1 | /* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */ |
---|
2 | |
---|
3 | /* |
---|
4 | * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. |
---|
5 | * All rights reserved. |
---|
6 | * |
---|
7 | * Redistribution and use in source and binary forms, with or without |
---|
8 | * modification, are permitted provided that the following conditions |
---|
9 | * are met: |
---|
10 | * 1. Redistributions of source code must retain the above copyright |
---|
11 | * notice, this list of conditions and the following disclaimer. |
---|
12 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer in the |
---|
14 | * documentation and/or other materials provided with the distribution. |
---|
15 | * 3. Neither the name of the project nor the names of its contributors |
---|
16 | * may be used to endorse or promote products derived from this software |
---|
17 | * without specific prior written permission. |
---|
18 | * |
---|
19 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
29 | * SUCH DAMAGE. |
---|
30 | */ |
---|
31 | |
---|
32 | #include <sys/cdefs.h> |
---|
33 | __FBSDID("$FreeBSD$"); |
---|
34 | |
---|
35 | #include <sys/types.h> |
---|
36 | #include <sys/param.h> |
---|
37 | #include <sys/socket.h> |
---|
38 | |
---|
39 | #ifdef __rtems__ |
---|
40 | #include <freebsd/netipsec/ipsec.h> |
---|
41 | #include <freebsd/net/pfkeyv2.h> |
---|
42 | #include <freebsd/netipsec/key_var.h> |
---|
43 | #include <freebsd/netipsec/key_debug.h> |
---|
44 | |
---|
45 | #include <freebsd/netinet/in.h> |
---|
46 | #else |
---|
47 | #include <netipsec/ipsec.h> |
---|
48 | #include <net/pfkeyv2.h> |
---|
49 | #include <netipsec/key_var.h> |
---|
50 | #include <netipsec/key_debug.h> |
---|
51 | |
---|
52 | #include <netinet/in.h> |
---|
53 | #endif |
---|
54 | |
---|
55 | #include <netinet/in.h> |
---|
56 | #include <arpa/inet.h> |
---|
57 | |
---|
58 | #include <stdlib.h> |
---|
59 | #include <unistd.h> |
---|
60 | #include <stdio.h> |
---|
61 | #include <string.h> |
---|
62 | #include <time.h> |
---|
63 | #include <netdb.h> |
---|
64 | |
---|
65 | #include "ipsec_strerror.h" |
---|
66 | #include "libpfkey.h" |
---|
67 | |
---|
68 | /* cope with old kame headers - ugly */ |
---|
69 | #ifndef SADB_X_AALG_MD5 |
---|
70 | #define SADB_X_AALG_MD5 SADB_AALG_MD5 |
---|
71 | #endif |
---|
72 | #ifndef SADB_X_AALG_SHA |
---|
73 | #define SADB_X_AALG_SHA SADB_AALG_SHA |
---|
74 | #endif |
---|
75 | #ifndef SADB_X_AALG_NULL |
---|
76 | #define SADB_X_AALG_NULL SADB_AALG_NULL |
---|
77 | #endif |
---|
78 | |
---|
79 | #ifndef SADB_X_EALG_BLOWFISHCBC |
---|
80 | #define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC |
---|
81 | #endif |
---|
82 | #ifndef SADB_X_EALG_CAST128CBC |
---|
83 | #define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC |
---|
84 | #endif |
---|
85 | #ifndef SADB_X_EALG_RC5CBC |
---|
86 | #ifdef SADB_EALG_RC5CBC |
---|
87 | #define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC |
---|
88 | #endif |
---|
89 | #endif |
---|
90 | |
---|
91 | #define GETMSGSTR(str, num) \ |
---|
92 | do { \ |
---|
93 | if (sizeof((str)[0]) == 0 \ |
---|
94 | || num >= sizeof(str)/sizeof((str)[0])) \ |
---|
95 | printf("%u ", (num)); \ |
---|
96 | else if (strlen((str)[(num)]) == 0) \ |
---|
97 | printf("%u ", (num)); \ |
---|
98 | else \ |
---|
99 | printf("%s ", (str)[(num)]); \ |
---|
100 | } while (0) |
---|
101 | |
---|
102 | #define GETMSGV2S(v2s, num) \ |
---|
103 | do { \ |
---|
104 | struct val2str *p; \ |
---|
105 | for (p = (v2s); p && p->str; p++) { \ |
---|
106 | if (p->val == (num)) \ |
---|
107 | break; \ |
---|
108 | } \ |
---|
109 | if (p && p->str) \ |
---|
110 | printf("%s ", p->str); \ |
---|
111 | else \ |
---|
112 | printf("%u ", (num)); \ |
---|
113 | } while (0) |
---|
114 | |
---|
115 | static char *str_ipaddr(struct sockaddr *); |
---|
116 | static char *str_prefport(u_int, u_int, u_int, u_int); |
---|
117 | static void str_upperspec(u_int, u_int, u_int); |
---|
118 | static char *str_time(time_t); |
---|
119 | static void str_lifetime_byte(struct sadb_lifetime *, char *); |
---|
120 | |
---|
121 | struct val2str { |
---|
122 | int val; |
---|
123 | const char *str; |
---|
124 | }; |
---|
125 | |
---|
126 | /* |
---|
127 | * Must to be re-written about following strings. |
---|
128 | */ |
---|
129 | static char *str_satype[] = { |
---|
130 | "unspec", |
---|
131 | "unknown", |
---|
132 | "ah", |
---|
133 | "esp", |
---|
134 | "unknown", |
---|
135 | "rsvp", |
---|
136 | "ospfv2", |
---|
137 | "ripv2", |
---|
138 | "mip", |
---|
139 | "ipcomp", |
---|
140 | "policy", |
---|
141 | "tcp" |
---|
142 | }; |
---|
143 | |
---|
144 | static char *str_mode[] = { |
---|
145 | "any", |
---|
146 | "transport", |
---|
147 | "tunnel", |
---|
148 | }; |
---|
149 | |
---|
150 | static char *str_state[] = { |
---|
151 | "larval", |
---|
152 | "mature", |
---|
153 | "dying", |
---|
154 | "dead", |
---|
155 | }; |
---|
156 | |
---|
157 | static struct val2str str_alg_auth[] = { |
---|
158 | { SADB_AALG_NONE, "none", }, |
---|
159 | { SADB_AALG_MD5HMAC, "hmac-md5", }, |
---|
160 | { SADB_AALG_SHA1HMAC, "hmac-sha1", }, |
---|
161 | { SADB_X_AALG_MD5, "md5", }, |
---|
162 | { SADB_X_AALG_SHA, "sha", }, |
---|
163 | { SADB_X_AALG_NULL, "null", }, |
---|
164 | { SADB_X_AALG_TCP_MD5, "tcp-md5", }, |
---|
165 | #ifdef SADB_X_AALG_SHA2_256 |
---|
166 | { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, |
---|
167 | #endif |
---|
168 | #ifdef SADB_X_AALG_SHA2_384 |
---|
169 | { SADB_X_AALG_SHA2_384, "hmac-sha2-384", }, |
---|
170 | #endif |
---|
171 | #ifdef SADB_X_AALG_SHA2_512 |
---|
172 | { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, |
---|
173 | #endif |
---|
174 | #ifdef SADB_X_AALG_RIPEMD160HMAC |
---|
175 | { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, |
---|
176 | #endif |
---|
177 | #ifdef SADB_X_AALG_AES_XCBC_MAC |
---|
178 | { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, |
---|
179 | #endif |
---|
180 | { -1, NULL, }, |
---|
181 | }; |
---|
182 | |
---|
183 | static struct val2str str_alg_enc[] = { |
---|
184 | { SADB_EALG_NONE, "none", }, |
---|
185 | { SADB_EALG_DESCBC, "des-cbc", }, |
---|
186 | { SADB_EALG_3DESCBC, "3des-cbc", }, |
---|
187 | { SADB_EALG_NULL, "null", }, |
---|
188 | #ifdef SADB_X_EALG_RC5CBC |
---|
189 | { SADB_X_EALG_RC5CBC, "rc5-cbc", }, |
---|
190 | #endif |
---|
191 | { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, |
---|
192 | { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, |
---|
193 | #ifdef SADB_X_EALG_RIJNDAELCBC |
---|
194 | { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, |
---|
195 | #endif |
---|
196 | #ifdef SADB_X_EALG_TWOFISHCBC |
---|
197 | { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", }, |
---|
198 | #endif |
---|
199 | #ifdef SADB_X_EALG_AESCTR |
---|
200 | { SADB_X_EALG_AESCTR, "aes-ctr", }, |
---|
201 | #endif |
---|
202 | #ifdef SADB_X_EALG_CAMELLIACBC |
---|
203 | { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, |
---|
204 | #endif |
---|
205 | { -1, NULL, }, |
---|
206 | }; |
---|
207 | |
---|
208 | static struct val2str str_alg_comp[] = { |
---|
209 | { SADB_X_CALG_NONE, "none", }, |
---|
210 | { SADB_X_CALG_OUI, "oui", }, |
---|
211 | { SADB_X_CALG_DEFLATE, "deflate", }, |
---|
212 | { SADB_X_CALG_LZS, "lzs", }, |
---|
213 | { -1, NULL, }, |
---|
214 | }; |
---|
215 | |
---|
216 | /* |
---|
217 | * dump SADB_MSG formated. For debugging, you should use kdebug_sadb(). |
---|
218 | */ |
---|
219 | void |
---|
220 | pfkey_sadump(m) |
---|
221 | struct sadb_msg *m; |
---|
222 | { |
---|
223 | caddr_t mhp[SADB_EXT_MAX + 1]; |
---|
224 | struct sadb_sa *m_sa; |
---|
225 | struct sadb_x_sa2 *m_sa2; |
---|
226 | struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts; |
---|
227 | struct sadb_address *m_saddr, *m_daddr, *m_paddr; |
---|
228 | struct sadb_key *m_auth, *m_enc; |
---|
229 | struct sadb_ident *m_sid, *m_did; |
---|
230 | struct sadb_sens *m_sens; |
---|
231 | |
---|
232 | /* check pfkey message. */ |
---|
233 | if (pfkey_align(m, mhp)) { |
---|
234 | printf("%s\n", ipsec_strerror()); |
---|
235 | return; |
---|
236 | } |
---|
237 | if (pfkey_check(mhp)) { |
---|
238 | printf("%s\n", ipsec_strerror()); |
---|
239 | return; |
---|
240 | } |
---|
241 | |
---|
242 | m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA]; |
---|
243 | m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2]; |
---|
244 | m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; |
---|
245 | m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; |
---|
246 | m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT]; |
---|
247 | m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; |
---|
248 | m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; |
---|
249 | m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY]; |
---|
250 | m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH]; |
---|
251 | m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT]; |
---|
252 | m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC]; |
---|
253 | m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST]; |
---|
254 | m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY]; |
---|
255 | |
---|
256 | /* source address */ |
---|
257 | if (m_saddr == NULL) { |
---|
258 | printf("no ADDRESS_SRC extension.\n"); |
---|
259 | return; |
---|
260 | } |
---|
261 | printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1))); |
---|
262 | |
---|
263 | /* destination address */ |
---|
264 | if (m_daddr == NULL) { |
---|
265 | printf("no ADDRESS_DST extension.\n"); |
---|
266 | return; |
---|
267 | } |
---|
268 | printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1))); |
---|
269 | |
---|
270 | /* SA type */ |
---|
271 | if (m_sa == NULL) { |
---|
272 | printf("no SA extension.\n"); |
---|
273 | return; |
---|
274 | } |
---|
275 | if (m_sa2 == NULL) { |
---|
276 | printf("no SA2 extension.\n"); |
---|
277 | return; |
---|
278 | } |
---|
279 | printf("\n\t"); |
---|
280 | |
---|
281 | GETMSGSTR(str_satype, m->sadb_msg_satype); |
---|
282 | |
---|
283 | printf("mode="); |
---|
284 | GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode); |
---|
285 | |
---|
286 | printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n", |
---|
287 | (u_int32_t)ntohl(m_sa->sadb_sa_spi), |
---|
288 | (u_int32_t)ntohl(m_sa->sadb_sa_spi), |
---|
289 | (u_int32_t)m_sa2->sadb_x_sa2_reqid, |
---|
290 | (u_int32_t)m_sa2->sadb_x_sa2_reqid); |
---|
291 | |
---|
292 | /* encryption key */ |
---|
293 | if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { |
---|
294 | printf("\tC: "); |
---|
295 | GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt); |
---|
296 | } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) { |
---|
297 | if (m_enc != NULL) { |
---|
298 | printf("\tE: "); |
---|
299 | GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt); |
---|
300 | ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc), |
---|
301 | m_enc->sadb_key_bits / 8); |
---|
302 | printf("\n"); |
---|
303 | } |
---|
304 | } |
---|
305 | |
---|
306 | /* authentication key */ |
---|
307 | if (m_auth != NULL) { |
---|
308 | printf("\tA: "); |
---|
309 | GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth); |
---|
310 | ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth), |
---|
311 | m_auth->sadb_key_bits / 8); |
---|
312 | printf("\n"); |
---|
313 | } |
---|
314 | |
---|
315 | /* replay windoe size & flags */ |
---|
316 | printf("\tseq=0x%08x replay=%u flags=0x%08x ", |
---|
317 | m_sa2->sadb_x_sa2_sequence, |
---|
318 | m_sa->sadb_sa_replay, |
---|
319 | m_sa->sadb_sa_flags); |
---|
320 | |
---|
321 | /* state */ |
---|
322 | printf("state="); |
---|
323 | GETMSGSTR(str_state, m_sa->sadb_sa_state); |
---|
324 | printf("\n"); |
---|
325 | |
---|
326 | /* lifetime */ |
---|
327 | if (m_lftc != NULL) { |
---|
328 | time_t tmp_time = time(0); |
---|
329 | |
---|
330 | printf("\tcreated: %s", |
---|
331 | str_time(m_lftc->sadb_lifetime_addtime)); |
---|
332 | printf("\tcurrent: %s\n", str_time(tmp_time)); |
---|
333 | printf("\tdiff: %lu(s)", |
---|
334 | (u_long)(m_lftc->sadb_lifetime_addtime == 0 ? |
---|
335 | 0 : (tmp_time - m_lftc->sadb_lifetime_addtime))); |
---|
336 | |
---|
337 | printf("\thard: %lu(s)", |
---|
338 | (u_long)(m_lfth == NULL ? |
---|
339 | 0 : m_lfth->sadb_lifetime_addtime)); |
---|
340 | printf("\tsoft: %lu(s)\n", |
---|
341 | (u_long)(m_lfts == NULL ? |
---|
342 | 0 : m_lfts->sadb_lifetime_addtime)); |
---|
343 | |
---|
344 | printf("\tlast: %s", |
---|
345 | str_time(m_lftc->sadb_lifetime_usetime)); |
---|
346 | printf("\thard: %lu(s)", |
---|
347 | (u_long)(m_lfth == NULL ? |
---|
348 | 0 : m_lfth->sadb_lifetime_usetime)); |
---|
349 | printf("\tsoft: %lu(s)\n", |
---|
350 | (u_long)(m_lfts == NULL ? |
---|
351 | 0 : m_lfts->sadb_lifetime_usetime)); |
---|
352 | |
---|
353 | str_lifetime_byte(m_lftc, "current"); |
---|
354 | str_lifetime_byte(m_lfth, "hard"); |
---|
355 | str_lifetime_byte(m_lfts, "soft"); |
---|
356 | printf("\n"); |
---|
357 | |
---|
358 | printf("\tallocated: %lu", |
---|
359 | (unsigned long)m_lftc->sadb_lifetime_allocations); |
---|
360 | printf("\thard: %lu", |
---|
361 | (u_long)(m_lfth == NULL ? |
---|
362 | 0 : m_lfth->sadb_lifetime_allocations)); |
---|
363 | printf("\tsoft: %lu\n", |
---|
364 | (u_long)(m_lfts == NULL ? |
---|
365 | 0 : m_lfts->sadb_lifetime_allocations)); |
---|
366 | } |
---|
367 | |
---|
368 | printf("\tsadb_seq=%lu pid=%lu ", |
---|
369 | (u_long)m->sadb_msg_seq, |
---|
370 | (u_long)m->sadb_msg_pid); |
---|
371 | |
---|
372 | /* XXX DEBUG */ |
---|
373 | printf("refcnt=%u\n", m->sadb_msg_reserved); |
---|
374 | |
---|
375 | return; |
---|
376 | } |
---|
377 | |
---|
378 | void |
---|
379 | pfkey_spdump(m) |
---|
380 | struct sadb_msg *m; |
---|
381 | { |
---|
382 | char pbuf[NI_MAXSERV]; |
---|
383 | caddr_t mhp[SADB_EXT_MAX + 1]; |
---|
384 | struct sadb_address *m_saddr, *m_daddr; |
---|
385 | struct sadb_x_policy *m_xpl; |
---|
386 | struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL; |
---|
387 | struct sockaddr *sa; |
---|
388 | u_int16_t sport = 0, dport = 0; |
---|
389 | |
---|
390 | /* check pfkey message. */ |
---|
391 | if (pfkey_align(m, mhp)) { |
---|
392 | printf("%s\n", ipsec_strerror()); |
---|
393 | return; |
---|
394 | } |
---|
395 | if (pfkey_check(mhp)) { |
---|
396 | printf("%s\n", ipsec_strerror()); |
---|
397 | return; |
---|
398 | } |
---|
399 | |
---|
400 | m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; |
---|
401 | m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; |
---|
402 | m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY]; |
---|
403 | m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; |
---|
404 | m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; |
---|
405 | |
---|
406 | if (m_saddr && m_daddr) { |
---|
407 | /* source address */ |
---|
408 | sa = (struct sockaddr *)(m_saddr + 1); |
---|
409 | switch (sa->sa_family) { |
---|
410 | case AF_INET: |
---|
411 | case AF_INET6: |
---|
412 | if (getnameinfo(sa, sa->sa_len, NULL, 0, |
---|
413 | pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) |
---|
414 | sport = 0; /*XXX*/ |
---|
415 | else |
---|
416 | sport = atoi(pbuf); |
---|
417 | printf("%s%s ", str_ipaddr(sa), |
---|
418 | str_prefport(sa->sa_family, |
---|
419 | m_saddr->sadb_address_prefixlen, sport, |
---|
420 | m_saddr->sadb_address_proto)); |
---|
421 | break; |
---|
422 | default: |
---|
423 | printf("unknown-af "); |
---|
424 | break; |
---|
425 | } |
---|
426 | |
---|
427 | /* destination address */ |
---|
428 | sa = (struct sockaddr *)(m_daddr + 1); |
---|
429 | switch (sa->sa_family) { |
---|
430 | case AF_INET: |
---|
431 | case AF_INET6: |
---|
432 | if (getnameinfo(sa, sa->sa_len, NULL, 0, |
---|
433 | pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) |
---|
434 | dport = 0; /*XXX*/ |
---|
435 | else |
---|
436 | dport = atoi(pbuf); |
---|
437 | printf("%s%s ", str_ipaddr(sa), |
---|
438 | str_prefport(sa->sa_family, |
---|
439 | m_daddr->sadb_address_prefixlen, dport, |
---|
440 | m_saddr->sadb_address_proto)); |
---|
441 | break; |
---|
442 | default: |
---|
443 | printf("unknown-af "); |
---|
444 | break; |
---|
445 | } |
---|
446 | |
---|
447 | /* upper layer protocol */ |
---|
448 | if (m_saddr->sadb_address_proto != |
---|
449 | m_daddr->sadb_address_proto) { |
---|
450 | printf("upper layer protocol mismatched.\n"); |
---|
451 | return; |
---|
452 | } |
---|
453 | str_upperspec(m_saddr->sadb_address_proto, sport, dport); |
---|
454 | } |
---|
455 | else |
---|
456 | printf("(no selector, probably per-socket policy) "); |
---|
457 | |
---|
458 | /* policy */ |
---|
459 | { |
---|
460 | char *d_xpl; |
---|
461 | |
---|
462 | if (m_xpl == NULL) { |
---|
463 | printf("no X_POLICY extension.\n"); |
---|
464 | return; |
---|
465 | } |
---|
466 | d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t"); |
---|
467 | |
---|
468 | /* dump SPD */ |
---|
469 | printf("\n\t%s\n", d_xpl); |
---|
470 | free(d_xpl); |
---|
471 | } |
---|
472 | |
---|
473 | /* lifetime */ |
---|
474 | if (m_lftc) { |
---|
475 | printf("\tcreated: %s ", |
---|
476 | str_time(m_lftc->sadb_lifetime_addtime)); |
---|
477 | printf("lastused: %s\n", |
---|
478 | str_time(m_lftc->sadb_lifetime_usetime)); |
---|
479 | } |
---|
480 | if (m_lfth) { |
---|
481 | printf("\tlifetime: %lu(s) ", |
---|
482 | (u_long)m_lfth->sadb_lifetime_addtime); |
---|
483 | printf("validtime: %lu(s)\n", |
---|
484 | (u_long)m_lfth->sadb_lifetime_usetime); |
---|
485 | } |
---|
486 | |
---|
487 | |
---|
488 | printf("\tspid=%ld seq=%ld pid=%ld\n", |
---|
489 | (u_long)m_xpl->sadb_x_policy_id, |
---|
490 | (u_long)m->sadb_msg_seq, |
---|
491 | (u_long)m->sadb_msg_pid); |
---|
492 | |
---|
493 | /* XXX TEST */ |
---|
494 | printf("\trefcnt=%u\n", m->sadb_msg_reserved); |
---|
495 | |
---|
496 | return; |
---|
497 | } |
---|
498 | |
---|
499 | /* |
---|
500 | * set "ipaddress" to buffer. |
---|
501 | */ |
---|
502 | static char * |
---|
503 | str_ipaddr(sa) |
---|
504 | struct sockaddr *sa; |
---|
505 | { |
---|
506 | static char buf[NI_MAXHOST]; |
---|
507 | const int niflag = NI_NUMERICHOST; |
---|
508 | |
---|
509 | if (sa == NULL) |
---|
510 | return ""; |
---|
511 | |
---|
512 | if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0) |
---|
513 | return buf; |
---|
514 | return NULL; |
---|
515 | } |
---|
516 | |
---|
517 | /* |
---|
518 | * set "/prefix[port number]" to buffer. |
---|
519 | */ |
---|
520 | static char * |
---|
521 | str_prefport(family, pref, port, ulp) |
---|
522 | u_int family, pref, port, ulp; |
---|
523 | { |
---|
524 | static char buf[128]; |
---|
525 | char prefbuf[128]; |
---|
526 | char portbuf[128]; |
---|
527 | int plen; |
---|
528 | |
---|
529 | switch (family) { |
---|
530 | case AF_INET: |
---|
531 | plen = sizeof(struct in_addr) << 3; |
---|
532 | break; |
---|
533 | case AF_INET6: |
---|
534 | plen = sizeof(struct in6_addr) << 3; |
---|
535 | break; |
---|
536 | default: |
---|
537 | return "?"; |
---|
538 | } |
---|
539 | |
---|
540 | if (pref == plen) |
---|
541 | prefbuf[0] = '\0'; |
---|
542 | else |
---|
543 | snprintf(prefbuf, sizeof(prefbuf), "/%u", pref); |
---|
544 | |
---|
545 | if (ulp == IPPROTO_ICMPV6) |
---|
546 | memset(portbuf, 0, sizeof(portbuf)); |
---|
547 | else { |
---|
548 | if (port == IPSEC_PORT_ANY) |
---|
549 | snprintf(portbuf, sizeof(portbuf), "[%s]", "any"); |
---|
550 | else |
---|
551 | snprintf(portbuf, sizeof(portbuf), "[%u]", port); |
---|
552 | } |
---|
553 | |
---|
554 | snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf); |
---|
555 | |
---|
556 | return buf; |
---|
557 | } |
---|
558 | |
---|
559 | static void |
---|
560 | str_upperspec(ulp, p1, p2) |
---|
561 | u_int ulp, p1, p2; |
---|
562 | { |
---|
563 | if (ulp == IPSEC_ULPROTO_ANY) |
---|
564 | printf("any"); |
---|
565 | else if (ulp == IPPROTO_ICMPV6) { |
---|
566 | printf("icmp6"); |
---|
567 | if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY)) |
---|
568 | printf(" %u,%u", p1, p2); |
---|
569 | } else { |
---|
570 | struct protoent *ent; |
---|
571 | |
---|
572 | switch (ulp) { |
---|
573 | case IPPROTO_IPV4: |
---|
574 | printf("ip4"); |
---|
575 | break; |
---|
576 | default: |
---|
577 | ent = getprotobynumber(ulp); |
---|
578 | if (ent) |
---|
579 | printf("%s", ent->p_name); |
---|
580 | else |
---|
581 | printf("%u", ulp); |
---|
582 | |
---|
583 | endprotoent(); |
---|
584 | break; |
---|
585 | } |
---|
586 | } |
---|
587 | } |
---|
588 | |
---|
589 | /* |
---|
590 | * set "Mon Day Time Year" to buffer |
---|
591 | */ |
---|
592 | static char * |
---|
593 | str_time(t) |
---|
594 | time_t t; |
---|
595 | { |
---|
596 | static char buf[128]; |
---|
597 | |
---|
598 | if (t == 0) { |
---|
599 | int i = 0; |
---|
600 | for (;i < 20;) buf[i++] = ' '; |
---|
601 | } else { |
---|
602 | char *t0; |
---|
603 | t0 = ctime(&t); |
---|
604 | memcpy(buf, t0 + 4, 20); |
---|
605 | } |
---|
606 | |
---|
607 | buf[20] = '\0'; |
---|
608 | |
---|
609 | return(buf); |
---|
610 | } |
---|
611 | |
---|
612 | static void |
---|
613 | str_lifetime_byte(x, str) |
---|
614 | struct sadb_lifetime *x; |
---|
615 | char *str; |
---|
616 | { |
---|
617 | double y; |
---|
618 | char *unit; |
---|
619 | int w; |
---|
620 | |
---|
621 | if (x == NULL) { |
---|
622 | printf("\t%s: 0(bytes)", str); |
---|
623 | return; |
---|
624 | } |
---|
625 | |
---|
626 | #if 0 |
---|
627 | if ((x->sadb_lifetime_bytes) / 1024 / 1024) { |
---|
628 | y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024; |
---|
629 | unit = "M"; |
---|
630 | w = 1; |
---|
631 | } else if ((x->sadb_lifetime_bytes) / 1024) { |
---|
632 | y = (x->sadb_lifetime_bytes) * 1.0 / 1024; |
---|
633 | unit = "K"; |
---|
634 | w = 1; |
---|
635 | } else { |
---|
636 | y = (x->sadb_lifetime_bytes) * 1.0; |
---|
637 | unit = ""; |
---|
638 | w = 0; |
---|
639 | } |
---|
640 | #else |
---|
641 | y = (x->sadb_lifetime_bytes) * 1.0; |
---|
642 | unit = ""; |
---|
643 | w = 0; |
---|
644 | #endif |
---|
645 | printf("\t%s: %.*f(%sbytes)", str, w, y, unit); |
---|
646 | } |
---|