1: /* $NetBSD: setkey.c,v 1.14 2009/08/06 04:44:43 tteras Exp $ */
2:
3: /* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
4:
5: /*
6: * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. Redistributions in binary form must reproduce the above copyright
15: * notice, this list of conditions and the following disclaimer in the
16: * documentation and/or other materials provided with the distribution.
17: * 3. Neither the name of the project nor the names of its contributors
18: * may be used to endorse or promote products derived from this software
19: * without specific prior written permission.
20: *
21: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31: * SUCH DAMAGE.
32: */
33:
34: #ifdef HAVE_CONFIG_H
35: #include "config.h"
36: #endif
37:
38: #include <sys/types.h>
39: #include <sys/param.h>
40: #include <sys/socket.h>
41: #include <sys/time.h>
42: #include <sys/stat.h>
43: #include <sys/sysctl.h>
44: #include <err.h>
45: #include <netinet/in.h>
46: #include <net/pfkeyv2.h>
47: #include PATH_IPSEC_H
48:
49: #include <stdio.h>
50: #include <stdlib.h>
51: #include <limits.h>
52: #include <string.h>
53: #include <ctype.h>
54: #include <unistd.h>
55: #include <errno.h>
56: #include <netdb.h>
57: #include <fcntl.h>
58: #include <dirent.h>
59: #include <time.h>
60:
61: #ifdef HAVE_READLINE
62: #include <readline/readline.h>
63: #include <readline/history.h>
64: #endif
65:
66: #include "config.h"
67: #include "libpfkey.h"
68: #include "package_version.h"
69: #define extern /* so that variables in extern.h are not extern... */
70: #include "extern.h"
71:
72: #define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0')
73:
74: void usage __P((int));
75: int main __P((int, char **));
76: int get_supported __P((void));
77: void sendkeyshort __P((u_int));
78: void promisc __P((void));
79: int postproc __P((struct sadb_msg *, int));
80: int verifypriority __P((struct sadb_msg *m));
81: int fileproc __P((const char *));
82: const char *numstr __P((int));
83: void shortdump_hdr __P((void));
84: void shortdump __P((struct sadb_msg *));
85: static void printdate __P((void));
86: static int32_t gmt2local __P((time_t));
87: void stdin_loop __P((void));
88:
89: #define MODE_SCRIPT 1
90: #define MODE_CMDDUMP 2
91: #define MODE_CMDFLUSH 3
92: #define MODE_PROMISC 4
93: #define MODE_STDIN 5
94:
95: int so;
96:
97: int f_forever = 0;
98: int f_all = 0;
99: int f_verbose = 0;
100: int f_mode = 0;
101: int f_cmddump = 0;
102: int f_policy = 0;
103: int f_hexdump = 0;
104: int f_tflag = 0;
105: int f_notreally = 0;
106: int f_withports = 0;
107: #ifdef HAVE_POLICY_FWD
108: int f_rfcmode = 1;
109: #define RK_OPTS "rk"
110: #else
111: int f_rkwarn = 0;
112: #define RK_OPTS ""
113: static void rkwarn(void);
114: static void
115: rkwarn(void)
116: {
117: if (!f_rkwarn) {
118: f_rkwarn = 1;
119: printf("warning: -r and -k options are not supported in this environment\n");
120: }
121: }
122:
123: #endif
124: static time_t thiszone;
125:
126: void
127: usage(int only_version)
128: {
129: printf("setkey @(#) %s (%s)\n", TOP_PACKAGE_STRING, TOP_PACKAGE_URL);
130: if (! only_version) {
131: printf("usage: setkey [-v" RK_OPTS "] file ...\n");
132: printf(" setkey [-nv" RK_OPTS "] -c\n");
133: printf(" setkey [-nv" RK_OPTS "] -f filename\n");
134: printf(" setkey [-Palpv" RK_OPTS "] -D\n");
135: printf(" setkey [-Pv] -F\n");
136: printf(" setkey [-H] -x\n");
137: printf(" setkey [-V] [-h]\n");
138: }
139: exit(1);
140: }
141:
142: int
143: main(argc, argv)
144: int argc;
145: char **argv;
146: {
147: FILE *fp = stdin;
148: int c;
149:
150: if (argc == 1) {
151: usage(0);
152: /* NOTREACHED */
153: }
154:
155: thiszone = gmt2local(0);
156:
157: while ((c = getopt(argc, argv, "acdf:HlnvxDFPphVrk?")) != -1) {
158: switch (c) {
159: case 'c':
160: f_mode = MODE_STDIN;
161: #ifdef HAVE_READLINE
162: /* disable filename completion */
163: rl_bind_key('\t', rl_insert);
164: #endif
165: break;
166: case 'f':
167: f_mode = MODE_SCRIPT;
168: if ((fp = fopen(optarg, "r")) == NULL) {
169: err(1, "fopen");
170: /*NOTREACHED*/
171: }
172: break;
173: case 'D':
174: f_mode = MODE_CMDDUMP;
175: break;
176: case 'F':
177: f_mode = MODE_CMDFLUSH;
178: break;
179: case 'a':
180: f_all = 1;
181: break;
182: case 'l':
183: f_forever = 1;
184: break;
185: case 'n':
186: f_notreally = 1;
187: break;
188: #ifdef __NetBSD__
189: case 'h':
190: #endif
191: case 'H':
192: f_hexdump = 1;
193: break;
194: case 'x':
195: f_mode = MODE_PROMISC;
196: f_tflag++;
197: break;
198: case 'P':
199: f_policy = 1;
200: break;
201: case 'p':
202: f_withports = 1;
203: break;
204: case 'v':
205: f_verbose = 1;
206: break;
207: case 'r':
208: #ifdef HAVE_POLICY_FWD
209: f_rfcmode = 1;
210: #else
211: rkwarn();
212: #endif
213: break;
214: case 'k':
215: #ifdef HAVE_POLICY_FWD
216: f_rfcmode = 0;
217: #else
218: rkwarn();
219: #endif
220: break;
221: case 'V':
222: usage(1);
223: break;
224: /*NOTREACHED*/
225: #ifndef __NetBSD__
226: case 'h':
227: #endif
228: case '?':
229: default:
230: usage(0);
231: /*NOTREACHED*/
232: }
233: }
234:
235: argc -= optind;
236: argv += optind;
237:
238: if (argc > 0) {
239: while (argc--)
240: if (fileproc(*argv++) < 0) {
241: err(1, "%s", argv[-1]);
242: /*NOTREACHED*/
243: }
244: exit(0);
245: }
246:
247: so = pfkey_open();
248: if (so < 0) {
249: perror("pfkey_open");
250: exit(1);
251: }
252:
253: switch (f_mode) {
254: case MODE_CMDDUMP:
255: sendkeyshort(f_policy ? SADB_X_SPDDUMP : SADB_DUMP);
256: break;
257: case MODE_CMDFLUSH:
258: sendkeyshort(f_policy ? SADB_X_SPDFLUSH: SADB_FLUSH);
259: break;
260: case MODE_SCRIPT:
261: if (get_supported() < 0) {
262: errx(1, "%s", ipsec_strerror());
263: /*NOTREACHED*/
264: }
265: if (parse(&fp))
266: exit (1);
267: break;
268: case MODE_STDIN:
269: if (get_supported() < 0) {
270: errx(1, "%s", ipsec_strerror());
271: /*NOTREACHED*/
272: }
273: stdin_loop();
274: break;
275: case MODE_PROMISC:
276: promisc();
277: /*NOTREACHED*/
278: default:
279: usage(0);
280: /*NOTREACHED*/
281: }
282:
283: exit(0);
284: }
285:
286: int
287: get_supported()
288: {
289:
290: if (pfkey_send_register(so, SADB_SATYPE_UNSPEC) < 0)
291: return -1;
292:
293: if (pfkey_recv_register(so) < 0)
294: return -1;
295:
296: return (0);
297: }
298:
299: void
300: stdin_loop()
301: {
302: char line[1024], *semicolon, *comment;
303: size_t linelen = 0;
304:
305: memset (line, 0, sizeof(line));
306:
307: parse_init();
308: while (1) {
309: #ifdef HAVE_READLINE
310: char *rbuf;
311: rbuf = readline ("");
312: if (! rbuf)
313: break;
314: #else
315: char rbuf[1024];
316: rbuf[0] = '\0';
317: if (fgets(rbuf, sizeof(rbuf), stdin) == NULL)
318: break;
319: if (rbuf[strlen(rbuf)-1] == '\n')
320: rbuf[strlen(rbuf)-1] = '\0';
321: #endif
322: comment = strchr(rbuf, '#');
323: if (comment)
324: *comment = '\0';
325:
326: if (!rbuf[0])
327: continue;
328:
329: linelen += snprintf (&line[linelen], sizeof(line) - linelen,
330: "%s%s", linelen > 0 ? " " : "", rbuf);
331:
332: semicolon = strchr(line, ';');
333: while (semicolon) {
334: char saved_char = *++semicolon;
335: *semicolon = '\0';
336: #ifdef HAVE_READLINE
337: add_history (line);
338: #endif
339:
340: #ifdef HAVE_PFKEY_POLICY_PRIORITY
341: last_msg_type = -1; /* invalid message type */
342: #endif
343:
344: parse_string (line);
345: if (exit_now)
346: return;
347: if (saved_char) {
348: *semicolon = saved_char;
349: linelen = strlen (semicolon);
350: memmove (line, semicolon, linelen + 1);
351: semicolon = strchr(line, ';');
352: }
353: else {
354: semicolon = NULL;
355: linelen = 0;
356: }
357: }
358: }
359: }
360:
361: void
362: sendkeyshort(type)
363: u_int type;
364: {
365: struct sadb_msg msg;
366:
367: msg.sadb_msg_version = PF_KEY_V2;
368: msg.sadb_msg_type = type;
369: msg.sadb_msg_errno = 0;
370: msg.sadb_msg_satype = SADB_SATYPE_UNSPEC;
371: msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg));
372: msg.sadb_msg_reserved = 0;
373: msg.sadb_msg_seq = 0;
374: msg.sadb_msg_pid = getpid();
375:
376: sendkeymsg((char *)&msg, sizeof(msg));
377:
378: return;
379: }
380:
381: void
382: promisc()
383: {
384: struct sadb_msg msg;
385: u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
386: ssize_t l;
387:
388: msg.sadb_msg_version = PF_KEY_V2;
389: msg.sadb_msg_type = SADB_X_PROMISC;
390: msg.sadb_msg_errno = 0;
391: msg.sadb_msg_satype = 1;
392: msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg));
393: msg.sadb_msg_reserved = 0;
394: msg.sadb_msg_seq = 0;
395: msg.sadb_msg_pid = getpid();
396:
397: if ((l = send(so, &msg, sizeof(msg), 0)) < 0) {
398: err(1, "send");
399: /*NOTREACHED*/
400: }
401:
402: while (1) {
403: struct sadb_msg *base;
404:
405: if ((l = recv(so, rbuf, sizeof(*base), MSG_PEEK)) < 0) {
406: err(1, "recv");
407: /*NOTREACHED*/
408: }
409:
410: if (l != sizeof(*base))
411: continue;
412:
413: base = (struct sadb_msg *)rbuf;
414: if ((l = recv(so, rbuf, PFKEY_UNUNIT64(base->sadb_msg_len),
415: 0)) < 0) {
416: err(1, "recv");
417: /*NOTREACHED*/
418: }
419: printdate();
420: if (f_hexdump) {
421: int i;
422: for (i = 0; i < l; i++) {
423: if (i % 16 == 0)
424: printf("%08x: ", i);
425: printf("%02x ", rbuf[i] & 0xff);
426: if (i % 16 == 15)
427: printf("\n");
428: }
429: if (l % 16)
430: printf("\n");
431: }
432: /* adjust base pointer for promisc mode */
433: if (base->sadb_msg_type == SADB_X_PROMISC) {
434: if ((ssize_t)sizeof(*base) < l)
435: base++;
436: else
437: base = NULL;
438: }
439: if (base) {
440: kdebug_sadb(base);
441: printf("\n");
442: fflush(stdout);
443: }
444: }
445: }
446:
447: /* Generate 'spi' array with SPIs matching 'satype', 'srcs', and 'dsts'
448: * Return value is dynamically generated array of SPIs, also number of
449: * SPIs through num_spi pointer.
450: * On any error, set *num_spi to 0 and return NULL.
451: */
452: u_int32_t *
453: sendkeymsg_spigrep(satype, srcs, dsts, num_spi)
454: unsigned int satype;
455: struct addrinfo *srcs;
456: struct addrinfo *dsts;
457: int *num_spi;
458: {
459: struct sadb_msg msg, *m;
460: char *buf;
461: size_t len;
462: ssize_t l;
463: u_char rbuf[1024 * 32];
464: caddr_t mhp[SADB_EXT_MAX + 1];
465: struct sadb_address *saddr;
466: struct sockaddr *s;
467: struct addrinfo *a;
468: struct sadb_sa *sa;
469: u_int32_t *spi = NULL;
470: int max_spi = 0, fail = 0;
471:
472: *num_spi = 0;
473:
474: if (f_notreally) {
475: return NULL;
476: }
477:
478: {
479: struct timeval tv;
480: tv.tv_sec = 1;
481: tv.tv_usec = 0;
482: if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) {
483: perror("setsockopt");
484: return NULL;
485: }
486: }
487:
488: msg.sadb_msg_version = PF_KEY_V2;
489: msg.sadb_msg_type = SADB_DUMP;
490: msg.sadb_msg_errno = 0;
491: msg.sadb_msg_satype = satype;
492: msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg));
493: msg.sadb_msg_reserved = 0;
494: msg.sadb_msg_seq = 0;
495: msg.sadb_msg_pid = getpid();
496: buf = (char *)&msg;
497: len = sizeof(msg);
498:
499: if (f_verbose) {
500: kdebug_sadb(&msg);
501: printf("\n");
502: }
503: if (f_hexdump) {
504: int i;
505: for (i = 0; i < len; i++) {
506: if (i % 16 == 0)
507: printf("%08x: ", i);
508: printf("%02x ", buf[i] & 0xff);
509: if (i % 16 == 15)
510: printf("\n");
511: }
512: if (len % 16)
513: printf("\n");
514: }
515:
516: if ((l = send(so, buf, len, 0)) < 0) {
517: perror("send");
518: return NULL;
519: }
520:
521: m = (struct sadb_msg *)rbuf;
522: do {
523: if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
524: perror("recv");
525: fail = 1;
526: break;
527: }
528:
529: if (PFKEY_UNUNIT64(m->sadb_msg_len) != l) {
530: warnx("invalid keymsg length");
531: fail = 1;
532: break;
533: }
534:
535: if (f_verbose) {
536: kdebug_sadb(m);
537: printf("\n");
538: }
539:
540: if (m->sadb_msg_type != SADB_DUMP) {
541: warnx("unexpected message type");
542: fail = 1;
543: break;
544: }
545:
546: if (m->sadb_msg_errno != 0) {
547: warnx("error encountered");
548: fail = 1;
549: break;
550: }
551:
552: /* match satype */
553: if (m->sadb_msg_satype != satype)
554: continue;
555:
556: pfkey_align(m, mhp);
557: pfkey_check(mhp);
558:
559: /* match src */
560: saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
561: if (saddr == NULL)
562: continue;
563: s = (struct sockaddr *)(saddr + 1);
564: for (a = srcs; a; a = a->ai_next)
565: if (memcmp(a->ai_addr, s, a->ai_addrlen) == 0)
566: break;
567: if (a == NULL)
568: continue;
569:
570: /* match dst */
571: saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
572: if (saddr == NULL)
573: continue;
574: s = (struct sockaddr *)(saddr + 1);
575: for (a = dsts; a; a = a->ai_next)
576: if (memcmp(a->ai_addr, s, a->ai_addrlen) == 0)
577: break;
578: if (a == NULL)
579: continue;
580:
581: if (*num_spi >= max_spi) {
582: max_spi += 512;
583: spi = realloc(spi, max_spi * sizeof(u_int32_t));
584: }
585:
586: sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
587: if (sa != NULL)
588: spi[(*num_spi)++] = (u_int32_t)ntohl(sa->sadb_sa_spi);
589:
590: m = (struct sadb_msg *)((caddr_t)m + PFKEY_UNUNIT64(m->sadb_msg_len));
591:
592: if (f_verbose) {
593: kdebug_sadb(m);
594: printf("\n");
595: }
596:
597: } while (m->sadb_msg_seq);
598:
599: if (fail) {
600: free(spi);
601: *num_spi = 0;
602: return NULL;
603: }
604:
605: return spi;
606: }
607:
608: int
609: sendkeymsg(buf, len)
610: char *buf;
611: size_t len;
612: {
613: u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
614: ssize_t l;
615: struct sadb_msg *msg;
616:
617: if (f_notreally) {
618: goto end;
619: }
620:
621: {
622: struct timeval tv;
623: tv.tv_sec = 1;
624: tv.tv_usec = 0;
625: if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) {
626: perror("setsockopt");
627: goto end;
628: }
629: }
630:
631: if (f_forever)
632: shortdump_hdr();
633: again:
634: if (f_verbose) {
635: kdebug_sadb((struct sadb_msg *)buf);
636: printf("\n");
637: }
638: if (f_hexdump) {
639: int i;
640: for (i = 0; i < len; i++) {
641: if (i % 16 == 0)
642: printf("%08x: ", i);
643: printf("%02x ", buf[i] & 0xff);
644: if (i % 16 == 15)
645: printf("\n");
646: }
647: if (len % 16)
648: printf("\n");
649: }
650:
651: if ((l = send(so, buf, len, 0)) < 0) {
652: perror("send");
653: goto end;
654: }
655:
656: msg = (struct sadb_msg *)rbuf;
657: do {
658: if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
659: perror("recv");
660: goto end;
661: }
662:
663: if (PFKEY_UNUNIT64(msg->sadb_msg_len) != l) {
664: warnx("invalid keymsg length");
665: break;
666: }
667:
668: if (f_verbose) {
669: kdebug_sadb(msg);
670: printf("\n");
671: }
672: if (postproc(msg, l) < 0)
673: break;
674: } while (msg->sadb_msg_errno || msg->sadb_msg_seq);
675:
676: if (f_forever) {
677: fflush(stdout);
678: sleep(1);
679: goto again;
680: }
681:
682: end:
683: return (0);
684: }
685:
686: int
687: postproc(msg, len)
688: struct sadb_msg *msg;
689: int len;
690: {
691: #ifdef HAVE_PFKEY_POLICY_PRIORITY
692: static int priority_support_check = 0;
693: #endif
694:
695: if (msg->sadb_msg_errno != 0) {
696: char inf[80];
697: const char *errmsg = NULL;
698:
699: if (f_mode == MODE_SCRIPT)
700: snprintf(inf, sizeof(inf), "The result of line %d: ", lineno);
701: else
702: inf[0] = '\0';
703:
704: switch (msg->sadb_msg_errno) {
705: case ENOENT:
706: switch (msg->sadb_msg_type) {
707: case SADB_DELETE:
708: case SADB_GET:
709: case SADB_X_SPDDELETE:
710: errmsg = "No entry";
711: break;
712: case SADB_DUMP:
713: errmsg = "No SAD entries";
714: break;
715: case SADB_X_SPDDUMP:
716: errmsg = "No SPD entries";
717: break;
718: }
719: break;
720: default:
721: errmsg = strerror(msg->sadb_msg_errno);
722: }
723: printf("%s%s.\n", inf, errmsg);
724: return (-1);
725: }
726:
727: switch (msg->sadb_msg_type) {
728: case SADB_GET:
729: if (f_withports)
730: pfkey_sadump_withports(msg);
731: else
732: pfkey_sadump(msg);
733: break;
734:
735: case SADB_DUMP:
736: /* filter out DEAD SAs */
737: if (!f_all) {
738: caddr_t mhp[SADB_EXT_MAX + 1];
739: struct sadb_sa *sa;
740: pfkey_align(msg, mhp);
741: pfkey_check(mhp);
742: if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
743: if (sa->sadb_sa_state == SADB_SASTATE_DEAD)
744: break;
745: }
746: }
747: if (f_forever) {
748: /* TODO: f_withports */
749: shortdump(msg);
750: } else {
751: if (f_withports)
752: pfkey_sadump_withports(msg);
753: else
754: pfkey_sadump(msg);
755: }
756: msg = (struct sadb_msg *)((caddr_t)msg +
757: PFKEY_UNUNIT64(msg->sadb_msg_len));
758: if (f_verbose) {
759: kdebug_sadb((struct sadb_msg *)msg);
760: printf("\n");
761: }
762: break;
763:
764: case SADB_X_SPDGET:
765: if (f_withports)
766: pfkey_spdump_withports(msg);
767: else
768: pfkey_spdump(msg);
769: break;
770:
771: case SADB_X_SPDDUMP:
772: if (f_withports)
773: pfkey_spdump_withports(msg);
774: else
775: pfkey_spdump(msg);
776: if (msg->sadb_msg_seq == 0) break;
777: msg = (struct sadb_msg *)((caddr_t)msg +
778: PFKEY_UNUNIT64(msg->sadb_msg_len));
779: if (f_verbose) {
780: kdebug_sadb((struct sadb_msg *)msg);
781: printf("\n");
782: }
783: break;
784: #ifdef HAVE_PFKEY_POLICY_PRIORITY
785: case SADB_X_SPDADD:
786: if (last_msg_type == SADB_X_SPDADD && last_priority != 0 &&
787: msg->sadb_msg_pid == getpid() && !priority_support_check) {
788: priority_support_check = 1;
789: if (!verifypriority(msg))
790: printf ("WARNING: Kernel does not support policy priorities\n");
791: }
792: break;
793: #endif
794: }
795:
796: return (0);
797: }
798:
799: #ifdef HAVE_PFKEY_POLICY_PRIORITY
800: int
801: verifypriority(m)
802: struct sadb_msg *m;
803: {
804: caddr_t mhp[SADB_EXT_MAX + 1];
805: struct sadb_x_policy *xpl;
806:
807: /* check pfkey message. */
808: if (pfkey_align(m, mhp)) {
809: printf("(%s\n", ipsec_strerror());
810: return 0;
811: }
812: if (pfkey_check(mhp)) {
813: printf("%s\n", ipsec_strerror());
814: return 0;
815: }
816:
817: xpl = (struct sadb_x_policy *) mhp[SADB_X_EXT_POLICY];
818:
819: if (xpl == NULL) {
820: printf("no X_POLICY extension.\n");
821: return 0;
822: }
823:
824: /* now make sure they match */
825: if (last_priority != xpl->sadb_x_policy_priority)
826: return 0;
827:
828: return 1;
829: }
830: #endif
831:
832: int
833: fileproc(filename)
834: const char *filename;
835: {
836: int fd;
837: ssize_t len, l;
838: u_char *p, *ep;
839: struct sadb_msg *msg;
840: u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
841:
842: fd = open(filename, O_RDONLY);
843: if (fd < 0)
844: return -1;
845:
846: l = 0;
847: while (1) {
848: len = read(fd, rbuf + l, sizeof(rbuf) - l);
849: if (len < 0) {
850: close(fd);
851: return -1;
852: } else if (len == 0)
853: break;
854: l += len;
855: }
856:
857: if (l < sizeof(struct sadb_msg)) {
858: close(fd);
859: errno = EINVAL;
860: return -1;
861: }
862: close(fd);
863:
864: p = rbuf;
865: ep = rbuf + l;
866:
867: while (p < ep) {
868: msg = (struct sadb_msg *)p;
869: len = PFKEY_UNUNIT64(msg->sadb_msg_len);
870: postproc(msg, len);
871: p += len;
872: }
873:
874: return (0);
875: }
876:
877:
878: /*------------------------------------------------------------*/
879: static const char *satype[] = {
880: NULL, NULL, "ah", "esp"
881: };
882: static const char *sastate[] = {
883: "L", "M", "D", "d"
884: };
885: static const char *ipproto[] = {
886: /*0*/ "ip", "icmp", "igmp", "ggp", "ip4",
887: NULL, "tcp", NULL, "egp", NULL,
888: /*10*/ NULL, NULL, NULL, NULL, NULL,
889: NULL, NULL, "udp", NULL, NULL,
890: /*20*/ NULL, NULL, "idp", NULL, NULL,
891: NULL, NULL, NULL, NULL, "tp",
892: /*30*/ NULL, NULL, NULL, NULL, NULL,
893: NULL, NULL, NULL, NULL, NULL,
894: /*40*/ NULL, "ip6", NULL, "rt6", "frag6",
895: NULL, "rsvp", "gre", NULL, NULL,
896: /*50*/ "esp", "ah", NULL, NULL, NULL,
897: NULL, NULL, NULL, "icmp6", "none",
898: /*60*/ "dst6",
899: };
900:
901: #define STR_OR_ID(x, tab) \
902: (((x) < sizeof(tab)/sizeof(tab[0]) && tab[(x)]) ? tab[(x)] : numstr(x))
903:
904: const char *
905: numstr(x)
906: int x;
907: {
908: static char buf[20];
909: snprintf(buf, sizeof(buf), "#%d", x);
910: return buf;
911: }
912:
913: void
914: shortdump_hdr()
915: {
916: printf("%-4s %-3s %-1s %-8s %-7s %s -> %s\n",
917: "time", "p", "s", "spi", "ltime", "src", "dst");
918: }
919:
920: void
921: shortdump(msg)
922: struct sadb_msg *msg;
923: {
924: caddr_t mhp[SADB_EXT_MAX + 1];
925: char buf[NI_MAXHOST], pbuf[NI_MAXSERV];
926: struct sadb_sa *sa;
927: struct sadb_address *saddr;
928: struct sadb_lifetime *lts, *lth, *ltc;
929: struct sockaddr *s;
930: u_int t;
931: time_t cur = time(0);
932:
933: pfkey_align(msg, mhp);
934: pfkey_check(mhp);
935:
936: printf("%02lu%02lu", (u_long)(cur % 3600) / 60, (u_long)(cur % 60));
937:
938: printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype));
939:
940: if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
941: printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate));
942: printf(" %08x", (u_int32_t)ntohl(sa->sadb_sa_spi));
943: } else
944: printf("%-1s %-8s", "?", "?");
945:
946: lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
947: lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
948: ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
949: if (lts && lth && ltc) {
950: if (ltc->sadb_lifetime_addtime == 0)
951: t = (u_long)0;
952: else
953: t = (u_long)(cur - ltc->sadb_lifetime_addtime);
954: if (t >= 1000)
955: strlcpy(buf, " big/", sizeof(buf));
956: else
957: snprintf(buf, sizeof(buf), " %3lu/", (u_long)t);
958: printf("%s", buf);
959:
960: t = (u_long)lth->sadb_lifetime_addtime;
961: if (t >= 1000)
962: strlcpy(buf, "big", sizeof(buf));
963: else
964: snprintf(buf, sizeof(buf), "%-3lu", (u_long)t);
965: printf("%s", buf);
966: } else
967: printf(" ??\?/???"); /* backslash to avoid trigraph ??/ */
968:
969: printf(" ");
970:
971: if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
972: if (saddr->sadb_address_proto)
973: printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
974: s = (struct sockaddr *)(saddr + 1);
975: getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
976: pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
977: if (strcmp(pbuf, "0") != 0)
978: printf("%s[%s]", buf, pbuf);
979: else
980: printf("%s", buf);
981: } else
982: printf("?");
983:
984: printf(" -> ");
985:
986: if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
987: if (saddr->sadb_address_proto)
988: printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
989:
990: s = (struct sockaddr *)(saddr + 1);
991: getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
992: pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
993: if (strcmp(pbuf, "0") != 0)
994: printf("%s[%s]", buf, pbuf);
995: else
996: printf("%s", buf);
997: } else
998: printf("?");
999:
1000: printf("\n");
1001: }
1002:
1003: /* From: tcpdump(1):gmt2local.c and util.c */
1004: /*
1005: * Print the timestamp
1006: */
1007: static void
1008: printdate()
1009: {
1010: struct timeval tp;
1011: int s;
1012:
1013: if (gettimeofday(&tp, NULL) == -1) {
1014: perror("gettimeofday");
1015: return;
1016: }
1017:
1018: if (f_tflag == 1) {
1019: /* Default */
1020: s = (tp.tv_sec + thiszone ) % 86400;
1021: (void)printf("%02d:%02d:%02d.%06u ",
1022: s / 3600, (s % 3600) / 60, s % 60, (u_int32_t)tp.tv_usec);
1023: } else if (f_tflag > 1) {
1024: /* Unix timeval style */
1025: (void)printf("%u.%06u ",
1026: (u_int32_t)tp.tv_sec, (u_int32_t)tp.tv_usec);
1027: }
1028:
1029: printf("\n");
1030: }
1031:
1032: /*
1033: * Returns the difference between gmt and local time in seconds.
1034: * Use gmtime() and localtime() to keep things simple.
1035: */
1036: int32_t
1037: gmt2local(time_t t)
1038: {
1039: register int dt, dir;
1040: register struct tm *gmt, *loc;
1041: struct tm sgmt;
1042:
1043: if (t == 0)
1044: t = time(NULL);
1045: gmt = &sgmt;
1046: *gmt = *gmtime(&t);
1047: loc = localtime(&t);
1048: dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 +
1049: (loc->tm_min - gmt->tm_min) * 60;
1050:
1051: /*
1052: * If the year or julian day is different, we span 00:00 GMT
1053: * and must add or subtract a day. Check the year first to
1054: * avoid problems when the julian day wraps.
1055: */
1056: dir = loc->tm_year - gmt->tm_year;
1057: if (dir == 0)
1058: dir = loc->tm_yday - gmt->tm_yday;
1059: dt += dir * 24 * 60 * 60;
1060:
1061: return (dt);
1062: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to setkey.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / setkey