| pfkey_dump.c (62583) | pfkey_dump.c (78064) |
|---|---|
| 1/* $FreeBSD: head/lib/libipsec/pfkey_dump.c 62583 2000-07-04 16:22:05Z itojun $ */ 2/* $KAME: pfkey_dump.c,v 1.19 2000/06/10 06:47:11 sakane Exp $ */ | 1/* $FreeBSD: head/lib/libipsec/pfkey_dump.c 78064 2001-06-11 12:39:29Z ume $ */ 2/* $KAME: pfkey_dump.c,v 1.27 2001/03/12 09:03:38 itojun Exp $ */ |
| 3 4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 36 unchanged lines hidden (view full) --- 47#include <stdio.h> 48#include <string.h> 49#include <time.h> 50#include <netdb.h> 51 52#include "ipsec_strerror.h" 53#include "libpfkey.h" 54 | 3 4/* 5 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 36 unchanged lines hidden (view full) --- 47#include <stdio.h> 48#include <string.h> 49#include <time.h> 50#include <netdb.h> 51 52#include "ipsec_strerror.h" 53#include "libpfkey.h" 54 |
| 55/* cope with old kame headers - ugly */ 56#ifndef SADB_X_AALG_MD5 57#define SADB_X_AALG_MD5 SADB_AALG_MD5 58#endif 59#ifndef SADB_X_AALG_SHA 60#define SADB_X_AALG_SHA SADB_AALG_SHA 61#endif 62#ifndef SADB_X_AALG_NULL 63#define SADB_X_AALG_NULL SADB_AALG_NULL 64#endif 65 66#ifndef SADB_X_EALG_BLOWFISHCBC 67#define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC 68#endif 69#ifndef SADB_X_EALG_CAST128CBC 70#define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC 71#endif 72#ifndef SADB_X_EALG_RC5CBC 73#ifdef SADB_EALG_RC5CBC 74#define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC 75#endif 76#endif 77 |
|
| 55#define GETMSGSTR(str, num) \ 56do { \ 57 if (sizeof((str)[0]) == 0 \ 58 || num >= sizeof(str)/sizeof((str)[0])) \ 59 printf("%d ", (num)); \ 60 else if (strlen((str)[(num)]) == 0) \ 61 printf("%d ", (num)); \ 62 else \ 63 printf("%s ", (str)[(num)]); \ 64} while (0) 65 | 78#define GETMSGSTR(str, num) \ 79do { \ 80 if (sizeof((str)[0]) == 0 \ 81 || num >= sizeof(str)/sizeof((str)[0])) \ 82 printf("%d ", (num)); \ 83 else if (strlen((str)[(num)]) == 0) \ 84 printf("%d ", (num)); \ 85 else \ 86 printf("%s ", (str)[(num)]); \ 87} while (0) 88 |
| 89#define GETMSGV2S(v2s, num) \ 90do { \ 91 struct val2str *p; \ 92 for (p = (v2s); p && p->str; p++) { \ 93 if (p->val == (num)) \ 94 break; \ 95 } \ 96 if (p && p->str) \ 97 printf("%s ", p->str); \ 98 else \ 99 printf("%d ", (num)); \ 100} while (0) 101 |
|
| 66static char *str_ipaddr __P((struct sockaddr *)); 67static char *str_prefport __P((u_int, u_int, u_int)); 68static char *str_time __P((time_t)); 69static void str_lifetime_byte __P((struct sadb_lifetime *, char *)); 70 | 102static char *str_ipaddr __P((struct sockaddr *)); 103static char *str_prefport __P((u_int, u_int, u_int)); 104static char *str_time __P((time_t)); 105static void str_lifetime_byte __P((struct sadb_lifetime *, char *)); 106 |
| 107struct val2str { 108 int val; 109 const char *str; 110}; 111 |
|
| 71/* 72 * Must to be re-written about following strings. 73 */ | 112/* 113 * Must to be re-written about following strings. 114 */ |
| 74static char *_str_satype[] = { | 115static char *str_satype[] = { |
| 75 "unspec", 76 "unknown", 77 "ah", 78 "esp", 79 "unknown", 80 "rsvp", 81 "ospfv2", 82 "ripv2", 83 "mip", 84 "ipcomp", 85}; 86 | 116 "unspec", 117 "unknown", 118 "ah", 119 "esp", 120 "unknown", 121 "rsvp", 122 "ospfv2", 123 "ripv2", 124 "mip", 125 "ipcomp", 126}; 127 |
| 87static char *_str_mode[] = { | 128static char *str_mode[] = { |
| 88 "any", 89 "transport", 90 "tunnel", 91}; 92 | 129 "any", 130 "transport", 131 "tunnel", 132}; 133 |
| 93static char *_str_upper[] = { | 134static char *str_upper[] = { |
| 94/*0*/ "ip", "icmp", "igmp", "ggp", "ip4", 95 "", "tcp", "", "egp", "", 96/*10*/ "", "", "", "", "", 97 "", "", "udp", "", "", 98/*20*/ "", "", "idp", "", "", 99 "", "", "", "", "tp", 100/*30*/ "", "", "", "", "", 101 "", "", "", "", "", 102/*40*/ "", "ip6", "", "rt6", "frag6", 103 "", "rsvp", "gre", "", "", 104/*50*/ "esp", "ah", "", "", "", 105 "", "", "", "icmp6", "none", 106/*60*/ "dst6", 107}; 108 | 135/*0*/ "ip", "icmp", "igmp", "ggp", "ip4", 136 "", "tcp", "", "egp", "", 137/*10*/ "", "", "", "", "", 138 "", "", "udp", "", "", 139/*20*/ "", "", "idp", "", "", 140 "", "", "", "", "tp", 141/*30*/ "", "", "", "", "", 142 "", "", "", "", "", 143/*40*/ "", "ip6", "", "rt6", "frag6", 144 "", "rsvp", "gre", "", "", 145/*50*/ "esp", "ah", "", "", "", 146 "", "", "", "icmp6", "none", 147/*60*/ "dst6", 148}; 149 |
| 109static char *_str_state[] = { | 150static char *str_state[] = { |
| 110 "larval", 111 "mature", 112 "dying", 113 "dead", 114}; 115 | 151 "larval", 152 "mature", 153 "dying", 154 "dead", 155}; 156 |
| 116static char *_str_alg_auth[] = { 117 "none", 118 "hmac-md5", 119 "hmac-sha1", 120 "md5", 121 "sha", 122 "null", | 157static struct val2str str_alg_auth[] = { 158 { SADB_AALG_NONE, "none", }, 159 { SADB_AALG_MD5HMAC, "hmac-md5", }, 160 { SADB_AALG_SHA1HMAC, "hmac-sha1", }, 161 { SADB_X_AALG_MD5, "md5", }, 162 { SADB_X_AALG_SHA, "sha", }, 163 { SADB_X_AALG_NULL, "null", }, 164#ifdef SADB_X_AALG_SHA2_256 165 { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, 166#endif 167#ifdef SADB_X_AALG_SHA2_384 168 { SADB_X_AALG_SHA2_384, "hmac-sha2-384", }, 169#endif 170#ifdef SADB_X_AALG_SHA2_512 171 { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, 172#endif 173 { -1, NULL, }, |
| 123}; 124 | 174}; 175 |
| 125static char *_str_alg_enc[] = { 126 "none", 127 "des-cbc", 128 "3des-cbc", 129 "null", 130 "blowfish-cbc", 131 "cast128-cbc", 132 "rc5-cbc", | 176static struct val2str str_alg_enc[] = { 177 { SADB_EALG_NONE, "none", }, 178 { SADB_EALG_DESCBC, "des-cbc", }, 179 { SADB_EALG_3DESCBC, "3des-cbc", }, 180 { SADB_EALG_NULL, "null", }, 181#ifdef SADB_X_EALG_RC5CBC 182 { SADB_X_EALG_RC5CBC, "rc5-cbc", }, 183#endif 184 { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, 185 { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, 186#ifdef SADB_X_EALG_RIJNDAELCBC 187 { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, 188#endif 189#ifdef SADB_X_EALG_TWOFISHCBC 190 { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", }, 191#endif 192 { -1, NULL, }, |
| 133}; 134 | 193}; 194 |
| 135static char *_str_alg_comp[] = { 136 "none", 137 "oui", 138 "deflate", 139 "lzs", | 195static struct val2str str_alg_comp[] = { 196 { SADB_X_CALG_NONE, "none", }, 197 { SADB_X_CALG_OUI, "oui", }, 198 { SADB_X_CALG_DEFLATE, "deflate", }, 199 { SADB_X_CALG_LZS, "lzs", }, 200 { -1, NULL, }, |
| 140}; 141 142/* 143 * dump SADB_MSG formated. For debugging, you should use kdebug_sadb(). 144 */ 145void 146pfkey_sadump(m) 147 struct sadb_msg *m; --- 51 unchanged lines hidden (view full) --- 199 return; 200 } 201 if (m_sa2 == NULL) { 202 printf("no SA2 extension.\n"); 203 return; 204 } 205 printf("\n\t"); 206 | 201}; 202 203/* 204 * dump SADB_MSG formated. For debugging, you should use kdebug_sadb(). 205 */ 206void 207pfkey_sadump(m) 208 struct sadb_msg *m; --- 51 unchanged lines hidden (view full) --- 260 return; 261 } 262 if (m_sa2 == NULL) { 263 printf("no SA2 extension.\n"); 264 return; 265 } 266 printf("\n\t"); 267 |
| 207 GETMSGSTR(_str_satype, m->sadb_msg_satype); | 268 GETMSGSTR(str_satype, m->sadb_msg_satype); |
| 208 209 printf("mode="); | 269 270 printf("mode="); |
| 210 GETMSGSTR(_str_mode, m_sa2->sadb_x_sa2_mode); | 271 GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode); |
| 211 212 printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n", 213 (u_int32_t)ntohl(m_sa->sadb_sa_spi), 214 (u_int32_t)ntohl(m_sa->sadb_sa_spi), 215 (u_int32_t)m_sa2->sadb_x_sa2_reqid, 216 (u_int32_t)m_sa2->sadb_x_sa2_reqid); 217 218 /* encryption key */ 219 if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { 220 printf("\tC: "); | 272 273 printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n", 274 (u_int32_t)ntohl(m_sa->sadb_sa_spi), 275 (u_int32_t)ntohl(m_sa->sadb_sa_spi), 276 (u_int32_t)m_sa2->sadb_x_sa2_reqid, 277 (u_int32_t)m_sa2->sadb_x_sa2_reqid); 278 279 /* encryption key */ 280 if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { 281 printf("\tC: "); |
| 221 GETMSGSTR(_str_alg_comp, m_sa->sadb_sa_encrypt); | 282 GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt); |
| 222 } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) { 223 if (m_enc != NULL) { 224 printf("\tE: "); | 283 } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) { 284 if (m_enc != NULL) { 285 printf("\tE: "); |
| 225 GETMSGSTR(_str_alg_enc, m_sa->sadb_sa_encrypt); | 286 GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt); |
| 226 ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc), 227 m_enc->sadb_key_bits / 8); 228 printf("\n"); 229 } 230 } 231 232 /* authentication key */ 233 if (m_auth != NULL) { 234 printf("\tA: "); | 287 ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc), 288 m_enc->sadb_key_bits / 8); 289 printf("\n"); 290 } 291 } 292 293 /* authentication key */ 294 if (m_auth != NULL) { 295 printf("\tA: "); |
| 235 GETMSGSTR(_str_alg_auth, m_sa->sadb_sa_auth); | 296 GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth); |
| 236 ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth), 237 m_auth->sadb_key_bits / 8); 238 printf("\n"); 239 } 240 241 /* replay windoe size & flags */ 242 printf("\treplay=%u flags=0x%08x ", 243 m_sa->sadb_sa_replay, 244 m_sa->sadb_sa_flags); 245 246 /* state */ 247 printf("state="); | 297 ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth), 298 m_auth->sadb_key_bits / 8); 299 printf("\n"); 300 } 301 302 /* replay windoe size & flags */ 303 printf("\treplay=%u flags=0x%08x ", 304 m_sa->sadb_sa_replay, 305 m_sa->sadb_sa_flags); 306 307 /* state */ 308 printf("state="); |
| 248 GETMSGSTR(_str_state, m_sa->sadb_sa_state); | 309 GETMSGSTR(str_state, m_sa->sadb_sa_state); |
| 249 250 printf("seq=%lu pid=%lu\n", 251 (u_long)m->sadb_msg_seq, 252 (u_long)m->sadb_msg_pid); 253 254 /* lifetime */ 255 if (m_lftc != NULL) { 256 time_t tmp_time = time(0); --- 45 unchanged lines hidden (view full) --- 302void 303pfkey_spdump(m) 304 struct sadb_msg *m; 305{ 306 char pbuf[NI_MAXSERV]; 307 caddr_t mhp[SADB_EXT_MAX + 1]; 308 struct sadb_address *m_saddr, *m_daddr; 309 struct sadb_x_policy *m_xpl; | 310 311 printf("seq=%lu pid=%lu\n", 312 (u_long)m->sadb_msg_seq, 313 (u_long)m->sadb_msg_pid); 314 315 /* lifetime */ 316 if (m_lftc != NULL) { 317 time_t tmp_time = time(0); --- 45 unchanged lines hidden (view full) --- 363void 364pfkey_spdump(m) 365 struct sadb_msg *m; 366{ 367 char pbuf[NI_MAXSERV]; 368 caddr_t mhp[SADB_EXT_MAX + 1]; 369 struct sadb_address *m_saddr, *m_daddr; 370 struct sadb_x_policy *m_xpl; |
| 371 struct sadb_lifetime *m_lft = NULL; |
|
| 310 struct sockaddr *sa; 311 u_int16_t port; 312 313 /* check pfkey message. */ 314 if (pfkey_align(m, mhp)) { 315 printf("%s\n", ipsec_strerror()); 316 return; 317 } 318 if (pfkey_check(mhp)) { 319 printf("%s\n", ipsec_strerror()); 320 return; 321 } 322 323 m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; 324 m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; 325 m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY]; | 372 struct sockaddr *sa; 373 u_int16_t port; 374 375 /* check pfkey message. */ 376 if (pfkey_align(m, mhp)) { 377 printf("%s\n", ipsec_strerror()); 378 return; 379 } 380 if (pfkey_check(mhp)) { 381 printf("%s\n", ipsec_strerror()); 382 return; 383 } 384 385 m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; 386 m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; 387 m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY]; |
| 388 m_lft = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; |
|
| 326 327 /* source address */ 328 if (m_saddr == NULL) { 329 printf("no ADDRESS_SRC extension.\n"); 330 return; 331 } 332 sa = (struct sockaddr *)(m_saddr + 1); 333 switch (sa->sa_family) { --- 39 unchanged lines hidden (view full) --- 373 /* upper layer protocol */ 374 if (m_saddr->sadb_address_proto != m_daddr->sadb_address_proto) { 375 printf("upper layer protocol mismatched.\n"); 376 return; 377 } 378 if (m_saddr->sadb_address_proto == IPSEC_ULPROTO_ANY) 379 printf("any"); 380 else | 389 390 /* source address */ 391 if (m_saddr == NULL) { 392 printf("no ADDRESS_SRC extension.\n"); 393 return; 394 } 395 sa = (struct sockaddr *)(m_saddr + 1); 396 switch (sa->sa_family) { --- 39 unchanged lines hidden (view full) --- 436 /* upper layer protocol */ 437 if (m_saddr->sadb_address_proto != m_daddr->sadb_address_proto) { 438 printf("upper layer protocol mismatched.\n"); 439 return; 440 } 441 if (m_saddr->sadb_address_proto == IPSEC_ULPROTO_ANY) 442 printf("any"); 443 else |
| 381 GETMSGSTR(_str_upper, m_saddr->sadb_address_proto); | 444 GETMSGSTR(str_upper, m_saddr->sadb_address_proto); |
| 382 383 /* policy */ 384 { 385 char *d_xpl; 386 387 if (m_xpl == NULL) { 388 printf("no X_POLICY extension.\n"); 389 return; 390 } 391 d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t"); 392 393 /* dump SPD */ 394 printf("\n\t%s\n", d_xpl); 395 free(d_xpl); 396 } 397 | 445 446 /* policy */ 447 { 448 char *d_xpl; 449 450 if (m_xpl == NULL) { 451 printf("no X_POLICY extension.\n"); 452 return; 453 } 454 d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t"); 455 456 /* dump SPD */ 457 printf("\n\t%s\n", d_xpl); 458 free(d_xpl); 459 } 460 |
| 461 /* lifetime */ 462 if (m_lft) { 463 printf("\tlifetime:%lu validtime:%lu\n", 464 (u_long)m_lft->sadb_lifetime_addtime, 465 (u_long)m_lft->sadb_lifetime_usetime); 466 } 467 |
|
| 398 printf("\tspid=%ld seq=%ld pid=%ld\n", 399 (u_long)m_xpl->sadb_x_policy_id, 400 (u_long)m->sadb_msg_seq, 401 (u_long)m->sadb_msg_pid); 402 403 /* XXX TEST */ 404 printf("\trefcnt=%u\n", m->sadb_msg_reserved); 405 --- 121 unchanged lines hidden --- | 468 printf("\tspid=%ld seq=%ld pid=%ld\n", 469 (u_long)m_xpl->sadb_x_policy_id, 470 (u_long)m->sadb_msg_seq, 471 (u_long)m->sadb_msg_pid); 472 473 /* XXX TEST */ 474 printf("\trefcnt=%u\n", m->sadb_msg_reserved); 475 --- 121 unchanged lines hidden --- |