2 * IPSEC interface configuration
3 * Copyright (C) 1996 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 char tncfg_c_version[] = "RCSID $Id: tncfg.c,v 1.28 2002/03/08 21:44:05 rgb Exp $";
22 #include <stdlib.h> /* system(), strtoul() */
23 #include <unistd.h> /* getuid() */
24 #include <linux/types.h>
25 #include <sys/ioctl.h> /* ioctl() */
28 #ifdef NET_21 /* from freeswan.h */
29 #include <linux/sockios.h>
30 #include <sys/socket.h>
31 #endif /* NET_21 */ /* from freeswan.h */
38 #include <sys/types.h>
41 #include "ipsec_tunnel.h"
46 fprintf(stdout,"%s --attach --virtual <virtual-device> --physical <physical-device>\n",
48 fprintf(stdout,"%s --detach --virtual <virtual-device>\n",
50 fprintf(stdout,"%s --clear\n",
52 fprintf(stdout,"%s --help\n",
54 fprintf(stdout,"%s --version\n",
56 fprintf(stdout,"%s\n",
58 fprintf(stdout, " [ --debug ] is optional to any %s command.\n", name);
59 fprintf(stdout, " [ --label <label> ] is optional to any %s command.\n", name);
63 static struct option const longopts[] =
65 {"virtual", 1, 0, 'V'},
66 {"physical", 1, 0, 'P'},
67 {"attach", 0, 0, 'a'},
68 {"detach", 0, 0, 'd'},
71 {"version", 0, 0, 'v'},
73 {"optionsfrom", 1, 0, '+'},
79 main(int argc, char *argv[])
82 struct ipsectunnelconf *shc=(struct ipsectunnelconf *)&ifr.ifr_data;
88 char me[] = "ipsec tncfg";
90 memset(&ifr, 0, sizeof(ifr));
91 program_name = argv[0];
93 while((c = getopt_long_only(argc, argv, ""/*"adchvV:P:l:+:"*/, longopts, 0)) != EOF) {
101 fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n", program_name);
104 shc->cf_cmd = IPSEC_SET_DEV;
108 fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n", program_name);
111 shc->cf_cmd = IPSEC_DEL_DEV;
115 fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n", program_name);
118 shc->cf_cmd = IPSEC_CLR_DEV;
125 fprintf(stderr, "%s: warning; '-v' and '--version' options don't expect arguments, arg '%s' found, perhaps unintended.\n",
126 program_name, optarg);
128 fprintf(stdout, "%s %s\n", me, ipsec_version_code());
129 fprintf(stdout, "See `ipsec --copyright' for copyright information.\n");
133 strcpy(ifr.ifr_name, optarg);
136 strcpy(shc->cf_name, optarg);
139 program_name = malloc(strlen(argv[0])
140 + 10 /* update this when changing the sprintf() */
142 sprintf(program_name, "%s --label %s",
147 case '+': /* optionsfrom */
148 optionsfrom(optarg, &argc, &argv, optind, stderr);
149 /* no return on error */
159 system("cat /proc/net/ipsec_tncfg");
163 switch(shc->cf_cmd) {
166 fprintf(stderr, "%s: physical I/F parameter missing.\n",
172 fprintf(stderr, "%s: virtual I/F parameter missing.\n",
178 strcpy(ifr.ifr_name, "ipsec0");
181 fprintf(stderr, "%s: exactly one of '--attach', '--detach' or '--clear' options must be specified.\n"
182 "Try %s --help' for usage information.\n",
183 program_name, program_name);
187 s=socket(AF_INET, SOCK_DGRAM,0);
190 fprintf(stderr, "%s: Socket creation failed -- ", program_name);
195 fprintf(stderr, "Root denied permission!?!\n");
197 fprintf(stderr, "Run as root user.\n");
199 case EPROTONOSUPPORT:
200 fprintf(stderr, "Internet Protocol not enabled");
205 fprintf(stderr, "Insufficient system resources.\n");
208 fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n");
211 fprintf(stderr, "Unknown socket error %d.\n", errno);
215 if(ioctl(s, shc->cf_cmd, &ifr)==-1)
217 if(shc->cf_cmd == IPSEC_SET_DEV) {
218 fprintf(stderr, "%s: Socket ioctl failed on attach -- ", program_name);
222 fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
225 fprintf(stderr, "No such device. Is the virtual device valid? Is the ipsec module linked into the kernel or loaded as a module?\n");
228 fprintf(stderr, "No such device. Is the physical device valid?\n");
231 fprintf(stderr, "Device busy. Virtual device %s is already attached to a physical device -- Use detach first.\n",
235 fprintf(stderr, "Unknown socket error %d.\n", errno);
239 if(shc->cf_cmd == IPSEC_DEL_DEV) {
240 fprintf(stderr, "%s: Socket ioctl failed on detach -- ", program_name);
244 fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
247 fprintf(stderr, "No such device. Is the virtual device valid? The ipsec module may not be linked into the kernel or loaded as a module.\n");
250 fprintf(stderr, "Device requested is not linked to any physical device.\n");
253 fprintf(stderr, "Unknown socket error %d.\n", errno);
257 if(shc->cf_cmd == IPSEC_CLR_DEV) {
258 fprintf(stderr, "%s: Socket ioctl failed on clear -- ", program_name);
262 fprintf(stderr, "Invalid argument, check kernel log messages for specifics.\n");
265 fprintf(stderr, "Failed. Is the ipsec module linked into the kernel or loaded as a module?.\n");
268 fprintf(stderr, "Unknown socket error %d.\n", errno);
278 * Revision 1.28 2002/03/08 21:44:05 rgb
279 * Update for all GNU-compliant --version strings.
281 * Revision 1.27 2001/06/14 19:35:15 rgb
282 * Update copyright date.
284 * Revision 1.26 2001/05/21 02:02:55 rgb
285 * Eliminate 1-letter options.
287 * Revision 1.25 2001/05/16 05:07:20 rgb
288 * Fixed --label option in KLIPS manual utils to add the label to the
289 * command name rather than replace it in error text.
290 * Fix 'print table' non-option in KLIPS manual utils to deal with --label
291 * and --debug options.
293 * Revision 1.24 2000/09/12 13:09:05 rgb
294 * Fixed real/physical discrepancy between tncfg.8 and tncfg.c.
296 * Revision 1.23 2000/08/27 01:48:30 rgb
299 * Revision 1.22 2000/07/26 03:41:46 rgb
300 * Changed all printf's to fprintf's. Fixed tncfg's usage to stderr.
302 * Revision 1.21 2000/06/21 16:51:27 rgb
303 * Added no additional argument option to usage text.
305 * Revision 1.20 2000/01/21 06:26:31 rgb
306 * Added --debug switch to command line.
308 * Revision 1.19 1999/12/08 20:32:41 rgb
309 * Cleaned out unused cruft.
310 * Changed include file, limiting scope, to avoid conflicts in 2.0.xx
313 * Revision 1.18 1999/12/07 18:27:10 rgb
314 * Added headers to silence fussy compilers.
315 * Converted local functions to static to limit scope.
317 * Revision 1.17 1999/11/18 04:09:21 rgb
318 * Replaced all kernel version macros to shorter, readable form.
320 * Revision 1.16 1999/05/25 01:45:36 rgb
321 * Fix version macros for 2.0.x as a module.
323 * Revision 1.15 1999/05/05 22:02:34 rgb
324 * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
326 * Revision 1.14 1999/04/15 15:37:28 rgb
327 * Forward check changes from POST1_00 branch.
329 * Revision 1.10.6.2 1999/04/13 20:58:10 rgb
330 * Add argc==1 --> /proc/net/ipsec_*.
332 * Revision 1.10.6.1 1999/03/30 17:01:36 rgb
333 * Make main() return type explicit.
335 * Revision 1.13 1999/04/11 00:12:09 henry
338 * Revision 1.12 1999/04/06 04:54:39 rgb
339 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
342 * Revision 1.11 1999/03/17 15:40:54 rgb
343 * Make explicit main() return type of int.
345 * Revision 1.10 1998/11/12 21:08:04 rgb
346 * Add --label option to identify caller from scripts.
348 * Revision 1.9 1998/10/09 18:47:30 rgb
349 * Add 'optionfrom' to get more options from a named file.
351 * Revision 1.8 1998/10/09 04:36:55 rgb
352 * Changed help output from stderr to stdout.
353 * Deleted old commented out cruft.
355 * Revision 1.7 1998/08/28 03:15:14 rgb
356 * Add some manual long options to the usage text.
358 * Revision 1.6 1998/08/05 22:29:00 rgb
359 * Change includes to accomodate RH5.x.
360 * Force long option names.
361 * Add ENXIO error return code to narrow down error reporting.
363 * Revision 1.5 1998/07/29 21:45:28 rgb
364 * Convert to long option names.
366 * Revision 1.4 1998/07/09 18:14:11 rgb
367 * Added error checking to IP's and keys.
368 * Made most error messages more specific rather than spamming usage text.
369 * Added more descriptive kernel error return codes and messages.
370 * Converted all spi translations to unsigned.
371 * Removed all invocations of perror.
373 * Revision 1.3 1998/05/27 18:48:20 rgb
374 * Adding --help and --version directives.
376 * Revision 1.2 1998/04/23 21:11:39 rgb
377 * Fixed 0 argument usage case to prevent sigsegv.
379 * Revision 1.1.1.1 1998/04/08 05:35:09 henry
380 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
382 * Revision 0.5 1997/06/03 04:31:55 ji