summaryrefslogtreecommitdiff
path: root/sbin/ipsecadm/ipsecadm.c
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>1999-12-20 05:38:23 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>1999-12-20 05:38:23 +0000
commit4a4ce4c90970bf9d3a38936e9ce20fcaf3089357 (patch)
tree0c0952e057f3101464896353176f63e90d11da9a /sbin/ipsecadm/ipsecadm.c
parent3807aba9c447b3f943d2737235ab610f67b6fb92 (diff)
Accept IPv6 addresses.
Diffstat (limited to 'sbin/ipsecadm/ipsecadm.c')
-rw-r--r--sbin/ipsecadm/ipsecadm.c414
1 files changed, 302 insertions, 112 deletions
diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c
index 2164716d892..5054db06cf1 100644
--- a/sbin/ipsecadm/ipsecadm.c
+++ b/sbin/ipsecadm/ipsecadm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecadm.c,v 1.27 1999/12/06 21:58:39 angelos Exp $ */
+/* $OpenBSD: ipsecadm.c,v 1.28 1999/12/20 05:38:22 angelos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -51,6 +51,10 @@
#include <arpa/inet.h>
#include <netdb.h>
+#ifdef INET6
+#include <netinet6/in6.h>
+#endif /* INET6 */
+
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
@@ -99,6 +103,8 @@ transform xf[] = {
{"rmd160", SADB_X_AALG_RIPEMD160HMAC96, XF_AUTH|AH_NEW|ESP_NEW},
};
+#define ROUNDUP(x) (x % 8 ? (x + 8) - (x % 8) : x)
+
void
xf_set(struct iovec *iov, int cnt, int len)
{
@@ -211,7 +217,10 @@ main(int argc, char **argv)
int proto = IPPROTO_ESP, proto2 = IPPROTO_AH;
int dport = -1, sport = -1, tproto = -1, setmask = 0;
u_int32_t spi = SPI_RESERVED_MIN, spi2 = SPI_RESERVED_MIN;
- union sockaddr_union src, dst, dst2, osrc, odst, osmask, odmask, proxy;
+ union sockaddr_union *src, *dst, *dst2, *osrc, *odst, *osmask;
+ union sockaddr_union *odmask, *proxy;
+ u_char srcbuf[256], dstbuf[256], dst2buf[256], osrcbuf[256];
+ u_char odstbuf[256], osmaskbuf[256], odmaskbuf[256], proxybuf[256];
int srcset = 0, dstset = 0, dst2set = 0;
u_char *keyp = NULL, *authp = NULL;
struct protoent *tp;
@@ -260,7 +269,25 @@ main(int argc, char **argv)
bzero(iov, sizeof(iov));
bzero(realkey, sizeof(realkey));
bzero(realakey, sizeof(realakey));
-
+
+ src = (union sockaddr_union *) srcbuf;
+ dst = (union sockaddr_union *) dstbuf;
+ dst2 = (union sockaddr_union *) dst2buf;
+ osrc = (union sockaddr_union *) osrcbuf;
+ odst = (union sockaddr_union *) odstbuf;
+ osmask = (union sockaddr_union *) osmaskbuf;
+ odmask = (union sockaddr_union *) odmaskbuf;
+ proxy = (union sockaddr_union *) proxybuf;
+
+ bzero(srcbuf, sizeof(srcbuf));
+ bzero(dstbuf, sizeof(dstbuf));
+ bzero(dst2buf, sizeof(dst2buf));
+ bzero(osrcbuf, sizeof(osrcbuf));
+ bzero(odstbuf, sizeof(odstbuf));
+ bzero(osmaskbuf, sizeof(osmaskbuf));
+ bzero(odmaskbuf, sizeof(odmaskbuf));
+ bzero(proxybuf, sizeof(proxybuf));
+
/* Initialize */
smsg.sadb_msg_version = PF_KEY_V2;
smsg.sadb_msg_seq = 1;
@@ -279,16 +306,6 @@ main(int argc, char **argv)
sa2.sadb_sa_replay = 0;
sa2.sadb_sa_state = SADB_SASTATE_MATURE;
- /* Initialize */
- bzero(&src, sizeof(union sockaddr_union));
- bzero(&dst, sizeof(union sockaddr_union));
- bzero(&dst2, sizeof(union sockaddr_union));
- bzero(&osrc, sizeof(union sockaddr_union));
- bzero(&odst, sizeof(union sockaddr_union));
- bzero(&osmask, sizeof(union sockaddr_union));
- bzero(&odmask, sizeof(union sockaddr_union));
- bzero(&proxy, sizeof(union sockaddr_union));
-
if (!strcmp(argv[1], "new") && argc > 3)
{
if (!strcmp(argv[2], "esp"))
@@ -546,27 +563,69 @@ main(int argc, char **argv)
if (!strcmp(argv[i] + 1, "src") && (i + 1 < argc))
{
- src.sin.sin_family = AF_INET;
- src.sin.sin_len = sizeof(struct sockaddr_in);
- srcset = inet_aton(argv[i + 1], &src.sin.sin_addr) != -1 ? 1 : 0;
sad1.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
- sad1.sadb_address_len = 1 + sizeof(struct sockaddr_in) / 8;
+#ifdef INET6
+ if (strchr(argv[i + 1], ':'))
+ {
+ src->sin6.sin6_family = AF_INET6;
+ src->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ srcset = inet_pton(AF_INET6, argv[i + 1],
+ &src->sin6.sin6_addr) != -1 ? 1 : 0;
+ sad1.sadb_address_len = 1 +
+ ROUNDUP(sizeof(struct sockaddr_in6)) / 8;
+ }
+ else
+#endif /* INET6 */
+ {
+ src->sin.sin_family = AF_INET;
+ src->sin.sin_len = sizeof(struct sockaddr_in);
+ srcset = inet_pton(AF_INET, argv[i + 1],
+ &src->sin.sin_addr) != -1 ? 1 : 0;
+ sad1.sadb_address_len = 1 + sizeof(struct sockaddr_in) / 8;
+ }
+
+ if (srcset == 0)
+ {
+ fprintf(stderr,
+ "%s: Warning: source address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
i++;
continue;
}
if (!strcmp(argv[i] + 1, "proxy") && (i + 1 < argc))
{
- proxy.sin.sin_family = AF_INET;
- proxy.sin.sin_len = sizeof(struct sockaddr_in);
- if (!inet_aton(argv[i + 1], &proxy.sin.sin_addr)) {
- fprintf(stderr,
- "%s: Warning: proxy address %s is not valid\n", argv[0],
- argv[i + 1]);
- exit(1);
- }
sad3.sadb_address_exttype = SADB_EXT_ADDRESS_PROXY;
- sad3.sadb_address_len = 1 + sizeof(struct sockaddr_in) / 8;
+#ifdef INET6
+ if (strchr(argv[i + 1], ':'))
+ {
+ proxy->sin6.sin6_family = AF_INET6;
+ proxy->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ if (!inet_pton(AF_INET6, argv[i + 1], &proxy->sin6.sin6_addr)) {
+ fprintf(stderr,
+ "%s: Warning: proxy address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ sad3.sadb_address_len = 1 +
+ ROUNDUP(sizeof(struct sockaddr_in6)) / 8;
+ }
+ else
+#endif /* INET6 */
+ {
+ proxy->sin.sin_family = AF_INET;
+ proxy->sin.sin_len = sizeof(struct sockaddr_in);
+ if (!inet_pton(AF_INET, argv[i + 1], &proxy->sin.sin_addr)) {
+ fprintf(stderr,
+ "%s: Warning: proxy address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ sad3.sadb_address_len = 1 + sizeof(struct sockaddr_in) / 8;
+ }
+
i++;
continue;
}
@@ -629,46 +688,125 @@ main(int argc, char **argv)
sad6.sadb_address_exttype = SADB_X_EXT_SRC_MASK;
sad7.sadb_address_exttype = SADB_X_EXT_DST_MASK;
- sad4.sadb_address_len = (sizeof(sad4) +
- sizeof(struct sockaddr_in)) / 8;
- sad5.sadb_address_len = (sizeof(sad5) +
- sizeof(struct sockaddr_in)) / 8;
- sad6.sadb_address_len = (sizeof(sad6) +
- sizeof(struct sockaddr_in)) / 8;
- sad7.sadb_address_len = (sizeof(sad7) +
- sizeof(struct sockaddr_in)) / 8;
-
- osrc.sin.sin_family = odst.sin.sin_family = AF_INET;
- osmask.sin.sin_family = odmask.sin.sin_family = AF_INET;
- osrc.sin.sin_len = odst.sin.sin_len = sizeof(struct sockaddr_in);
- osmask.sin.sin_len = sizeof(struct sockaddr_in);
- odmask.sin.sin_len = sizeof(struct sockaddr_in);
- setmask = 1;
-
- if (!inet_aton(argv[i + 1], &osrc.sin.sin_addr)) {
- fprintf(stderr, "%s: source address %s is not valid\n", argv[0],
- argv[i + 1]);
- exit(1);
- }
- i++;
- if (!inet_aton(argv[i + 1], &osmask.sin.sin_addr)) {
- fprintf(stderr, "%s: source netmask %s is not valid\n", argv[0],
- argv[i + 1]);
- exit(1);
+#ifdef INET6
+ if ((strchr(argv[i + 1], ':') &&
+ (!strchr(argv[i + 2], ':') || !strchr(argv[i + 3], ':') ||
+ !strchr(argv[i + 4], ':'))) ||
+ (!strchr(argv[i + 1], ':') &&
+ (strchr(argv[i + 2], ':') || strchr(argv[i + 3], ':') ||
+ strchr(argv[i + 4], ':'))))
+ {
+ fprintf(stderr,
+ "%s: Mixed address families specified in addr\n",
+ argv[0]);
+ exit(1);
}
- i++;
- if (!inet_aton(argv[i + 1], &odst.sin.sin_addr)) {
- fprintf(stderr, "%s: destination address %s is not valid\n", argv[0],
- argv[i + 1]);
- exit(1);
+
+ if (strchr(argv[i + 1], ':'))
+ {
+ sad4.sadb_address_len = (sizeof(sad4) +
+ ROUNDUP(sizeof(struct sockaddr_in6)))
+ / 8;
+ sad5.sadb_address_len = (sizeof(sad5) +
+ ROUNDUP(sizeof(struct sockaddr_in6)))
+ / 8;
+ sad6.sadb_address_len = (sizeof(sad6) +
+ ROUNDUP(sizeof(struct sockaddr_in6)))
+ / 8;
+ sad7.sadb_address_len = (sizeof(sad7) +
+ ROUNDUP(sizeof(struct sockaddr_in6)))
+ / 8;
+
+ osrc->sin6.sin6_family = odst->sin6.sin6_family = AF_INET6;
+ osmask->sin6.sin6_family = odmask->sin6.sin6_family = AF_INET6;
+ osrc->sin6.sin6_len = odst->sin6.sin6_len =
+ sizeof(struct sockaddr_in6);
+ osmask->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ odmask->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ setmask = 1;
+
+ if (!inet_pton(AF_INET6, argv[i + 1], &osrc->sin6.sin6_addr))
+ {
+ fprintf(stderr, "%s: source address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
+ if (!inet_pton(AF_INET6, argv[i + 1], &osmask->sin6.sin6_addr))
+ {
+ fprintf(stderr, "%s: source netmask %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
+ if (!inet_pton(AF_INET6, argv[i + 1], &odst->sin6.sin6_addr))
+ {
+ fprintf(stderr,
+ "%s: destination address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
+ if (!inet_pton(AF_INET6, argv[i + 1], &odmask->sin6.sin6_addr))
+ {
+ fprintf(stderr,
+ "%s: destination netmask %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
}
- i++;
- if (!inet_aton(argv[i + 1], &odmask.sin.sin_addr)) {
- fprintf(stderr, "%s: destination netmask %s is not valid\n", argv[0],
- argv[i + 1]);
- exit(1);
+ else
+#endif /* INET6 */
+ {
+ sad4.sadb_address_len = (sizeof(sad4) +
+ sizeof(struct sockaddr_in)) / 8;
+ sad5.sadb_address_len = (sizeof(sad5) +
+ sizeof(struct sockaddr_in)) / 8;
+ sad6.sadb_address_len = (sizeof(sad6) +
+ sizeof(struct sockaddr_in)) / 8;
+ sad7.sadb_address_len = (sizeof(sad7) +
+ sizeof(struct sockaddr_in)) / 8;
+
+ osrc->sin.sin_family = odst->sin.sin_family = AF_INET;
+ osmask->sin.sin_family = odmask->sin.sin_family = AF_INET;
+ osrc->sin.sin_len = odst->sin.sin_len =
+ sizeof(struct sockaddr_in);
+ osmask->sin.sin_len = sizeof(struct sockaddr_in);
+ odmask->sin.sin_len = sizeof(struct sockaddr_in);
+ setmask = 1;
+
+ if (!inet_pton(AF_INET, argv[i + 1], &osrc->sin.sin_addr))
+ {
+ fprintf(stderr, "%s: source address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
+ if (!inet_pton(AF_INET, argv[i + 1], &osmask->sin.sin_addr))
+ {
+ fprintf(stderr, "%s: source netmask %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
+ if (!inet_pton(AF_INET, argv[i + 1], &odst->sin.sin_addr))
+ {
+ fprintf(stderr,
+ "%s: destination address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
+ if (!inet_pton(AF_INET, argv[i + 1], &odmask->sin.sin_addr))
+ {
+ fprintf(stderr,
+ "%s: destination netmask %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
+ i++;
}
- i++;
continue;
}
@@ -684,9 +822,9 @@ main(int argc, char **argv)
sad2.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
sad2.sadb_address_len = (sizeof(sad2) +
sizeof(struct sockaddr_in)) / 8;
- dst.sin.sin_family = AF_INET;
- dst.sin.sin_len = sizeof(struct sockaddr_in);
- dstset = inet_aton("0.0.0.0", &dst.sin.sin_addr) != -1 ? 1 : 0;
+ dst->sin.sin_family = AF_INET;
+ dst->sin.sin_len = sizeof(struct sockaddr_in);
+ dstset = inet_aton("0.0.0.0", &dst->sin.sin_addr) != -1 ? 1 : 0;
continue;
}
@@ -742,8 +880,8 @@ main(int argc, char **argv)
else
sport = atoi(argv[i+1]);
- osrc.sin.sin_port = sport;
- osmask.sin.sin_port = 0xffff;
+ osrc->sin.sin_port = sport;
+ osmask->sin.sin_port = 0xffff;
i++;
continue;
}
@@ -766,8 +904,8 @@ main(int argc, char **argv)
else
dport = atoi(argv[i + 1]);
- odst.sin.sin_port = dport;
- odmask.sin.sin_port = 0xffff;
+ odst->sin.sin_port = dport;
+ odmask->sin.sin_port = 0xffff;
i++;
continue;
}
@@ -775,11 +913,35 @@ main(int argc, char **argv)
if (!strcmp(argv[i] + 1, "dst") && (i + 1 < argc) && !bypass)
{
sad2.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
- sad2.sadb_address_len = (sizeof(sad2) +
- sizeof(struct sockaddr_in)) / 8;
- dst.sin.sin_family = AF_INET;
- dst.sin.sin_len = sizeof(struct sockaddr_in);
- dstset = inet_aton(argv[i + 1], &dst.sin.sin_addr) != -1 ? 1 : 0;
+#ifdef INET6
+ if (strchr(argv[i + 1], ':'))
+ {
+ sad2.sadb_address_len = (sizeof(sad2) +
+ ROUNDUP(sizeof(struct sockaddr_in6)))
+ / 8;
+ dst->sin6.sin6_family = AF_INET6;
+ dst->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ dstset = inet_pton(AF_INET6, argv[i + 1],
+ &dst->sin6.sin6_addr) != -1 ? 1 : 0;
+ }
+ else
+#endif /* INET6 */
+ {
+ sad2.sadb_address_len = (sizeof(sad2) +
+ sizeof(struct sockaddr_in)) / 8;
+ dst->sin.sin_family = AF_INET;
+ dst->sin.sin_len = sizeof(struct sockaddr_in);
+ dstset = inet_pton(AF_INET, argv[i + 1],
+ &dst->sin.sin_addr) != -1 ? 1 : 0;
+ }
+
+ if (dstset == 0)
+ {
+ fprintf(stderr,
+ "%s: Warning: destination address %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
i++;
continue;
}
@@ -787,12 +949,36 @@ main(int argc, char **argv)
if (!strcmp(argv[i] + 1, "dst2") &&
(iscmd(mode, GRP_SPI) || iscmd(mode, BINDSA)) && (i + 1 < argc))
{
- sad8.sadb_address_len = (sizeof(sad8) +
- sizeof(struct sockaddr_in)) / 8;
sad8.sadb_address_exttype = SADB_X_EXT_DST2;
- dst2.sin.sin_family = AF_INET;
- dst2.sin.sin_len = sizeof(struct sockaddr_in);
- dst2set = inet_aton(argv[i + 1], &dst2.sin.sin_addr) != -1 ? 1 : 0;
+#ifdef INET6
+ if (strchr(argv[i + 1], ':'))
+ {
+ sad8.sadb_address_len = (sizeof(sad8) +
+ ROUNDUP(sizeof(struct sockaddr_in6)))
+ / 8;
+ dst2->sin6.sin6_family = AF_INET6;
+ dst2->sin6.sin6_len = sizeof(struct sockaddr_in6);
+ dst2set = inet_pton(AF_INET6, argv[i + 1],
+ &dst2->sin6.sin6_addr) != -1 ? 1 : 0;
+ }
+ else
+#endif /* INET6 */
+ {
+ sad8.sadb_address_len = (sizeof(sad8) +
+ sizeof(struct sockaddr_in)) / 8;
+ dst2->sin.sin_family = AF_INET;
+ dst2->sin.sin_len = sizeof(struct sockaddr_in);
+ dst2set = inet_pton(AF_INET, argv[i + 1],
+ &dst2->sin.sin_addr) != -1 ? 1 : 0;
+ }
+
+ if (dst2set == 0)
+ {
+ fprintf(stderr,
+ "%s: Warning: destination address2 %s is not valid\n",
+ argv[0], argv[i + 1]);
+ exit(1);
+ }
i++;
continue;
}
@@ -954,7 +1140,9 @@ main(int argc, char **argv)
exit(1);
}
- if (spi == SPI_RESERVED_MIN && !iscmd(mode, FLUSH) && !bypass)
+ if (spi == SPI_RESERVED_MIN && !iscmd(mode, FLUSH) && !bypass &&
+ (!iscmd(mode, FLOW) || (iscmd(mode, FLOW) &&
+ smsg.sadb_msg_type != SADB_X_DELFLOW)))
{
fprintf(stderr, "%s: no SPI specified\n", argv[0]);
exit(1);
@@ -992,7 +1180,9 @@ main(int argc, char **argv)
exit(1);
}
- if (!dstset && !iscmd(mode, FLUSH))
+ if (!dstset && !iscmd(mode, FLUSH) &&
+ (!iscmd(mode, FLOW) || (iscmd(mode, FLOW) &&
+ smsg.sadb_msg_type != SADB_X_DELFLOW)))
{
fprintf(stderr, "%s: no destination address for the SA specified\n",
argv[0]);
@@ -1006,7 +1196,7 @@ main(int argc, char **argv)
}
if (iscmd(mode, FLOW) && !bypass && (sprotocol.sadb_protocol_proto == 0) &&
- (odst.sin.sin_port || osrc.sin.sin_port))
+ (odst->sin.sin_port || osrc->sin.sin_port))
{
fprintf(stderr, "%s: no transport protocol supplied with source/destination ports\n", argv[0]);
exit(1);
@@ -1051,29 +1241,29 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad2;
iov[cnt++].iov_len = sizeof(sad2);
/* Destination address */
- iov[cnt].iov_base = &dst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = dst;
+ iov[cnt++].iov_len = ROUNDUP(dst->sa.sa_len);
smsg.sadb_msg_len += sad2.sadb_address_len;
- if (src.sin.sin_addr.s_addr)
+ if (src->sa.sa_len)
{
/* Source address header */
iov[cnt].iov_base = &sad1;
iov[cnt++].iov_len = sizeof(sad1);
/* Source address */
- iov[cnt].iov_base = &src;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = src;
+ iov[cnt++].iov_len = ROUNDUP(src->sa.sa_len);
smsg.sadb_msg_len += sad1.sadb_address_len;
}
- if (proxy.sin.sin_addr.s_addr)
+ if (proxy->sa.sa_len)
{
/* Proxy address header */
iov[cnt].iov_base = &sad3;
iov[cnt++].iov_len = sizeof(sad3);
/* Proxy address */
- iov[cnt].iov_base = &proxy;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = proxy;
+ iov[cnt++].iov_len = ROUNDUP(proxy->sa.sa_len);
smsg.sadb_msg_len += sad3.sadb_address_len;
}
@@ -1120,8 +1310,8 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad2;
iov[cnt++].iov_len = sizeof(sad2);
/* Destination address */
- iov[cnt].iov_base = &dst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = dst;
+ iov[cnt++].iov_len = ROUNDUP(dst->sa.sa_len);
smsg.sadb_msg_len += sad2.sadb_address_len;
/* SA header */
@@ -1133,8 +1323,8 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad8;
iov[cnt++].iov_len = sizeof(sad8);
/* Destination2 address */
- iov[cnt].iov_base = &dst2;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = dst2;
+ iov[cnt++].iov_len = ROUNDUP(dst2->sa.sa_len);
smsg.sadb_msg_len += sad8.sadb_address_len;
/* Protocol2 */
@@ -1153,8 +1343,8 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad2;
iov[cnt++].iov_len = sizeof(sad2);
/* Destination address */
- iov[cnt].iov_base = &dst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = dst;
+ iov[cnt++].iov_len = ROUNDUP(dst->sa.sa_len);
smsg.sadb_msg_len += sad2.sadb_address_len;
break;
@@ -1168,18 +1358,18 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad2;
iov[cnt++].iov_len = sizeof(sad2);
/* Destination address */
- iov[cnt].iov_base = &dst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = dst;
+ iov[cnt++].iov_len = ROUNDUP(dst->sa.sa_len);
smsg.sadb_msg_len += sad2.sadb_address_len;
- if (src.sin.sin_addr.s_addr)
+ if (src->sa.sa_len)
{
/* Source address header */
iov[cnt].iov_base = &sad1;
iov[cnt++].iov_len = sizeof(sad1);
/* Source address */
- iov[cnt].iov_base = &src;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = src;
+ iov[cnt++].iov_len = ROUNDUP(src->sa.sa_len);
smsg.sadb_msg_len += sad1.sadb_address_len;
}
break;
@@ -1191,8 +1381,8 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad2;
iov[cnt++].iov_len = sizeof(sad2);
/* Destination address */
- iov[cnt].iov_base = &dst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = dst;
+ iov[cnt++].iov_len = ROUNDUP(dst->sa.sa_len);
smsg.sadb_msg_len += sad2.sadb_address_len;
}
@@ -1213,32 +1403,32 @@ main(int argc, char **argv)
iov[cnt].iov_base = &sad4;
iov[cnt++].iov_len = sizeof(sad4);
/* Flow source addressaddress */
- iov[cnt].iov_base = &osrc;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = osrc;
+ iov[cnt++].iov_len = ROUNDUP(osrc->sa.sa_len);
smsg.sadb_msg_len += sad4.sadb_address_len;
/* Flow destination address header */
iov[cnt].iov_base = &sad5;
iov[cnt++].iov_len = sizeof(sad5);
/* Flow destination address */
- iov[cnt].iov_base = &odst;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = odst;
+ iov[cnt++].iov_len = ROUNDUP(odst->sa.sa_len);
smsg.sadb_msg_len += sad5.sadb_address_len;
/* Flow source address mask header */
iov[cnt].iov_base = &sad6;
iov[cnt++].iov_len = sizeof(sad6);
/* Flow source address mask */
- iov[cnt].iov_base = &osmask;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = osmask;
+ iov[cnt++].iov_len = ROUNDUP(osmask->sa.sa_len);
smsg.sadb_msg_len += sad6.sadb_address_len;
/* Flow destination address mask header */
iov[cnt].iov_base = &sad7;
iov[cnt++].iov_len = sizeof(sad7);
/* Flow destination address mask */
- iov[cnt].iov_base = &odmask;
- iov[cnt++].iov_len = sizeof(struct sockaddr_in);
+ iov[cnt].iov_base = odmask;
+ iov[cnt++].iov_len = ROUNDUP(odmask->sa.sa_len);
smsg.sadb_msg_len += sad7.sadb_address_len;
break;