diff --git a/contrib/traceroute/traceroute.c b/contrib/traceroute/traceroute.c index 8d75a5504bda..f71449095ced 100644 --- a/contrib/traceroute/traceroute.c +++ b/contrib/traceroute/traceroute.c @@ -17,6 +17,8 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * $FreeBSD$ */ #ifndef lint @@ -24,7 +26,7 @@ static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1991, 1994, 1995, 1996\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#)$Header: /home/ncvs/src/contrib/traceroute/traceroute.c,v 1.10 1999/05/12 17:28:31 archie Exp $ (LBL)"; + "@(#)$Header: /usr/local/FreeBSD/cvs/src/contrib/traceroute/traceroute.c,v 1.11 1999/06/25 21:48:40 archie Exp $ (LBL)"; #endif /* @@ -217,6 +219,11 @@ static const char rcsid[] = #include +#ifdef IPSEC +#include +#include /* XXX */ +#endif /* IPSEC */ + #include #include #ifdef HAVE_MALLOC_H @@ -322,6 +329,9 @@ void print(u_char *, int, struct sockaddr_in *); char *getaddr(u_int32_t *, char *); char *getsin(struct sockaddr_in *, char *); char *savestr(const char *); +#ifdef IPSEC +int setpolicy __P((int so, char *policy)); +#endif void send_probe(int, int); void tvsub(struct timeval *, struct timeval *); __dead void usage(void); @@ -646,6 +656,14 @@ main(int argc, char **argv) (void)setsockopt(s, SOL_SOCKET, SO_DONTROUTE, (char *)&on, sizeof(on)); +#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) + if (setpolicy(s, "in bypass") < 0) + errx(1, ipsec_strerror()); + + if (setpolicy(s, "out bypass") < 0) + errx(1, ipsec_strerror()); +#endif /* defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) */ + if (sndsock < 0) { errno = sockerrno; Fprintf(stderr, "%s: raw socket: %s\n", prog, strerror(errno)); @@ -718,6 +736,14 @@ main(int argc, char **argv) #endif } +#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) + if (setpolicy(sndsock, "in bypass") < 0) + errx(1, ipsec_strerror()); + + if (setpolicy(sndsock, "out bypass") < 0) + errx(1, ipsec_strerror()); +#endif /* defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) */ + Fprintf(stderr, "%s to %s (%s)", prog, hostname, inet_ntoa(to->sin_addr)); if (source) @@ -885,6 +911,28 @@ wait_for_reply(register int sock, register struct sockaddr_in *fromp, return(cc); } +#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) +int +setpolicy(so, policy) + int so; + char *policy; +{ + char *buf; + + buf = ipsec_set_policy(policy, strlen(policy)); + if (buf == NULL) { + warnx(ipsec_strerror()); + return -1; + } + (void)setsockopt(so, IPPROTO_IP, IP_IPSEC_POLICY, + buf, ipsec_get_policylen(buf)); + + free(buf); + + return 0; +} +#endif + void send_probe(int seq, int ttl) { diff --git a/usr.sbin/traceroute/Makefile b/usr.sbin/traceroute/Makefile index 4ddf20d0e011..1cb75bfa905a 100644 --- a/usr.sbin/traceroute/Makefile +++ b/usr.sbin/traceroute/Makefile @@ -4,7 +4,7 @@ PROG= traceroute MAN8= traceroute.8 BINMODE=4555 CFLAGS+=-DHAVE_SYS_SELECT_H=1 -DHAVE_SETLINEBUF=1 -DHAVE_RAW_OPTIONS=1 \ - -DSTDC_HEADERS=1 + -DSTDC_HEADERS=1 -DIPSEC # RTT Jitter on the internet these days means printing 3 decimal places on # > 1000ms times is plain useless. Uncomment this to enable variable precision # reporting, ie: print a variable precision from 0.001ms through 1000ms @@ -12,6 +12,8 @@ CFLAGS+=-DHAVE_SYS_SELECT_H=1 -DHAVE_SETLINEBUF=1 -DHAVE_RAW_OPTIONS=1 \ SRCS= version.c traceroute.c CLEANFILES+= version.c +DPADD= ${LIBIPSEC} +LDADD= -lipsec TRACEROUTE_DISTDIR?= ${.CURDIR}/../../contrib/traceroute