svn commit: r311035 - projects/ipsec/contrib/netcat

Sun Jan 1 20:19:08 UTC 2017

Author: ae
Date: Sun Jan  1 20:19:06 2017
New Revision: 311035
URL: https://svnweb.freebsd.org/changeset/base/311035

Log:
  Fix '-e' and '-E' flags support for IPv6.
  
  Move add_ipsec_policy() calls into set_common_sockopts().
  For IPv6 use INET6 specific socket level and option.

Modified:
  projects/ipsec/contrib/netcat/netcat.c

Modified: projects/ipsec/contrib/netcat/netcat.c
==============================================================================

--- projects/ipsec/contrib/netcat/netcat.c	Sun Jan  1 20:05:19 2017	(r311034)
+++ projects/ipsec/contrib/netcat/netcat.c	Sun Jan  1 20:19:06 2017	(r311035)
@@ -131,7 +131,7 @@ ssize_t drainbuf(int, unsigned char *, s
 ssize_t fillbuf(int, unsigned char *, size_t *);
 
 #ifdef IPSEC
-void	add_ipsec_policy(int, char *);
+void	add_ipsec_policy(int, int, char *);
 
 char	*ipsec_policy[2];
 #endif
@@ -642,12 +642,6 @@ remote_connect(const char *host, const c
 		if ((s = socket(res0->ai_family, res0->ai_socktype,
 		    res0->ai_protocol)) < 0)
 			continue;
-#ifdef IPSEC
-		if (ipsec_policy[0] != NULL)
-			add_ipsec_policy(s, ipsec_policy[0]);
-		if (ipsec_policy[1] != NULL)
-			add_ipsec_policy(s, ipsec_policy[1]);
-#endif
 
 		if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_SETFIB,
 		    &rtableid, sizeof(rtableid)) == -1))
@@ -765,12 +759,7 @@ local_listen(char *host, char *port, str
 		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
 		if (ret == -1)
 			err(1, NULL);
-#ifdef IPSEC
-		if (ipsec_policy[0] != NULL)
-			add_ipsec_policy(s, ipsec_policy[0]);
-		if (ipsec_policy[1] != NULL)
-			add_ipsec_policy(s, ipsec_policy[1]);
-#endif
+
 		if (FreeBSD_Oflag) {
 			if (setsockopt(s, IPPROTO_TCP, TCP_NOOPT,
 			    &FreeBSD_Oflag, sizeof(FreeBSD_Oflag)) == -1)
@@ -1235,6 +1224,12 @@ set_common_sockopts(int s, int af)
 		    &FreeBSD_Oflag, sizeof(FreeBSD_Oflag)) == -1)
 			err(1, "disable TCP options");
 	}
+#ifdef IPSEC
+	if (ipsec_policy[0] != NULL)
+		add_ipsec_policy(s, af, ipsec_policy[0]);
+	if (ipsec_policy[1] != NULL)
+		add_ipsec_policy(s, af, ipsec_policy[1]);
+#endif
 }
 
 int
@@ -1360,7 +1355,7 @@ help(void)
 
 #ifdef IPSEC
 void
-add_ipsec_policy(int s, char *policy)
+add_ipsec_policy(int s, int af, char *policy)
 {
 	char *raw;
 	int e;
@@ -1369,8 +1364,12 @@ add_ipsec_policy(int s, char *policy)
 	if (raw == NULL)
 		errx(1, "ipsec_set_policy `%s': %s", policy,
 		     ipsec_strerror());
-	e = setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, raw,
-			ipsec_get_policylen(raw));
+	if (af == AF_INET)
+		e = setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, raw,
+		    ipsec_get_policylen(raw));
+	if (af == AF_INET6)
+		e = setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, raw,
+		    ipsec_get_policylen(raw));
 	if (e < 0)
 		err(1, "ipsec policy cannot be configured");
 	free(raw);
