1 #include <net-snmp/net-snmp-config.h>
20 #include <sys/socket.h>
23 #include <netinet/in.h>
26 #include <arpa/inet.h>
39 #include <net-snmp/types.h>
40 #include <net-snmp/output_api.h>
41 #include <net-snmp/config_api.h>
43 #include <net-snmp/library/snmp_transport.h>
44 #include <net-snmp/library/snmpUDPIPv6Domain.h>
46 oid netsnmp_UDPIPv6Domain[10] = { ENTERPRISE_MIB, 3, 3, 4 };
47 static netsnmp_tdomain udp6Domain;
50 * Return a string representing the address in data, or else the "far end"
51 * address if data is NULL.
55 netsnmp_udp6_fmtaddr(netsnmp_transport *t, void *data, int len)
57 struct sockaddr_in6 *to = NULL;
59 DEBUGMSGTL(("netsnmp_udp6", "fmtaddr: t = %p, data = %p, len = %d\n", t,
61 if (data != NULL && len == sizeof(struct sockaddr_in6)) {
62 to = (struct sockaddr_in6 *) data;
63 } else if (t != NULL && t->data != NULL) {
64 to = (struct sockaddr_in6 *) t->data;
67 return strdup("UDP/IPv6: unknown");
69 char addr[INET6_ADDRSTRLEN];
70 char tmp[INET6_ADDRSTRLEN + 8];
72 sprintf(tmp, "[%s]:%hd",
73 inet_ntop(AF_INET6, (void *) &(to->sin6_addr), addr,
74 INET6_ADDRSTRLEN), ntohs(to->sin6_port));
82 * You can write something into opaque that will subsequently get passed back
83 * to your send function if you like. For instance, you might want to
84 * remember where a PDU came from, so that you can send a reply there...
88 netsnmp_udp6_recv(netsnmp_transport *t, void *buf, int size,
89 void **opaque, int *olength)
92 socklen_t fromlen = sizeof(struct sockaddr_in6);
93 struct sockaddr *from;
95 if (t != NULL && t->sock >= 0) {
96 from = (struct sockaddr *) malloc(sizeof(struct sockaddr_in6));
102 memset(from, 0, fromlen);
106 rc = recvfrom(t->sock, buf, size, 0, from, &fromlen);
107 if (rc < 0 && errno != EINTR) {
113 char *string = netsnmp_udp6_fmtaddr(NULL, from, fromlen);
114 DEBUGMSGTL(("netsnmp_udp6",
115 "recvfrom fd %d got %d bytes (from %s)\n", t->sock,
119 DEBUGMSGTL(("netsnmp_udp6", "recvfrom fd %d err %d (\"%s\")\n",
120 t->sock, errno, strerror(errno)));
122 *opaque = (void *) from;
123 *olength = sizeof(struct sockaddr_in6);
131 netsnmp_udp6_send(netsnmp_transport *t, void *buf, int size,
132 void **opaque, int *olength)
135 struct sockaddr *to = NULL;
137 if (opaque != NULL && *opaque != NULL &&
138 *olength == sizeof(struct sockaddr_in6)) {
139 to = (struct sockaddr *) (*opaque);
140 } else if (t != NULL && t->data != NULL &&
141 t->data_length == sizeof(struct sockaddr_in6)) {
142 to = (struct sockaddr *) (t->data);
145 if (to != NULL && t != NULL && t->sock >= 0) {
146 char *string = netsnmp_udp6_fmtaddr(NULL, (void *)to,
147 sizeof(struct sockaddr_in6));
148 DEBUGMSGTL(("netsnmp_udp6", "send %d bytes from %p to %s on fd %d\n",
149 size, buf, string, t->sock));
152 rc = sendto(t->sock, buf, size, 0, to,sizeof(struct sockaddr_in6));
153 if (rc < 0 && errno != EINTR) {
164 netsnmp_udp6_close(netsnmp_transport *t)
167 if (t != NULL && t->sock >= 0) {
168 DEBUGMSGTL(("netsnmp_udp6", "close fd %d\n", t->sock));
169 #ifndef HAVE_CLOSESOCKET
172 rc = closesocket(t->sock);
182 * Open a UDP/IPv6-based transport for SNMP. Local is TRUE if addr is the
183 * local address to bind to (i.e. this is a server-type session); otherwise
184 * addr is the remote address to send things to.
188 netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local)
190 netsnmp_transport *t = NULL;
191 int rc = 0, udpbuf = (1 << 17);
194 if (addr == NULL || addr->sin6_family != AF_INET6) {
198 t = (netsnmp_transport *) malloc(sizeof(netsnmp_transport));
203 string = netsnmp_udp6_fmtaddr(NULL, (void *) addr,
204 sizeof(struct sockaddr_in6));
205 DEBUGMSGTL(("netsnmp_udp6", "open %s %s\n", local ? "local" : "remote",
209 memset(t, 0, sizeof(netsnmp_transport));
211 t->domain = netsnmp_UDPIPv6Domain;
213 sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]);
215 t->sock = socket(PF_INET6, SOCK_DGRAM, 0);
217 netsnmp_transport_free(t);
222 * Patch for Linux. Without this, UDP packets that fail get an ICMP
223 * response. Linux turns the failed ICMP response into an error message
224 * and return value, unlike all other OS's.
228 setsockopt(t->sock, SOL_SOCKET, SO_BSDCOMPAT, &one, sizeof(one));
230 #endif /*SO_BSDCOMPAT */
233 * Try to set the send and receive buffers to a reasonably large value, so
234 * that we can send and receive big PDUs (defaults to 8192 bytes (!) on
235 * Solaris, for instance). Don't worry too much about errors -- just
236 * plough on regardless.
240 if (setsockopt(t->sock, SOL_SOCKET, SO_SNDBUF, &udpbuf, sizeof(int)) != 0){
241 DEBUGMSGTL(("netsnmp_udp6", "couldn't set SO_SNDBUF to %d bytes: %s\n",
242 udpbuf, strerror(errno)));
244 #endif /*SO_SNDBUF */
247 if (setsockopt(t->sock, SOL_SOCKET, SO_RCVBUF, &udpbuf, sizeof(int)) != 0){
248 DEBUGMSGTL(("netsnmp_udp6", "couldn't set SO_RCVBUF to %d bytes: %s\n",
249 udpbuf, strerror(errno)));
251 #endif /*SO_RCVBUF */
255 * This session is inteneded as a server, so we must bind on to the
256 * given IP address, which may include an interface address, or could
257 * be INADDR_ANY, but certainly includes a port number.
261 /* Try to restrict PF_INET6 socket to IPv6 communications only. */
264 if (setsockopt(t->sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&one, sizeof(one)) != 0) {
265 DEBUGMSGTL(("netsnmp_udp6", "couldn't set IPV6_V6ONLY to %d bytes: %s\n", one, strerror(errno)));
270 rc = bind(t->sock, (struct sockaddr *) addr,
271 sizeof(struct sockaddr_in6));
273 netsnmp_udp6_close(t);
274 netsnmp_transport_free(t);
277 t->local = malloc(18);
278 if (t->local == NULL) {
279 netsnmp_udp6_close(t);
280 netsnmp_transport_free(t);
282 memcpy(t->local, addr->sin6_addr.s6_addr, 16);
283 t->local[16] = (addr->sin6_port & 0xff00) >> 8;
284 t->local[17] = (addr->sin6_port & 0x00ff) >> 0;
285 t->local_length = 18;
290 * This is a client session. Save the address in the
291 * transport-specific data pointer for later use by netsnmp_udp6_send.
294 t->data = malloc(sizeof(struct sockaddr_in6));
295 if (t->data == NULL) {
296 netsnmp_transport_free(t);
299 memcpy(t->data, addr, sizeof(struct sockaddr_in6));
300 t->data_length = sizeof(struct sockaddr_in6);
301 t->remote = malloc(18);
302 if (t->remote == NULL) {
303 netsnmp_udp6_close(t);
304 netsnmp_transport_free(t);
307 memcpy(t->remote, addr->sin6_addr.s6_addr, 16);
308 t->remote[16] = (addr->sin6_port & 0xff00) >> 8;
309 t->remote[17] = (addr->sin6_port & 0x00ff) >> 0;
310 t->remote_length = 18;
314 * 16-bit length field, 8 byte UDP header, 40 byte IPv6 header.
317 t->msgMaxSize = 0xffff - 8 - 40;
318 t->f_recv = netsnmp_udp6_recv;
319 t->f_send = netsnmp_udp6_send;
320 t->f_close = netsnmp_udp6_close;
322 t->f_fmtaddr = netsnmp_udp6_fmtaddr;
330 netsnmp_sockaddr_in6(struct sockaddr_in6 *addr,
331 const char *inpeername, int remote_port)
333 char *cp = NULL, *peername = NULL;
334 char debug_addr[INET6_ADDRSTRLEN];
336 struct addrinfo *addrs = NULL;
337 struct addrinfo hint;
339 #elif HAVE_GETIPNODEBYNAME
340 struct hostent *hp = NULL;
342 #elif HAVE_GETHOSTBYNAME
343 struct hostent *hp = NULL;
350 DEBUGMSGTL(("netsnmp_sockaddr_in6", "addr %p, peername \"%s\"\n",
351 addr, inpeername ? inpeername : "[NIL]"));
353 memset(addr, 0, sizeof(struct sockaddr_in6));
354 addr->sin6_family = AF_INET6;
355 addr->sin6_addr = in6addr_any;
357 if (remote_port > 0) {
358 addr->sin6_port = htons(remote_port);
359 } else if (netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
360 NETSNMP_DS_LIB_DEFAULT_PORT) > 0) {
361 addr->sin6_port = htons(netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID,
362 NETSNMP_DS_LIB_DEFAULT_PORT));
364 addr->sin6_port = htons(SNMP_PORT);
367 if (inpeername != NULL) {
369 * Duplicate the peername because we might want to mank around with
373 peername = strdup(inpeername);
374 if (peername == NULL) {
378 for (cp = peername; *cp && isdigit((int) *cp); cp++);
379 if (!*cp && atoi(peername) != 0) {
381 * Okay, it looks like JUST a port number.
383 DEBUGMSGTL(("netsnmp_sockaddr_in6", "totally numeric: %d\n",
385 addr->sin6_port = htons(atoi(peername));
390 * See if it is an IPv6 address, which covered with square brankets
391 * with an appended :port.
393 if (*peername == '[') {
394 cp = strchr(peername, ']');
397 * See if it is an IPv6 link-local address with interface
398 * name as <zone_id>, like fe80::1234%eth0.
399 * Please refer to the internet draft, IPv6 Scoped Address Architecture
400 * http://www.ietf.org/internet-drafts/draft-ietf-ipngwg-scoping-arch-04.txt
404 unsigned int if_index = 0;
406 scope_id = strchr(peername + 1, '%');
407 if (scope_id != NULL) {
409 if_index = if_nametoindex(scope_id + 1);
411 if (*(cp + 1) == ':') {
412 if (atoi(cp + 2) != 0 &&
413 inet_pton(AF_INET6, peername + 1,
414 (void *) &(addr->sin6_addr))) {
415 DEBUGMSGTL(("netsnmp_sockaddr_in6",
416 "IPv6 address with port suffix :%d\n",
418 addr->sin6_port = htons(atoi(cp + 2));
419 addr->sin6_scope_id = if_index;
424 (AF_INET6, peername + 1,
425 (void *) &(addr->sin6_addr))) {
426 DEBUGMSGTL(("netsnmp_sockaddr_in6",
427 "IPv6 address with square brankets\n"));
428 addr->sin6_port = htons(SNMP_PORT);
429 addr->sin6_scope_id = if_index;
433 if (scope_id != NULL) {
440 cp = strrchr(peername, ':');
443 unsigned int if_index = 0;
445 scope_id = strchr(peername + 1, '%');
446 if (scope_id != NULL) {
448 if_index = if_nametoindex(scope_id + 1);
450 if (atoi(cp + 1) != 0 &&
451 inet_pton(AF_INET6, peername,
452 (void *) &(addr->sin6_addr))) {
453 DEBUGMSGTL(("netsnmp_sockaddr_in6",
454 "IPv6 address with port suffix :%d\n",
456 addr->sin6_port = htons(atoi(cp + 1));
457 addr->sin6_scope_id = if_index;
460 if (scope_id != NULL) {
467 * See if it is JUST an IPv6 address.
469 if (inet_pton(AF_INET6, peername, (void *) &(addr->sin6_addr))) {
470 DEBUGMSGTL(("netsnmp_sockaddr_in6", "just IPv6 address\n"));
475 * Well, it must be a hostname then, possibly with an appended :port.
476 * Sort that out first.
479 cp = strrchr(peername, ':');
482 if (atoi(cp + 1) != 0) {
483 DEBUGMSGTL(("netsnmp_sockaddr_in6",
484 "hostname(?) with port suffix :%d\n",
486 addr->sin6_port = htons(atoi(cp + 1));
489 * No idea, looks bogus but we might as well pass the full thing to
490 * the name resolver below.
493 DEBUGMSGTL(("netsnmp_sockaddr_in6",
494 "hostname(?) with embedded ':'?\n"));
501 memset(&hint, 0, sizeof hint);
503 hint.ai_family = PF_INET6;
504 hint.ai_socktype = SOCK_DGRAM;
505 hint.ai_protocol = 0;
507 err = getaddrinfo(peername, NULL, &hint, &addrs);
509 snmp_log(LOG_ERR, "getaddrinfo: %s %s\n", peername,
514 DEBUGMSGTL(("netsnmp_sockaddr_in6", "hostname (resolved okay)\n"));
515 memcpy(&addr->sin6_addr,
516 &((struct sockaddr_in6 *) addrs->ai_addr)->sin6_addr,
517 sizeof(struct in6_addr));
518 #elif HAVE_GETIPNODEBYNAME
519 hp = getipnodebyname(peername, AF_INET6, 0, &err);
521 DEBUGMSGTL(("netsnmp_sockaddr_in6",
522 "hostname (couldn't resolve = %d)\n", err));
526 DEBUGMSGTL(("netsnmp_sockaddr_in6", "hostname (resolved okay)\n"));
527 memcpy(&(addr->sin6_addr), hp->h_addr, hp->h_length);
528 #elif HAVE_GETHOSTBYNAME
529 hp = gethostbyname(peername);
531 DEBUGMSGTL(("netsnmp_sockaddr_in6",
532 "hostname (couldn't resolve)\n"));
536 if (hp->h_addrtype != AF_INET6) {
537 DEBUGMSGTL(("netsnmp_sockaddr_in6",
538 "hostname (not AF_INET6!)\n"));
542 DEBUGMSGTL(("netsnmp_sockaddr_in6",
543 "hostname (resolved okay)\n"));
544 memcpy(&(addr->sin6_addr), hp->h_addr, hp->h_length);
547 #else /*HAVE_GETHOSTBYNAME */
549 * There is no name resolving function available.
552 "no getaddrinfo()/getipnodebyname()/gethostbyname()\n");
555 #endif /*HAVE_GETHOSTBYNAME */
557 DEBUGMSGTL(("netsnmp_sockaddr_in6", "NULL peername"));
562 DEBUGMSGTL(("netsnmp_sockaddr_in6", "return { AF_INET6, [%s]:%hu }\n",
563 inet_ntop(AF_INET6, &addr->sin6_addr, debug_addr,
564 sizeof(debug_addr)), ntohs(addr->sin6_port)));
572 * inet_make_mask_addr( int pf, void *dst, int masklength )
573 * convert from bit length specified masklength to network format,
574 * which fills 1 from until specified bit length.
575 * dst is usally the structer of sockaddr_in or sockaddr_in6.
576 * makelength must be an interger from 0 to 32 if pf is PF_INET,
577 * or from 0 to 128 if pf is PF_INET6.
579 * 0 if the input data, masklength was valid for
580 * the specified protocol family.
581 * -1 if the the input data wasn't valid.
585 inet_make_mask_addr(int pf, void *dst, int masklength)
588 unsigned long Mask = 0;
589 int maskBit = 0x80000000L;
590 unsigned char mask = 0;
591 unsigned char maskbit = 0x80L;
597 if (masklength < 0 || masklength > 32)
600 ((struct in_addr *) dst)->s_addr = 0;
602 while (masklength--) {
606 ((struct in_addr *) dst)->s_addr = htonl(Mask);
610 if (masklength < 0 || masklength > 128)
614 for (i = 0; i < 16; i++) {
615 (*(uint8_t *) (&((struct in6_addr *) dst)->s6_addr[i])) = 0x00;
618 j = (int) masklength / 8;
621 for (i = 0; i < j; i++) {
622 (*(uint8_t *) (&((struct in6_addr *) dst)->s6_addr[i])) = 0xff;
628 (*(uint8_t *) (&((struct in6_addr *) dst)->s6_addr[j])) = mask;
631 return -1; /* unsupported protocol family */
638 * inet_addr_complement( int pf, void *src, void *dst )
639 * convert from src to dst, which all bits
640 * are bit-compliment of src.
641 * Src, dst are ususally sockaddr_in or sockaddr_in6.
643 * 0 if the input data src and dst have the same size
644 * -1 if the the input data wasn't valid.
648 inet_addr_complement(int pf, void *src, void *dst)
653 if (sizeof(src) != sizeof(dst))
658 ((struct in_addr *) dst)->s_addr =
659 ~((struct in_addr *) src)->s_addr;
662 for (i = 0; i < 16; i++) {
663 (*(uint8_t *) (&((struct in6_addr *) dst)->s6_addr[i])) =
664 (~(*(uint8_t *) (&((struct in6_addr *) src)->s6_addr[i])))
676 * inet_addr_and( int pf, void *src1, void *src2, void *dst)
677 * take AND operation on src1 and src2, and output the result to dst.
678 * Src1, src2, and dst are ususally sockaddr_in or sockaddr_in6.
680 * 0 if the input data src and dst have the same size
681 * -1 if the the input data are not the same size
685 inet_addr_and(int pf, void *src1, void *src2, void *dst)
689 if (sizeof(src1) != sizeof(src2) || sizeof(src2) != sizeof(dst))
694 ((struct in_addr *) dst)->s_addr =
695 ((struct in_addr *) src1)->s_addr & ((struct in_addr *) src2)->
700 for (i = 0; i < 16; i++) {
701 (*(uint8_t *) (&((struct in6_addr *) dst)->s6_addr[i])) =
702 (*(uint8_t *) (&((struct in6_addr *) src1)->s6_addr[i])) &
703 (*(uint8_t *) (&((struct in6_addr *) src2)->s6_addr[i]));
715 * inet_addrs_consistence (int pf, void *net, void *mask )
716 * This function checks if the network address net is consistent
717 * with the netmask address, mask.
718 * Net and mask are ususally sockaddr_in or sockaddr_in6.
720 * Must spefiey protocol family in pf.
722 * 0 if there is no consistence with address "net" and "mask".
723 * -1 if network address is inconsistent with netmask address, for
724 * instance, network address is 192.168.0.128 in spite of netmask,
725 * which is 255.255.255.0.
726 * The case that the size of net and mask are different also returns -1.
730 inet_addrs_consistence(int pf, void *net, void *mask)
732 struct sockaddr_in *tmp, *dst;
733 struct sockaddr_in6 *tmp6, *dst6;
738 tmp = (struct sockaddr_in *) malloc(sizeof(struct sockaddr_in));
739 memset(tmp, 0, sizeof(*tmp));
740 tmp->sin_family = PF_INET;
741 if (inet_addr_complement
742 (PF_INET, (struct in_addr *) mask, &tmp->sin_addr) != 0) {
743 config_perror("Fail in function of inet_addr_complement()");
747 dst = (struct sockaddr_in *) malloc(sizeof(struct sockaddr_in));
748 memset(dst, 0, sizeof(*dst));
749 dst->sin_family = PF_INET;
751 (PF_INET, (struct in_addr *) net, &tmp->sin_addr,
752 &dst->sin_addr) != 0) {
753 config_perror("Fail in function of inet_addr_and()");
758 ret = ((dst->sin_addr.s_addr == INADDR_ANY) ? 0 : -1);
763 tmp6 = (struct sockaddr_in6 *) malloc(sizeof(struct sockaddr_in6));
764 memset(tmp6, 0, sizeof(*tmp6));
765 tmp6->sin6_family = PF_INET6;
766 if (inet_addr_complement
767 (PF_INET6, (struct in6_addr *) mask, &tmp6->sin6_addr) != 0) {
768 config_perror("Fail in function of inet_addr_complement()");
772 dst6 = (struct sockaddr_in6 *) malloc(sizeof(struct sockaddr_in6));
773 memset(dst6, 0, sizeof(*dst6));
774 dst6->sin6_family = PF_INET6;
776 (PF_INET6, (struct in6_addr *) net, &tmp6->sin6_addr,
778 config_perror("Fail in function of inet_addr_and()");
783 ret = (IN6_IS_ADDR_UNSPECIFIED(&dst6->sin6_addr) == 1 ? 0 : -1);
795 * masked_address_are_equal (pf, from, mask, network)
796 * This function takes AND operation on address "from" and "mask",
797 * and check the result is equal to address "network".
798 * From, net and mask are ususally sockaddr_in or sockaddr_in6.
800 * Must spefiey protocol family in pf.
802 * 0 if address "from" masked by address "mask" is eqaul to
804 * -1 if address "from" masked by address "mask" isn't eqaul to
805 * address "network". For instance, address "from" is
806 * 192.168.0.129 and "mask" is 255.255.255.128. Then, masked
807 * address is 192.168.0.128. If address "network" is 192.168.0.128,
808 * return 0, otherwise -1.
809 * Also retunn -1 if each address family of from, mask, network
814 masked_address_are_equal(int af, struct sockaddr_storage *from,
815 struct sockaddr_storage *mask,
816 struct sockaddr_storage *network)
819 struct sockaddr_storage ss;
820 memset(&ss, 0, sizeof(ss));
824 if (mask->ss_family != PF_INET || network->ss_family != PF_INET) {
827 ss.ss_family = PF_INET;
828 inet_addr_and(PF_INET,
829 &((struct sockaddr_in *) from)->sin_addr,
830 &((struct sockaddr_in *) mask)->sin_addr,
831 &((struct sockaddr_in *) &ss)->sin_addr);
832 if (((struct sockaddr_in *) &ss)->sin_addr.s_addr ==
833 ((struct sockaddr_in *) network)->sin_addr.s_addr) {
840 if (mask->ss_family != PF_INET6 || network->ss_family != PF_INET6) {
843 ss.ss_family = PF_INET6;
844 inet_addr_and(PF_INET6,
845 &((struct sockaddr_in6 *) from)->sin6_addr,
846 &((struct sockaddr_in6 *) mask)->sin6_addr,
847 &((struct sockaddr_in6 *) &ss)->sin6_addr);
848 if (IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *) &ss)->sin6_addr,
849 &((struct sockaddr_in6 *) network)->
862 * The following functions provide the "com2sec6" configuration token
863 * functionality for compatibility.
866 #define EXAMPLE_NETWORK "NETWORK"
867 #define EXAMPLE_COMMUNITY "COMMUNITY"
869 typedef struct _com2Sec6Entry {
870 char community[VACMSTRINGLEN];
871 struct sockaddr_in6 network;
872 struct sockaddr_in6 mask;
873 char secName[VACMSTRINGLEN];
874 struct _com2Sec6Entry *next;
877 com2Sec6Entry *com2Sec6List = NULL, *com2Sec6ListLast = NULL;
881 memmove_com2Sec6Entry(com2Sec6Entry * c,
884 struct sockaddr_in6 net, struct sockaddr_in6 mask)
886 snprintf(c->secName, strlen(secName) + 1, "%s", secName);
887 snprintf(c->community, strlen(community) + 1, "%s", community);
888 memmove(&c->network, &net, sizeof(net));
889 memmove(&c->mask, &mask, sizeof(mask));
895 netsnmp_udp6_parse_security(const char *token, char *param)
897 char *secName = NULL, *community = NULL, *source = NULL;
898 char *cp = NULL, *strnetwork = NULL, *strmask = NULL;
899 com2Sec6Entry *e = NULL;
900 struct sockaddr_in6 net, mask;
901 struct sockaddr_in tmp;
903 memset(&net, 0, sizeof(net));
904 memset(&mask, 0, sizeof(mask));
905 memset(&tmp, 0, sizeof(tmp));
906 net.sin6_family = AF_INET6;
907 mask.sin6_family = AF_INET6;
908 tmp.sin_family = AF_INET;
912 * Get security, source address/netmask and community strings.
914 secName = strtok(param, "\t\n ");
915 if (secName == NULL) {
916 config_perror("missing NAME parameter");
918 } else if (strlen(secName) > (VACMSTRINGLEN - 1)) {
919 config_perror("security name too long");
922 source = strtok(NULL, "\t\n ");
923 if (source == NULL) {
924 config_perror("missing SOURCE parameter");
926 } else if (strncmp(source, EXAMPLE_NETWORK, strlen(EXAMPLE_NETWORK)) ==
928 config_perror("example config NETWORK not properly configured");
931 community = strtok(NULL, "\t\n ");
932 if (community == NULL) {
933 config_perror("missing COMMUNITY parameter\n");
937 (community, EXAMPLE_COMMUNITY, strlen(EXAMPLE_COMMUNITY))
939 config_perror("example config COMMUNITY not properly configured");
941 } else if (strlen(community) > (VACMSTRINGLEN - 1)) {
942 config_perror("community name too long");
947 * Process the source address/netmask string.
949 cp = strchr(source, '/');
959 * Deal with the network part first.
961 if ((strcmp(source, "default") == 0) || (strcmp(source, "::") == 0)) {
962 strnetwork = strdup("0::0");
963 strmask = strdup("0::0");
965 inet_pton(AF_INET6, strnetwork, &net.sin6_addr);
966 inet_pton(AF_INET6, strmask, &mask.sin6_addr);
968 e = (com2Sec6Entry *) malloc(sizeof(com2Sec6Entry));
970 config_perror("memory error");
974 * Everything is okay. Copy the parameters to the structure allocated
975 * above and add it to END of the list.
977 if (strmask != NULL && strnetwork != NULL) {
978 DEBUGMSGTL(("netsnmp_udp6_parse_security",
979 "<\"%s\", %s/%s> => \"%s\"\n", community,
980 strnetwork, strmask, secName));
984 DEBUGMSGTL(("netsnmp_udp6_parse_security",
985 "Couldn't allocate enough memory\n"));
987 memmove_com2Sec6Entry(e, secName, community, net, mask);
988 if (com2Sec6ListLast != NULL) {
989 com2Sec6ListLast->next = e;
990 com2Sec6ListLast = e;
992 com2Sec6ListLast = com2Sec6List = e;
997 * Try interpreting as IPv6 address.
999 if (inet_pton(AF_INET6, source, &net.sin6_addr) == 1) {
1000 if (strmask == NULL || *strmask == '\0') {
1001 inet_make_mask_addr(PF_INET6, &mask.sin6_addr, 128);
1003 if (strchr(strmask, ':')) {
1004 if (inet_pton(PF_INET6, strmask, &net.sin6_addr) != 1) {
1005 config_perror("bad mask");
1009 if (inet_make_mask_addr
1010 (PF_INET6, &mask.sin6_addr, atoi(strmask)) != 0) {
1011 config_perror("bad mask");
1018 * Check that the network and mask are consistent.
1020 if (inet_addrs_consistence
1021 (PF_INET6, &net.sin6_addr, &mask.sin6_addr) != 0) {
1022 config_perror("source/mask mismatch");
1026 e = (com2Sec6Entry *) malloc(sizeof(com2Sec6Entry));
1028 config_perror("memory error");
1033 * Everything is okay. Copy the parameters to the structure allocated
1034 * above and add it to END of the list.
1036 if (strmask != NULL && strnetwork != NULL) {
1037 DEBUGMSGTL(("netsnmp_udp6_parse_security",
1038 "<\"%s\", %s/%s> => \"%s\"\n", community,
1039 strnetwork, strmask, secName));
1043 DEBUGMSGTL(("netsnmp_udp6_parse_security",
1044 "Couldn't allocate enough memory\n"));
1046 memmove_com2Sec6Entry(e, secName, community, net, mask);
1047 if (com2Sec6ListLast != NULL) {
1048 com2Sec6ListLast->next = e;
1049 com2Sec6ListLast = e;
1051 com2Sec6ListLast = com2Sec6List = e;
1056 * Nope, Must be a hostname.
1058 struct addrinfo hints, *ai, *res;
1059 char hbuf[NI_MAXHOST];
1062 memset(&hints, 0, sizeof(hints));
1063 hints.ai_family = PF_INET6;
1064 hints.ai_socktype = SOCK_DGRAM;
1065 if ((gai_error = getaddrinfo(source, NULL, &hints, &res)) != 0) {
1066 config_perror(gai_strerror(gai_error));
1070 for (ai = res; ai != NULL; ai = ai->ai_next) {
1072 (ai->ai_addr, ai->ai_addrlen, hbuf, sizeof(hbuf), NULL,
1073 0, NI_NUMERICHOST)) {
1074 config_perror("getnameinfo failed");
1076 memmove(ai->ai_addr, &net, sizeof(struct sockaddr_in6));
1077 inet_make_mask_addr(AF_INET6, &mask.sin6_addr, 128);
1079 e = (com2Sec6Entry *) malloc(sizeof(com2Sec6Entry));
1081 config_perror("memory error");
1086 * Everything is okay. Copy the parameters to the structure allocated
1087 * above and add it to END of the list.
1089 DEBUGMSGTL(("netsnmp_udp6_parse_security",
1090 "<\"%s\", %s> => \"%s\"\n", community, hbuf,
1092 memmove_com2Sec6Entry(e, secName, community, net, mask);
1093 if (com2Sec6ListLast != NULL) {
1094 com2Sec6ListLast->next = e;
1095 com2Sec6ListLast = e;
1097 com2Sec6ListLast = com2Sec6List = e;
1110 netsnmp_udp6_com2Sec6List_free(void)
1112 com2Sec6Entry *e = com2Sec6List;
1114 com2Sec6Entry *tmp = e;
1118 com2Sec6List = com2Sec6ListLast = NULL;
1123 netsnmp_udp6_agent_config_tokens_register(void)
1125 register_app_config_handler("com2sec6", netsnmp_udp6_parse_security,
1126 netsnmp_udp6_com2Sec6List_free,
1127 "name IPv6-network-address[/netmask] community");
1133 * Return 0 if there are no com2sec entries, or return 1 if there ARE com2sec
1134 * entries. On return, if a com2sec entry matched the passed parameters,
1135 * then *secName points at the appropriate security name, or is NULL if the
1136 * parameters did not match any com2sec entry.
1140 netsnmp_udp6_getSecName(void *opaque, int olength,
1141 const char *community,
1142 int community_len, char **secName)
1145 struct sockaddr_in6 *from = (struct sockaddr_in6 *) opaque;
1146 char *ztcommunity = NULL;
1147 char str6[INET6_ADDRSTRLEN];
1150 * Special case if there are NO entries (as opposed to no MATCHING
1154 if (com2Sec6List == NULL) {
1155 DEBUGMSGTL(("netsnmp_udp6_getSecName", "no com2sec entries\n"));
1156 if (secName != NULL) {
1163 * If there is no IPv6 source address,
1164 * then there can be no valid security name.
1167 if (opaque == NULL || olength != sizeof(struct sockaddr_in6)
1168 || from->sin6_family != PF_INET6) {
1169 DEBUGMSGTL(("netsnmp_udp6_getSecName",
1170 "no IPv6 source address in PDU?\n"));
1171 if (secName != NULL) {
1177 ztcommunity = (char *) malloc(community_len + 1);
1178 if (ztcommunity != NULL) {
1179 memcpy(ztcommunity, community, community_len);
1180 ztcommunity[community_len] = '\0';
1183 inet_ntop(AF_INET6, &from->sin6_addr, str6, sizeof(str6));
1184 DEBUGMSGTL(("netsnmp_udp6_getSecName", "resolve <\"%s\", %s>\n",
1185 ztcommunity ? ztcommunity : "<malloc error>", str6));
1187 for (c = com2Sec6List; c != NULL; c = c->next) {
1188 DEBUGMSGTL(("netsnmp_udp6_getSecName",
1189 "compare <\"%s\", 0x%032/0x%032x>", c->community,
1190 c->network, c->mask));
1192 if ((community_len == strlen(c->community)) &&
1193 (memcmp(community, c->community, community_len) == 0) &&
1194 (masked_address_are_equal(from->sin6_family,
1195 (struct sockaddr_storage *) from,
1196 (struct sockaddr_storage *) &c->mask,
1197 (struct sockaddr_storage *) &c->
1199 DEBUGMSG(("netsnmp_udp6_getSecName", "... SUCCESS\n"));
1200 if (secName != NULL) {
1201 *secName = c->secName;
1205 DEBUGMSG(("netsnmp_udp6_getSecName", "... nope\n"));
1207 if (ztcommunity != NULL) {
1214 netsnmp_udp6_create_tstring(const char *string, int local)
1216 struct sockaddr_in6 addr;
1218 if (netsnmp_sockaddr_in6(&addr, string, 0)) {
1219 return netsnmp_udp6_transport(&addr, local);
1229 * http://www.ietf.org/internet-drafts/draft-ietf-ops-taddress-mib-01.txt
1231 * (or newer equivalent) for details of the TC which we are using for
1236 netsnmp_udp6_create_ostring(const u_char * o, size_t o_len, int local)
1238 struct sockaddr_in6 addr;
1241 memset((u_char *) & addr, 0, sizeof(struct sockaddr_in6));
1242 addr.sin6_family = AF_INET6;
1243 memcpy((u_char *) & (addr.sin6_addr.s6_addr), o, 16);
1244 addr.sin6_port = (o[16] << 8) + o[17];
1245 return netsnmp_udp6_transport(&addr, local);
1252 netsnmp_udp6_ctor(void)
1254 udp6Domain.name = netsnmp_UDPIPv6Domain;
1255 udp6Domain.name_length = sizeof(netsnmp_UDPIPv6Domain) / sizeof(oid);
1256 udp6Domain.f_create_from_tstring = netsnmp_udp6_create_tstring;
1257 udp6Domain.f_create_from_ostring = netsnmp_udp6_create_ostring;
1258 udp6Domain.prefix = calloc(5, sizeof(char *));
1259 udp6Domain.prefix[0] = "udp6";
1260 udp6Domain.prefix[1] = "ipv6";
1261 udp6Domain.prefix[2] = "udpv6";
1262 udp6Domain.prefix[3] = "udpipv6";
1264 netsnmp_tdomain_register(&udp6Domain);