1: /* $NetBSD: pfkey_dump.c,v 1.18 2010/12/03 14:32:52 tteras Exp $ */
2:
3: /* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifdef HAVE_CONFIG_H
35: #include "config.h"
36: #endif
37:
38: #include <sys/types.h>
39: #include <sys/param.h>
40: #include <sys/socket.h>
41: #include PATH_IPSEC_H
42: #include <net/pfkeyv2.h>
43:
44: #include <netinet/in.h>
45: #include <arpa/inet.h>
46:
47: #include <stdlib.h>
48: #include <unistd.h>
49: #include <stdio.h>
50: #include <string.h>
51: #include <time.h>
52: #include <netdb.h>
53:
54: #include "ipsec_strerror.h"
55: #include "libpfkey.h"
56:
57: /* cope with old kame headers - ugly */
58: #ifndef SADB_X_AALG_MD5
59: #define SADB_X_AALG_MD5 SADB_AALG_MD5
60: #endif
61: #ifndef SADB_X_AALG_SHA
62: #define SADB_X_AALG_SHA SADB_AALG_SHA
63: #endif
64: #ifndef SADB_X_AALG_NULL
65: #define SADB_X_AALG_NULL SADB_AALG_NULL
66: #endif
67:
68: #ifndef SADB_X_EALG_BLOWFISHCBC
69: #define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC
70: #endif
71: #ifndef SADB_X_EALG_CAST128CBC
72: #define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC
73: #endif
74: #ifndef SADB_X_EALG_RC5CBC
75: #ifdef SADB_EALG_RC5CBC
76: #define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC
77: #endif
78: #endif
79: #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
80: #define SADB_X_EALG_AESCBC SADB_X_EALG_AES
81: #endif
82:
83: #define GETMSGSTR(str, num) \
84: do { \
85: /*CONSTCOND*/ \
86: if (sizeof((str)[0]) == 0 \
87: || num >= sizeof(str)/sizeof((str)[0])) \
88: printf("%u ", (num)); \
89: else if (strlen((str)[(num)]) == 0) \
90: printf("%u ", (num)); \
91: else \
92: printf("%s ", (str)[(num)]); \
93: } while (/*CONSTCOND*/0)
94:
95: #define GETMSGV2S(v2s, num) \
96: do { \
97: struct val2str *p; \
98: for (p = (v2s); p && p->str; p++) { \
99: if (p->val == (num)) \
100: break; \
101: } \
102: if (p && p->str) \
103: printf("%s ", p->str); \
104: else \
105: printf("%u ", (num)); \
106: } while (/*CONSTCOND*/0)
107:
108: static char *str_ipaddr __P((struct sockaddr *));
109: static char *str_ipport __P((struct sockaddr *));
110: static char *str_prefport __P((u_int, u_int, u_int, u_int));
111: static void str_upperspec __P((u_int, u_int, u_int));
112: static char *str_time __P((time_t));
113: static void str_lifetime_byte __P((struct sadb_lifetime *, char *));
114: static void pfkey_sadump1(struct sadb_msg *, int);
115: static void pfkey_spdump1(struct sadb_msg *, int);
116:
117: struct val2str {
118: int val;
119: const char *str;
120: };
121:
122: /*
123: * Must to be re-written about following strings.
124: */
125: static char *str_satype[] = {
126: "unspec",
127: "unknown",
128: "ah",
129: "esp",
130: "unknown",
131: "rsvp",
132: "ospfv2",
133: "ripv2",
134: "mip",
135: "ipcomp",
136: "policy",
137: "tcp",
138: };
139:
140: static char *str_mode[] = {
141: "any",
142: "transport",
143: "tunnel",
144: };
145:
146: static char *str_state[] = {
147: "larval",
148: "mature",
149: "dying",
150: "dead",
151: };
152:
153: static struct val2str str_alg_auth[] = {
154: { SADB_AALG_NONE, "none", },
155: { SADB_AALG_MD5HMAC, "hmac-md5", },
156: { SADB_AALG_SHA1HMAC, "hmac-sha1", },
157: { SADB_X_AALG_MD5, "md5", },
158: { SADB_X_AALG_SHA, "sha", },
159: { SADB_X_AALG_NULL, "null", },
160: #ifdef SADB_X_AALG_TCP_MD5
161: { SADB_X_AALG_TCP_MD5, "tcp-md5", },
162: #endif
163: #ifdef SADB_X_AALG_SHA2_256
164: { SADB_X_AALG_SHA2_256, "hmac-sha256", },
165: #endif
166: #ifdef SADB_X_AALG_SHA2_384
167: { SADB_X_AALG_SHA2_384, "hmac-sha384", },
168: #endif
169: #ifdef SADB_X_AALG_SHA2_512
170: { SADB_X_AALG_SHA2_512, "hmac-sha512", },
171: #endif
172: #ifdef SADB_X_AALG_RIPEMD160HMAC
173: { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
174: #endif
175: #ifdef SADB_X_AALG_AES_XCBC_MAC
176: { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
177: #endif
178: { -1, NULL, },
179: };
180:
181: static struct val2str str_alg_enc[] = {
182: { SADB_EALG_NONE, "none", },
183: { SADB_EALG_DESCBC, "des-cbc", },
184: { SADB_EALG_3DESCBC, "3des-cbc", },
185: { SADB_EALG_NULL, "null", },
186: #ifdef SADB_X_EALG_RC5CBC
187: { SADB_X_EALG_RC5CBC, "rc5-cbc", },
188: #endif
189: { SADB_X_EALG_CAST128CBC, "cast128-cbc", },
190: { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
191: #ifdef SADB_X_EALG_AESCBC
192: { SADB_X_EALG_AESCBC, "aes-cbc", },
193: #endif
194: #ifdef SADB_X_EALG_TWOFISHCBC
195: { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
196: #endif
197: #ifdef SADB_X_EALG_AESCTR
198: { SADB_X_EALG_AESCTR, "aes-ctr", },
199: #endif
200: #ifdef SADB_X_EALG_CAMELLIACBC
201: { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
202: #endif
203: { -1, NULL, },
204: };
205:
206: static struct val2str str_alg_comp[] = {
207: { SADB_X_CALG_NONE, "none", },
208: { SADB_X_CALG_OUI, "oui", },
209: { SADB_X_CALG_DEFLATE, "deflate", },
210: { SADB_X_CALG_LZS, "lzs", },
211: { -1, NULL, },
212: };
213:
214: /*
215: * dump SADB_MSG formated. For debugging, you should use kdebug_sadb().
216: */
217:
218: void
219: pfkey_sadump(m)
220: struct sadb_msg *m;
221: {
222: pfkey_sadump1(m, 0);
223: }
224:
225: void
226: pfkey_sadump_withports(m)
227: struct sadb_msg *m;
228: {
229: pfkey_sadump1(m, 1);
230: }
231:
232: void
233: pfkey_sadump1(m, withports)
234: struct sadb_msg *m;
235: int withports;
236: {
237: caddr_t mhp[SADB_EXT_MAX + 1];
238: struct sadb_sa *m_sa;
239: struct sadb_x_sa2 *m_sa2;
240: struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
241: struct sadb_address *m_saddr, *m_daddr;
242: #ifdef notdef
243: struct sadb_address *m_paddr;
244: #endif
245: struct sadb_key *m_auth, *m_enc;
246: #ifdef notdef
247: struct sadb_ident *m_sid, *m_did;
248: struct sadb_sens *m_sens;
249: #endif
250: #ifdef SADB_X_EXT_SEC_CTX
251: struct sadb_x_sec_ctx *m_sec_ctx;
252: #endif
253: #ifdef SADB_X_EXT_NAT_T_TYPE
254: struct sadb_x_nat_t_type *natt_type;
255: struct sadb_x_nat_t_port *natt_sport, *natt_dport;
256: struct sadb_address *natt_oa;
257:
258: int use_natt = 0;
259: #endif
260: struct sockaddr *sa;
261:
262: /* check pfkey message. */
263: if (pfkey_align(m, mhp)) {
264: printf("%s\n", ipsec_strerror());
265: return;
266: }
267: if (pfkey_check(mhp)) {
268: printf("%s\n", ipsec_strerror());
269: return;
270: }
271:
272: m_sa = (void *)mhp[SADB_EXT_SA];
273: m_sa2 = (void *)mhp[SADB_X_EXT_SA2];
274: m_lftc = (void *)mhp[SADB_EXT_LIFETIME_CURRENT];
275: m_lfth = (void *)mhp[SADB_EXT_LIFETIME_HARD];
276: m_lfts = (void *)mhp[SADB_EXT_LIFETIME_SOFT];
277: m_saddr = (void *)mhp[SADB_EXT_ADDRESS_SRC];
278: m_daddr = (void *)mhp[SADB_EXT_ADDRESS_DST];
279: #ifdef notdef
280: m_paddr = (void *)mhp[SADB_EXT_ADDRESS_PROXY];
281: #endif
282: m_auth = (void *)mhp[SADB_EXT_KEY_AUTH];
283: m_enc = (void *)mhp[SADB_EXT_KEY_ENCRYPT];
284: #ifdef notdef
285: m_sid = (void *)mhp[SADB_EXT_IDENTITY_SRC];
286: m_did = (void *)mhp[SADB_EXT_IDENTITY_DST];
287: m_sens = (void *)mhp[SADB_EXT_SENSITIVITY];
288: #endif
289: #ifdef SADB_X_EXT_SEC_CTX
290: m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
291: #endif
292: #ifdef SADB_X_EXT_NAT_T_TYPE
293: natt_type = (void *)mhp[SADB_X_EXT_NAT_T_TYPE];
294: natt_sport = (void *)mhp[SADB_X_EXT_NAT_T_SPORT];
295: natt_dport = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
296: natt_oa = (void *)mhp[SADB_X_EXT_NAT_T_OA];
297:
298: if (natt_type && natt_type->sadb_x_nat_t_type_type)
299: use_natt = 1;
300: #endif
301: /* source address */
302: if (m_saddr == NULL) {
303: printf("no ADDRESS_SRC extension.\n");
304: return;
305: }
306: sa = (void *)(m_saddr + 1);
307: if (withports)
308: printf("%s[%s]", str_ipaddr(sa), str_ipport(sa));
309: else
310: printf("%s", str_ipaddr(sa));
311: #ifdef SADB_X_EXT_NAT_T_TYPE
312: if (use_natt && natt_sport)
313: printf("[%u]", ntohs(natt_sport->sadb_x_nat_t_port_port));
314: #endif
315: printf(" ");
316:
317: /* destination address */
318: if (m_daddr == NULL) {
319: printf(" no ADDRESS_DST extension.\n");
320: return;
321: }
322: sa = (void *)(m_daddr + 1);
323: if (withports)
324: printf("%s[%s]", str_ipaddr(sa), str_ipport(sa));
325: else
326: printf("%s", str_ipaddr(sa));
327: #ifdef SADB_X_EXT_NAT_T_TYPE
328: if (use_natt && natt_dport)
329: printf("[%u]", ntohs(natt_dport->sadb_x_nat_t_port_port));
330: #endif
331: printf(" ");
332:
333: /* SA type */
334: if (m_sa == NULL) {
335: printf("no SA extension.\n");
336: return;
337: }
338: if (m_sa2 == NULL) {
339: printf("no SA2 extension.\n");
340: return;
341: }
342: printf("\n\t");
343:
344: #ifdef SADB_X_EXT_NAT_T_TYPE
345: if (use_natt && m->sadb_msg_satype == SADB_SATYPE_ESP)
346: printf("esp-udp ");
347: else if (use_natt)
348: printf("natt+");
349:
350: if (!use_natt || m->sadb_msg_satype != SADB_SATYPE_ESP)
351: #endif
352: GETMSGSTR(str_satype, m->sadb_msg_satype);
353:
354: printf("mode=");
355: GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
356:
357: printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
358: (u_int32_t)ntohl(m_sa->sadb_sa_spi),
359: (u_int32_t)ntohl(m_sa->sadb_sa_spi),
360: (u_int32_t)m_sa2->sadb_x_sa2_reqid,
361: (u_int32_t)m_sa2->sadb_x_sa2_reqid);
362:
363: #ifdef SADB_X_EXT_NAT_T_TYPE
364: /* other NAT-T information */
365: if (use_natt && natt_oa)
366: printf("\tNAT OA=%s\n",
367: str_ipaddr((void *)(natt_oa + 1)));
368: #endif
369:
370: /* encryption key */
371: if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
372: printf("\tC: ");
373: GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt);
374: } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) {
375: if (m_enc != NULL) {
376: printf("\tE: ");
377: GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt);
378: ipsec_hexdump((caddr_t)(void *)m_enc + sizeof(*m_enc),
379: m_enc->sadb_key_bits / 8);
380: printf("\n");
381: }
382: }
383:
384: /* authentication key */
385: if (m_auth != NULL) {
386: printf("\tA: ");
387: GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth);
388: ipsec_hexdump((caddr_t)(void *)m_auth + sizeof(*m_auth),
389: m_auth->sadb_key_bits / 8);
390: printf("\n");
391: }
392:
393: /* replay windoe size & flags */
394: printf("\tseq=0x%08x replay=%u flags=0x%08x ",
395: m_sa2->sadb_x_sa2_sequence,
396: m_sa->sadb_sa_replay,
397: m_sa->sadb_sa_flags);
398:
399: /* state */
400: printf("state=");
401: GETMSGSTR(str_state, m_sa->sadb_sa_state);
402: printf("\n");
403:
404: /* lifetime */
405: if (m_lftc != NULL) {
406: time_t tmp_time = time(0);
407:
408: printf("\tcreated: %s",
409: str_time((long)m_lftc->sadb_lifetime_addtime));
410: printf("\tcurrent: %s\n", str_time(tmp_time));
411: printf("\tdiff: %lu(s)",
412: (u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
413: 0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
414:
415: printf("\thard: %lu(s)",
416: (u_long)(m_lfth == NULL ?
417: 0 : m_lfth->sadb_lifetime_addtime));
418: printf("\tsoft: %lu(s)\n",
419: (u_long)(m_lfts == NULL ?
420: 0 : m_lfts->sadb_lifetime_addtime));
421:
422: printf("\tlast: %s",
423: str_time((long)m_lftc->sadb_lifetime_usetime));
424: printf("\thard: %lu(s)",
425: (u_long)(m_lfth == NULL ?
426: 0 : m_lfth->sadb_lifetime_usetime));
427: printf("\tsoft: %lu(s)\n",
428: (u_long)(m_lfts == NULL ?
429: 0 : m_lfts->sadb_lifetime_usetime));
430:
431: str_lifetime_byte(m_lftc, "current");
432: str_lifetime_byte(m_lfth, "hard");
433: str_lifetime_byte(m_lfts, "soft");
434: printf("\n");
435:
436: printf("\tallocated: %lu",
437: (unsigned long)m_lftc->sadb_lifetime_allocations);
438: printf("\thard: %lu",
439: (u_long)(m_lfth == NULL ?
440: 0 : m_lfth->sadb_lifetime_allocations));
441: printf("\tsoft: %lu\n",
442: (u_long)(m_lfts == NULL ?
443: 0 : m_lfts->sadb_lifetime_allocations));
444: }
445:
446: #ifdef SADB_X_EXT_SEC_CTX
447: if (m_sec_ctx != NULL) {
448: printf("\tsecurity context doi: %u\n",
449: m_sec_ctx->sadb_x_ctx_doi);
450: printf("\tsecurity context algorithm: %u\n",
451: m_sec_ctx->sadb_x_ctx_alg);
452: printf("\tsecurity context length: %u\n",
453: m_sec_ctx->sadb_x_ctx_len);
454: printf("\tsecurity context: %s\n",
455: (char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx));
456: }
457: #endif
458:
459: printf("\tsadb_seq=%lu pid=%lu ",
460: (u_long)m->sadb_msg_seq,
461: (u_long)m->sadb_msg_pid);
462:
463: /* XXX DEBUG */
464: printf("refcnt=%u\n", m->sadb_msg_reserved);
465:
466: return;
467: }
468:
469: void
470: pfkey_spdump(m)
471: struct sadb_msg *m;
472: {
473: pfkey_spdump1(m, 0);
474: }
475:
476: void
477: pfkey_spdump_withports(m)
478: struct sadb_msg *m;
479: {
480: pfkey_spdump1(m, 1);
481: }
482:
483: static void
484: pfkey_spdump1(m, withports)
485: struct sadb_msg *m;
486: int withports;
487: {
488: char pbuf[NI_MAXSERV];
489: caddr_t mhp[SADB_EXT_MAX + 1];
490: struct sadb_address *m_saddr, *m_daddr;
491: #ifdef SADB_X_EXT_TAG
492: struct sadb_x_tag *m_tag;
493: #endif
494: struct sadb_x_policy *m_xpl;
495: struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
496: #ifdef SADB_X_EXT_SEC_CTX
497: struct sadb_x_sec_ctx *m_sec_ctx;
498: #endif
499: struct sockaddr *sa;
500: u_int16_t sport = 0, dport = 0;
501:
502: /* check pfkey message. */
503: if (pfkey_align(m, mhp)) {
504: printf("%s\n", ipsec_strerror());
505: return;
506: }
507: if (pfkey_check(mhp)) {
508: printf("%s\n", ipsec_strerror());
509: return;
510: }
511:
512: m_saddr = (void *)mhp[SADB_EXT_ADDRESS_SRC];
513: m_daddr = (void *)mhp[SADB_EXT_ADDRESS_DST];
514: #ifdef SADB_X_EXT_TAG
515: m_tag = (void *)mhp[SADB_X_EXT_TAG];
516: #endif
517: m_xpl = (void *)mhp[SADB_X_EXT_POLICY];
518: m_lftc = (void *)mhp[SADB_EXT_LIFETIME_CURRENT];
519: m_lfth = (void *)mhp[SADB_EXT_LIFETIME_HARD];
520:
521: #ifdef SADB_X_EXT_SEC_CTX
522: m_sec_ctx = (struct sadb_x_sec_ctx *)mhp[SADB_X_EXT_SEC_CTX];
523: #endif
524: #ifdef __linux__
525: /* *bsd indicates per-socket policies by omiting src and dst
526: * extensions. Linux always includes them, but we can catch it
527: * by checkin for policy id.
528: */
529: if (m_xpl->sadb_x_policy_id % 8 >= 3) {
530: printf("(per-socket policy) ");
531: } else
532: #endif
533: if (m_saddr && m_daddr) {
534: /* source address */
535: sa = (void *)(m_saddr + 1);
536: switch (sa->sa_family) {
537: case AF_INET:
538: case AF_INET6:
539: if (getnameinfo(sa, (socklen_t)sysdep_sa_len(sa), NULL,
540: 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
541: sport = 0; /*XXX*/
542: else
543: sport = atoi(pbuf);
544: printf("%s%s ", str_ipaddr(sa),
545: str_prefport((u_int)sa->sa_family,
546: (u_int)m_saddr->sadb_address_prefixlen,
547: (u_int)sport,
548: (u_int)m_saddr->sadb_address_proto));
549: break;
550: default:
551: printf("unknown-af ");
552: break;
553: }
554:
555: /* destination address */
556: sa = (void *)(m_daddr + 1);
557: switch (sa->sa_family) {
558: case AF_INET:
559: case AF_INET6:
560: if (getnameinfo(sa, (socklen_t)sysdep_sa_len(sa), NULL,
561: 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
562: dport = 0; /*XXX*/
563: else
564: dport = atoi(pbuf);
565: printf("%s%s ", str_ipaddr(sa),
566: str_prefport((u_int)sa->sa_family,
567: (u_int)m_daddr->sadb_address_prefixlen,
568: (u_int)dport,
569: (u_int)m_saddr->sadb_address_proto));
570: break;
571: default:
572: printf("unknown-af ");
573: break;
574: }
575:
576: /* upper layer protocol */
577: if (m_saddr->sadb_address_proto !=
578: m_daddr->sadb_address_proto) {
579: printf("upper layer protocol mismatched.\n");
580: return;
581: }
582: str_upperspec((u_int)m_saddr->sadb_address_proto, (u_int)sport,
583: (u_int)dport);
584: }
585: #ifdef SADB_X_EXT_TAG
586: else if (m_tag)
587: printf("tagged \"%s\" ", m_tag->sadb_x_tag_name);
588: #endif
589: else
590: printf("(no selector, probably per-socket policy) ");
591:
592: /* policy */
593: {
594: char *d_xpl;
595:
596: if (m_xpl == NULL) {
597: printf("no X_POLICY extension.\n");
598: return;
599: }
600: if (withports)
601: d_xpl = ipsec_dump_policy_withports(m_xpl, "\n\t");
602: else
603: d_xpl = ipsec_dump_policy((ipsec_policy_t)m_xpl, "\n\t");
604:
605: if (!d_xpl)
606: printf("\n\tPolicy:[%s]\n", ipsec_strerror());
607: else {
608: /* dump SPD */
609: printf("\n\t%s\n", d_xpl);
610: free(d_xpl);
611: }
612: }
613:
614: /* lifetime */
615: if (m_lftc) {
616: printf("\tcreated: %s ",
617: str_time((long)m_lftc->sadb_lifetime_addtime));
618: printf("lastused: %s\n",
619: str_time((long)m_lftc->sadb_lifetime_usetime));
620: }
621: if (m_lfth) {
622: printf("\tlifetime: %lu(s) ",
623: (u_long)m_lfth->sadb_lifetime_addtime);
624: printf("validtime: %lu(s)\n",
625: (u_long)m_lfth->sadb_lifetime_usetime);
626: }
627:
628: #ifdef SADB_X_EXT_SEC_CTX
629: if (m_sec_ctx != NULL) {
630: printf("\tsecurity context doi: %u\n",
631: m_sec_ctx->sadb_x_ctx_doi);
632: printf("\tsecurity context algorithm: %u\n",
633: m_sec_ctx->sadb_x_ctx_alg);
634: printf("\tsecurity context length: %u\n",
635: m_sec_ctx->sadb_x_ctx_len);
636: printf("\tsecurity context: %s\n",
637: (char *)m_sec_ctx + sizeof(struct sadb_x_sec_ctx));
638: }
639: #endif
640:
641: printf("\tspid=%ld seq=%ld pid=%ld\n",
642: (u_long)m_xpl->sadb_x_policy_id,
643: (u_long)m->sadb_msg_seq,
644: (u_long)m->sadb_msg_pid);
645:
646: /* XXX TEST */
647: printf("\trefcnt=%u\n", m->sadb_msg_reserved);
648:
649: return;
650: }
651:
652: /*
653: * set "ipaddress" to buffer.
654: */
655: static char *
656: str_ipaddr(sa)
657: struct sockaddr *sa;
658: {
659: static char buf[NI_MAXHOST];
660: const int niflag = NI_NUMERICHOST;
661:
662: if (sa == NULL)
663: return "";
664:
665: if (getnameinfo(sa, (socklen_t)sysdep_sa_len(sa), buf, sizeof(buf),
666: NULL, 0, niflag) == 0)
667: return buf;
668: return NULL;
669: }
670:
671: /*
672: * set "port" to buffer.
673: */
674: static char *
675: str_ipport(sa)
676: struct sockaddr *sa;
677: {
678: static char buf[NI_MAXHOST];
679: const int niflag = NI_NUMERICSERV;
680:
681: if (sa == NULL)
682: return "";
683:
684: if (getnameinfo(sa, (socklen_t)sysdep_sa_len(sa), NULL, 0,
685: buf, sizeof(buf), niflag) == 0)
686: return buf;
687: return NULL;
688: }
689:
690:
691: /*
692: * set "/prefix[port number]" to buffer.
693: */
694: static char *
695: str_prefport(family, pref, port, ulp)
696: u_int family, pref, port, ulp;
697: {
698: static char buf[128];
699: char prefbuf[128];
700: char portbuf[128];
701: int plen;
702:
703: switch (family) {
704: case AF_INET:
705: plen = sizeof(struct in_addr) << 3;
706: break;
707: case AF_INET6:
708: plen = sizeof(struct in6_addr) << 3;
709: break;
710: default:
711: return "?";
712: }
713:
714: if (pref == plen)
715: prefbuf[0] = '\0';
716: else
717: snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
718:
719: switch (ulp) {
720: case IPPROTO_ICMP:
721: case IPPROTO_ICMPV6:
722: case IPPROTO_MH:
723: case IPPROTO_GRE:
724: memset(portbuf, 0, sizeof(portbuf));
725: break;
726: default:
727: if (port == IPSEC_PORT_ANY)
728: strcpy(portbuf, "[any]");
729: else
730: snprintf(portbuf, sizeof(portbuf), "[%u]", port);
731: break;
732: }
733:
734: snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
735:
736: return buf;
737: }
738:
739: static void
740: str_upperspec(ulp, p1, p2)
741: u_int ulp, p1, p2;
742: {
743: struct protoent *ent;
744:
745: ent = getprotobynumber((int)ulp);
746: if (ent)
747: printf("%s", ent->p_name);
748: else
749: printf("%u", ulp);
750:
751: if (p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY)
752: return;
753:
754: switch (ulp) {
755: case IPPROTO_ICMP:
756: case IPPROTO_ICMPV6:
757: case IPPROTO_MH:
758: printf(" %u,%u", p1, p2);
759: break;
760: case IPPROTO_GRE:
761: printf(" %u", (p1 << 16) + p2);
762: break;
763: }
764: }
765:
766: /*
767: * set "Mon Day Time Year" to buffer
768: */
769: static char *
770: str_time(t)
771: time_t t;
772: {
773: static char buf[128];
774:
775: if (t == 0) {
776: int i = 0;
777: for (;i < 20;) buf[i++] = ' ';
778: } else {
779: char *t0;
780: if ((t0 = ctime(&t)) == NULL)
781: memset(buf, '?', 20);
782: else
783: memcpy(buf, t0 + 4, 20);
784: }
785:
786: buf[20] = '\0';
787:
788: return(buf);
789: }
790:
791: static void
792: str_lifetime_byte(x, str)
793: struct sadb_lifetime *x;
794: char *str;
795: {
796: double y;
797: char *unit;
798: int w;
799:
800: if (x == NULL) {
801: printf("\t%s: 0(bytes)", str);
802: return;
803: }
804:
805: #if 0
806: if ((x->sadb_lifetime_bytes) / 1024 / 1024) {
807: y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024;
808: unit = "M";
809: w = 1;
810: } else if ((x->sadb_lifetime_bytes) / 1024) {
811: y = (x->sadb_lifetime_bytes) * 1.0 / 1024;
812: unit = "K";
813: w = 1;
814: } else {
815: y = (x->sadb_lifetime_bytes) * 1.0;
816: unit = "";
817: w = 0;
818: }
819: #else
820: y = (x->sadb_lifetime_bytes) * 1.0;
821: unit = "";
822: w = 0;
823: #endif
824: printf("\t%s: %.*f(%sbytes)", str, w, y, unit);
825: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pfkey_dump.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / libipsec