (sndsock < 0) { errno = sockerrno; Fprintf(stderr, "%s: raw socket: %s\n", prog, strerror(errno)); @@ -718,6 +736,14 @@ main(int argc, char **argv) #endif } +#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) + if (setpolicy(sndsock, "in bypass") < 0) + errx(1, ipsec_strerror()); + + if (setpolicy(sndsock, "out bypass") < 0) + errx(1, ipsec_strerror()); +#endif /* defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) */ + Fprintf(stderr, "%s to %s (%s)", prog, hostname, inet_ntoa(to->sin_addr)); if (source) @@ -885,6 +911,28 @@ wait_for_reply(register int sock, register struct sockaddr_in *fromp, return(cc); } +#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) +int +setpolicy(so, policy) + int so; + char *policy; +{ + char *buf; + + buf = ipsec_set_policy(policy, strlen(policy)); + if (buf == NULL) { + warnx(ipsec_strerror()); + return -1; + } + (void)setsockopt(so, IPPROTO_IP, IP_IPSEC_POLICY, + buf, ipsec_get_policylen(buf)); + + free(buf); + + return 0; +} +#endif + void send_probe(int seq, int ttl) { |