]>
Commit | Line | Data |
---|---|---|
1 | /* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */ | |
2 | ||
3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | |
15 | * 3. Neither the name of the project nor the names of its contributors | |
16 | * may be used to endorse or promote products derived from this software | |
17 | * without specific prior written permission. | |
18 | * | |
19 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | |
30 | */ | |
31 | ||
32 | #ifdef HAVE_CONFIG_H | |
33 | #include "config.h" | |
34 | #endif | |
35 | ||
36 | #include <sys/types.h> | |
37 | #include <sys/param.h> | |
38 | #include <sys/socket.h> | |
39 | #ifdef HAVE_NETINET6_IPSEC | |
40 | # include <netinet6/ipsec.h> | |
41 | #else | |
42 | # include <netinet/ipsec.h> | |
43 | #endif | |
44 | ||
45 | #include <net/pfkeyv2.h> | |
46 | ||
47 | #include <netinet/in.h> | |
48 | #include <arpa/inet.h> | |
49 | ||
50 | #include <stdlib.h> | |
51 | #include <unistd.h> | |
52 | #include <stdio.h> | |
53 | #include <string.h> | |
54 | #include <time.h> | |
55 | #include <netdb.h> | |
56 | ||
57 | #include "ipsec_strerror.h" | |
58 | #include "libpfkey.h" | |
59 | ||
60 | /* cope with old kame headers - ugly */ | |
61 | #ifndef SADB_X_AALG_MD5 | |
62 | #define SADB_X_AALG_MD5 SADB_AALG_MD5 | |
63 | #endif | |
64 | #ifndef SADB_X_AALG_SHA | |
65 | #define SADB_X_AALG_SHA SADB_AALG_SHA | |
66 | #endif | |
67 | #ifndef SADB_X_AALG_NULL | |
68 | #define SADB_X_AALG_NULL SADB_AALG_NULL | |
69 | #endif | |
70 | ||
71 | #ifndef SADB_X_EALG_BLOWFISHCBC | |
72 | #define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC | |
73 | #endif | |
74 | #ifndef SADB_X_EALG_CAST128CBC | |
75 | #define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC | |
76 | #endif | |
77 | #ifndef SADB_X_EALG_RC5CBC | |
78 | #ifdef SADB_EALG_RC5CBC | |
79 | #define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC | |
80 | #endif | |
81 | #endif | |
82 | ||
83 | #define GETMSGSTR(str, num) \ | |
84 | do { \ | |
85 | /*CONSTCOND*/ \ | |
86 | if (sizeof((str)[0]) == 0 \ | |
87 | || num >= sizeof(str)/sizeof((str)[0])) \ | |
88 | printf("%u ", (num)); \ | |
89 | else if (strlen((str)[(num)]) == 0) \ | |
90 | printf("%u ", (num)); \ | |
91 | else \ | |
92 | printf("%s ", (str)[(num)]); \ | |
93 | } while (/*CONSTCOND*/0) | |
94 | ||
95 | #define GETMSGV2S(v2s, num) \ | |
96 | do { \ | |
97 | struct val2str *p; \ | |
98 | for (p = (v2s); p && p->str; p++) { \ | |
99 | if (p->val == (num)) \ | |
100 | break; \ | |
101 | } \ | |
102 | if (p && p->str) \ | |
103 | printf("%s ", p->str); \ | |
104 | else \ | |
105 | printf("%u ", (num)); \ | |
106 | } while (/*CONSTCOND*/0) | |
107 | ||
108 | static char *str_ipaddr (struct sockaddr *); | |
109 | static char *str_ipport (struct sockaddr *); | |
110 | static char *str_prefport (u_int, u_int, u_int, u_int); | |
111 | static void str_upperspec (u_int, u_int, u_int); | |
112 | static char *str_time (time_t); | |
113 | static void str_lifetime_byte (struct sadb_lifetime *, char *); | |
114 | static void pfkey_sadump1 (struct sadb_msg *, int); | |
115 | static void pfkey_spdump1 (struct sadb_msg *, int); | |
116 | ||
117 | struct val2str { | |
118 | int val; | |
119 | const char *str; | |
120 | }; | |
121 | ||
122 | /* | |
123 | * Must to be re-written about following strings. | |
124 | */ | |
125 | static char *str_satype[] = { | |
126 | "unspec", | |
127 | "unknown", | |
128 | "ah", | |
129 | "esp", | |
130 | "unknown", | |
131 | "rsvp", | |
132 | "ospfv2", | |
133 | "ripv2", | |
134 | "mip", | |
135 | "ipcomp", | |
136 | "policy", | |
137 | "tcp", | |
138 | }; | |
139 | ||
140 | static char *str_mode[] = { | |
141 | "any", | |
142 | "transport", | |
143 | "tunnel", | |
144 | }; | |
145 | ||
146 | static char *str_state[] = { | |
147 | "larval", | |
148 | "mature", | |
149 | "dying", | |
150 | "dead", | |
151 | }; | |
152 | ||
153 | static struct val2str str_alg_auth[] = { | |
154 | { SADB_AALG_NONE, "none", }, | |
155 | { SADB_AALG_MD5HMAC, "hmac-md5", }, | |
156 | { SADB_AALG_SHA1HMAC, "hmac-sha1", }, | |
157 | { SADB_X_AALG_MD5, "md5", }, | |
158 | { SADB_X_AALG_SHA, "sha", }, | |
159 | { SADB_X_AALG_NULL, "null", }, | |
160 | #ifdef SADB_X_AALG_TCP_MD5 | |
161 | { SADB_X_AALG_TCP_MD5, "tcp-md5", }, | |
162 | #endif | |
163 | #ifdef SADB_X_AALG_SHA2_256 | |
164 | { SADB_X_AALG_SHA2_256, "hmac-sha256", }, | |
165 | #endif | |
166 | #ifdef SADB_X_AALG_SHA2_384 | |
167 | { SADB_X_AALG_SHA2_384, "hmac-sha384", }, | |
168 | #endif | |
169 | #ifdef SADB_X_AALG_SHA2_512 | |
170 | { SADB_X_AALG_SHA2_512, "hmac-sha512", }, | |
171 | #endif | |
172 | #ifdef SADB_X_AALG_RIPEMD160HMAC | |
173 | { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, | |
174 | #endif | |
175 | #ifdef SADB_X_AALG_AES_XCBC_MAC | |
176 | { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, | |
177 | #endif | |
178 | { -1, NULL, }, | |
179 | }; | |
180 | ||
181 | static struct val2str str_alg_enc[] = { | |
182 | { SADB_EALG_NONE, "none", }, | |
183 | { SADB_EALG_DESCBC, "des-cbc", }, | |
184 | { SADB_EALG_3DESCBC, "3des-cbc", }, | |
185 | { SADB_EALG_NULL, "null", }, | |
186 | #ifdef SADB_X_EALG_RC5CBC | |
187 | { SADB_X_EALG_RC5CBC, "rc5-cbc", }, | |
188 | #endif | |
189 | { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, | |
190 | { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, | |
191 | #ifdef SADB_X_EALG_AESCBC | |
192 | { SADB_X_EALG_AESCBC, "aes-cbc", }, | |
193 | #endif | |
194 | #ifdef SADB_X_EALG_TWOFISHCBC | |
195 | { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", }, | |
196 | #endif | |
197 | #ifdef SADB_X_EALG_AESCTR | |
198 | { SADB_X_EALG_AESCTR, "aes-ctr", }, | |
199 | #endif | |
200 | #ifdef SADB_X_EALG_AES_GCM | |
201 | { SADB_X_EALG_AES_GCM, "aes-gcm", }, | |
202 | #endif | |
203 | #ifdef SADB_X_EALG_CHACHA20POLY1305 | |
204 | { SADB_X_EALG_CHACHA20POLY1305, "chacha20-poly1305", }, | |
205 | #endif | |
206 | { -1, NULL, }, | |
207 | }; | |
208 | ||
209 | static struct val2str str_alg_comp[] = { | |
210 | { SADB_X_CALG_NONE, "none", }, | |
211 | { SADB_X_CALG_OUI, "oui", }, | |
212 | { SADB_X_CALG_DEFLATE, "deflate", }, | |
213 | { SADB_X_CALG_LZS, "lzs", }, | |
214 | { -1, NULL, }, | |
215 | }; | |
216 | ||
217 | /* | |
218 | * dump SADB_MSG formated. For debugging, you should use kdebug_sadb(). | |
219 | */ | |
220 | ||
221 | void | |
222 | pfkey_sadump(m) | |
223 | struct sadb_msg *m; | |
224 | { | |
225 | pfkey_sadump1(m, 0); | |
226 | } | |
227 | ||
228 | void | |
229 | pfkey_sadump_withports(m) | |
230 | struct sadb_msg *m; | |
231 | { | |
232 | pfkey_sadump1(m, 1); | |
233 | } | |
234 | ||
235 | void | |
236 | pfkey_sadump1(m, withports) | |
237 | struct sadb_msg *m; | |
238 | int withports; | |
239 | { | |
240 | caddr_t mhp[SADB_EXT_MAX + 1]; | |
241 | struct sadb_sa *m_sa; | |
242 | struct sadb_x_sa2 *m_sa2; | |
243 | struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts; | |
244 | struct sadb_address *m_saddr, *m_daddr; | |
245 | #ifdef notdef | |
246 | struct sadb_address *m_paddr; | |
247 | #endif | |
248 | struct sadb_key *m_auth, *m_enc; | |
249 | #ifdef notdef | |
250 | struct sadb_ident *m_sid, *m_did; | |
251 | struct sadb_sens *m_sens; | |
252 | #endif | |
253 | #ifdef SADB_X_EXT_NAT_T_TYPE | |
254 | struct sadb_x_nat_t_type *natt_type; | |
255 | struct sadb_x_nat_t_port *natt_sport, *natt_dport; | |
256 | struct sadb_address *natt_oa; | |
257 | ||
258 | int use_natt = 0; | |
259 | #endif | |
260 | struct sadb_x_ipsecif *m_ipif = NULL; | |
261 | struct sockaddr *sa; | |
262 | ||
263 | /* check pfkey message. */ | |
264 | if (pfkey_align(m, mhp)) { | |
265 | printf("%s\n", ipsec_strerror()); | |
266 | return; | |
267 | } | |
268 | if (pfkey_check(mhp)) { | |
269 | printf("%s\n", ipsec_strerror()); | |
270 | return; | |
271 | } | |
272 | ||
273 | m_sa = (void *)mhp[SADB_EXT_SA]; | |
274 | m_sa2 = (void *)mhp[SADB_X_EXT_SA2]; | |
275 | m_lftc = (void *)mhp[SADB_EXT_LIFETIME_CURRENT]; | |
276 | m_lfth = (void *)mhp[SADB_EXT_LIFETIME_HARD]; | |
277 | m_lfts = (void *)mhp[SADB_EXT_LIFETIME_SOFT]; | |
278 | m_saddr = (void *)mhp[SADB_EXT_ADDRESS_SRC]; | |
279 | m_daddr = (void *)mhp[SADB_EXT_ADDRESS_DST]; | |
280 | #ifdef notdef | |
281 | m_paddr = (void *)mhp[SADB_EXT_ADDRESS_PROXY]; | |
282 | #endif | |
283 | m_auth = (void *)mhp[SADB_EXT_KEY_AUTH]; | |
284 | m_enc = (void *)mhp[SADB_EXT_KEY_ENCRYPT]; | |
285 | #ifdef notdef | |
286 | m_sid = (void *)mhp[SADB_EXT_IDENTITY_SRC]; | |
287 | m_did = (void *)mhp[SADB_EXT_IDENTITY_DST]; | |
288 | m_sens = (void *)mhp[SADB_EXT_SENSITIVITY]; | |
289 | #endif | |
290 | #ifdef SADB_X_EXT_NAT_T_TYPE | |
291 | natt_type = (void *)mhp[SADB_X_EXT_NAT_T_TYPE]; | |
292 | natt_sport = (void *)mhp[SADB_X_EXT_NAT_T_SPORT]; | |
293 | natt_dport = (void *)mhp[SADB_X_EXT_NAT_T_DPORT]; | |
294 | natt_oa = (void *)mhp[SADB_X_EXT_NAT_T_OA]; | |
295 | ||
296 | if (natt_type && natt_type->sadb_x_nat_t_type_type) | |
297 | use_natt = 1; | |
298 | #endif | |
299 | m_ipif = (void *)mhp[SADB_X_EXT_IPSECIF]; | |
300 | /* source address */ | |
301 | if (m_saddr == NULL) { | |
302 | printf("no ADDRESS_SRC extension.\n"); | |
303 | return; | |
304 | } | |
305 | sa = (void *)(m_saddr + 1); | |
306 | if (withports) | |
307 | printf("%s[%s]", str_ipaddr(sa), str_ipport(sa)); | |
308 | else | |
309 | printf("%s", str_ipaddr(sa)); | |
310 | #ifdef SADB_X_EXT_NAT_T_TYPE | |
311 | if (use_natt && natt_sport) | |
312 | printf("[%u]", ntohs(natt_sport->sadb_x_nat_t_port_port)); | |
313 | #endif | |
314 | printf(" "); | |
315 | ||
316 | /* destination address */ | |
317 | if (m_daddr == NULL) { | |
318 | printf(" no ADDRESS_DST extension.\n"); | |
319 | return; | |
320 | } | |
321 | sa = (void *)(m_daddr + 1); | |
322 | if (withports) | |
323 | printf("%s[%s]", str_ipaddr(sa), str_ipport(sa)); | |
324 | else | |
325 | printf("%s", str_ipaddr(sa)); | |
326 | #ifdef SADB_X_EXT_NAT_T_TYPE | |
327 | if (use_natt && natt_dport) | |
328 | printf("[%u]", ntohs(natt_dport->sadb_x_nat_t_port_port)); | |
329 | #endif | |
330 | printf(" "); | |
331 | ||
332 | /* SA type */ | |
333 | if (m_sa == NULL) { | |
334 | printf("no SA extension.\n"); | |
335 | return; | |
336 | } | |
337 | if (m_sa2 == NULL) { | |
338 | printf("no SA2 extension.\n"); | |
339 | return; | |
340 | } | |
341 | printf("\n\t"); | |
342 | ||
343 | #ifdef SADB_X_EXT_NAT_T_TYPE | |
344 | if (use_natt && m->sadb_msg_satype == SADB_SATYPE_ESP) | |
345 | printf("esp-udp "); | |
346 | else if (use_natt) | |
347 | printf("natt+"); | |
348 | ||
349 | if (!use_natt || m->sadb_msg_satype != SADB_SATYPE_ESP) | |
350 | #endif | |
351 | GETMSGSTR(str_satype, m->sadb_msg_satype); | |
352 | ||
353 | printf("mode="); | |
354 | GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode); | |
355 | ||
356 | printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n", | |
357 | (u_int32_t)ntohl(m_sa->sadb_sa_spi), | |
358 | (u_int32_t)ntohl(m_sa->sadb_sa_spi), | |
359 | (u_int32_t)m_sa2->sadb_x_sa2_reqid, | |
360 | (u_int32_t)m_sa2->sadb_x_sa2_reqid); | |
361 | ||
362 | #ifdef SADB_X_EXT_NAT_T_TYPE | |
363 | /* other NAT-T information */ | |
364 | if (use_natt && natt_oa) | |
365 | printf("\tNAT OA=%s\n", | |
366 | str_ipaddr((void *)(natt_oa + 1))); | |
367 | #endif | |
368 | ||
369 | /* encryption key */ | |
370 | if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { | |
371 | printf("\tC: "); | |
372 | GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt); | |
373 | } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) { | |
374 | if (m_enc != NULL) { | |
375 | printf("\tE: "); | |
376 | GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt); | |
377 | ipsec_hexdump((caddr_t)(void *)m_enc + sizeof(*m_enc), | |
378 | m_enc->sadb_key_bits / 8); | |
379 | printf("\n"); | |
380 | } | |
381 | } | |
382 | ||
383 | /* authentication key */ | |
384 | if (m_auth != NULL) { | |
385 | printf("\tA: "); | |
386 | GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth); | |
387 | ipsec_hexdump((caddr_t)(void *)m_auth + sizeof(*m_auth), | |
388 | m_auth->sadb_key_bits / 8); | |
389 | printf("\n"); | |
390 | } | |
391 | ||
392 | /* replay windoe size & flags */ | |
393 | printf("\tseq=0x%08x replay=%u flags=0x%08x ", | |
394 | m_sa2->sadb_x_sa2_sequence, | |
395 | m_sa->sadb_sa_replay, | |
396 | m_sa->sadb_sa_flags); | |
397 | ||
398 | #ifdef SADB_X_EXT_SA2_DELETE_ON_DETACH | |
399 | printf("flags2=0x%08x ", | |
400 | m_sa2->sadb_x_sa2_flags); | |
401 | #endif | |
402 | ||
403 | /* state */ | |
404 | printf("state="); | |
405 | GETMSGSTR(str_state, m_sa->sadb_sa_state); | |
406 | printf("\n"); | |
407 | ||
408 | if (m_ipif) { | |
409 | printf("\t"); | |
410 | if (m_ipif->sadb_x_ipsecif_internal_if[0]) | |
411 | printf("internal_if: %s ", m_ipif->sadb_x_ipsecif_internal_if); | |
412 | if (m_ipif->sadb_x_ipsecif_outgoing_if[0]) | |
413 | printf("outgoing_if: %s ", m_ipif->sadb_x_ipsecif_outgoing_if); | |
414 | if (m_ipif->sadb_x_ipsecif_ipsec_if[0]) | |
415 | printf("ipsec_if: %s ", m_ipif->sadb_x_ipsecif_ipsec_if); | |
416 | printf("disabled: %d\n", m_ipif->sadb_x_ipsecif_init_disabled); | |
417 | } | |
418 | ||
419 | /* lifetime */ | |
420 | if (m_lftc != NULL) { | |
421 | time_t tmp_time = time(0); | |
422 | ||
423 | printf("\tcreated: %s", | |
424 | str_time((long)m_lftc->sadb_lifetime_addtime)); | |
425 | printf("\tcurrent: %s\n", str_time(tmp_time)); | |
426 | printf("\tdiff: %lu(s)", | |
427 | (u_long)(m_lftc->sadb_lifetime_addtime == 0 ? | |
428 | 0 : (tmp_time - m_lftc->sadb_lifetime_addtime))); | |
429 | ||
430 | printf("\thard: %lu(s)", | |
431 | (u_long)(m_lfth == NULL ? | |
432 | 0 : m_lfth->sadb_lifetime_addtime)); | |
433 | printf("\tsoft: %lu(s)\n", | |
434 | (u_long)(m_lfts == NULL ? | |
435 | 0 : m_lfts->sadb_lifetime_addtime)); | |
436 | ||
437 | printf("\tlast: %s", | |
438 | str_time((long)m_lftc->sadb_lifetime_usetime)); | |
439 | printf("\thard: %lu(s)", | |
440 | (u_long)(m_lfth == NULL ? | |
441 | 0 : m_lfth->sadb_lifetime_usetime)); | |
442 | printf("\tsoft: %lu(s)\n", | |
443 | (u_long)(m_lfts == NULL ? | |
444 | 0 : m_lfts->sadb_lifetime_usetime)); | |
445 | ||
446 | str_lifetime_byte(m_lftc, "current"); | |
447 | str_lifetime_byte(m_lfth, "hard"); | |
448 | str_lifetime_byte(m_lfts, "soft"); | |
449 | printf("\n"); | |
450 | ||
451 | printf("\tallocated: %lu", | |
452 | (unsigned long)m_lftc->sadb_lifetime_allocations); | |
453 | printf("\thard: %lu", | |
454 | (u_long)(m_lfth == NULL ? | |
455 | 0 : m_lfth->sadb_lifetime_allocations)); | |
456 | printf("\tsoft: %lu\n", | |
457 | (u_long)(m_lfts == NULL ? | |
458 | 0 : m_lfts->sadb_lifetime_allocations)); | |
459 | } | |
460 | ||
461 | printf("\tsadb_seq=%lu pid=%lu ", | |
462 | (u_long)m->sadb_msg_seq, | |
463 | (u_long)m->sadb_msg_pid); | |
464 | ||
465 | /* XXX DEBUG */ | |
466 | printf("refcnt=%u\n", m->sadb_msg_reserved); | |
467 | ||
468 | return; | |
469 | } | |
470 | ||
471 | void | |
472 | pfkey_spdump(m) | |
473 | struct sadb_msg *m; | |
474 | { | |
475 | pfkey_spdump1(m, 0); | |
476 | } | |
477 | ||
478 | void | |
479 | pfkey_spdump_withports(m) | |
480 | struct sadb_msg *m; | |
481 | { | |
482 | pfkey_spdump1(m, 1); | |
483 | } | |
484 | ||
485 | static void | |
486 | pfkey_dump_single_address (struct sadb_address *addr) | |
487 | { | |
488 | u_int16_t port = 0; | |
489 | char pbuf[NI_MAXSERV]; | |
490 | struct sockaddr *sa; | |
491 | sa = (void *)(addr + 1); | |
492 | switch (sa->sa_family) { | |
493 | case AF_INET: | |
494 | case AF_INET6: | |
495 | if (getnameinfo(sa, (socklen_t)sysdep_sa_len((struct sockaddr *)sa), NULL, | |
496 | 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) | |
497 | port = 0; /*XXX*/ | |
498 | else | |
499 | port = atoi(pbuf); | |
500 | printf("%s%s", str_ipaddr(sa), | |
501 | str_prefport((u_int)sa->sa_family, | |
502 | (u_int)addr->sadb_address_prefixlen, | |
503 | (u_int)port, | |
504 | (u_int)addr->sadb_address_proto)); | |
505 | break; | |
506 | default: | |
507 | printf("unknown-af"); | |
508 | break; | |
509 | } | |
510 | ||
511 | } | |
512 | ||
513 | static void | |
514 | pfkey_spdump1(m, withports) | |
515 | struct sadb_msg *m; | |
516 | int withports; | |
517 | { | |
518 | char pbuf[NI_MAXSERV]; | |
519 | caddr_t mhp[SADB_EXT_MAX + 1]; | |
520 | struct sadb_address *m_saddr, *m_daddr; | |
521 | struct sadb_address *m_saddr_s, *m_saddr_e, *m_daddr_s, *m_daddr_e; | |
522 | #ifdef SADB_X_EXT_TAG | |
523 | struct sadb_x_tag *m_tag; | |
524 | #endif | |
525 | struct sadb_x_policy *m_xpl; | |
526 | struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL; | |
527 | struct sadb_x_ipsecif *m_ipif = NULL; | |
528 | struct sockaddr *sa; | |
529 | u_int16_t sport = 0, dport = 0; | |
530 | ||
531 | /* check pfkey message. */ | |
532 | if (pfkey_align(m, mhp)) { | |
533 | printf("%s\n", ipsec_strerror()); | |
534 | return; | |
535 | } | |
536 | if (pfkey_check(mhp)) { | |
537 | printf("%s\n", ipsec_strerror()); | |
538 | return; | |
539 | } | |
540 | ||
541 | m_saddr = (void *)mhp[SADB_EXT_ADDRESS_SRC]; | |
542 | m_daddr = (void *)mhp[SADB_EXT_ADDRESS_DST]; | |
543 | m_saddr_s = (void *)mhp[SADB_X_EXT_ADDR_RANGE_SRC_START]; | |
544 | m_saddr_e = (void *)mhp[SADB_X_EXT_ADDR_RANGE_SRC_END]; | |
545 | m_daddr_s = (void *)mhp[SADB_X_EXT_ADDR_RANGE_DST_START]; | |
546 | m_daddr_e = (void *)mhp[SADB_X_EXT_ADDR_RANGE_DST_END]; | |
547 | #ifdef SADB_X_EXT_TAG | |
548 | m_tag = (void *)mhp[SADB_X_EXT_TAG]; | |
549 | #endif | |
550 | m_xpl = (void *)mhp[SADB_X_EXT_POLICY]; | |
551 | m_lftc = (void *)mhp[SADB_EXT_LIFETIME_CURRENT]; | |
552 | m_lfth = (void *)mhp[SADB_EXT_LIFETIME_HARD]; | |
553 | m_ipif = (void *)mhp[SADB_X_EXT_IPSECIF]; | |
554 | ||
555 | if ((m_saddr || (m_saddr_s && m_saddr_e)) && (m_daddr || (m_daddr_s && m_daddr_e))) { | |
556 | /* source address */ | |
557 | if (m_saddr_s && m_saddr_e) { | |
558 | pfkey_dump_single_address(m_saddr_s); | |
559 | printf("-"); | |
560 | pfkey_dump_single_address(m_saddr_e); | |
561 | printf(" "); | |
562 | } else if (m_saddr) { | |
563 | sa = (void *)(m_saddr + 1); | |
564 | switch (sa->sa_family) { | |
565 | case AF_INET: | |
566 | case AF_INET6: | |
567 | if (getnameinfo(sa, (socklen_t)sysdep_sa_len((struct sockaddr *)sa), NULL, | |
568 | 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) | |
569 | sport = 0; /*XXX*/ | |
570 | else | |
571 | sport = atoi(pbuf); | |
572 | printf("%s%s ", str_ipaddr(sa), | |
573 | str_prefport((u_int)sa->sa_family, | |
574 | (u_int)m_saddr->sadb_address_prefixlen, | |
575 | (u_int)sport, | |
576 | (u_int)m_saddr->sadb_address_proto)); | |
577 | break; | |
578 | default: | |
579 | printf("unknown-af "); | |
580 | break; | |
581 | } | |
582 | } | |
583 | ||
584 | /* destination address */ | |
585 | if (m_daddr_s && m_daddr_e) { | |
586 | pfkey_dump_single_address(m_daddr_s); | |
587 | printf("-"); | |
588 | pfkey_dump_single_address(m_daddr_e); | |
589 | printf(" "); | |
590 | } else if (m_daddr) { | |
591 | sa = (void *)(m_daddr + 1); | |
592 | switch (sa->sa_family) { | |
593 | case AF_INET: | |
594 | case AF_INET6: | |
595 | if (getnameinfo(sa, (socklen_t)sysdep_sa_len((struct sockaddr *)sa), NULL, | |
596 | 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) | |
597 | dport = 0; /*XXX*/ | |
598 | else | |
599 | dport = atoi(pbuf); | |
600 | printf("%s%s ", str_ipaddr(sa), | |
601 | str_prefport((u_int)sa->sa_family, | |
602 | (u_int)m_daddr->sadb_address_prefixlen, | |
603 | (u_int)dport, | |
604 | (u_int)m_daddr->sadb_address_proto)); | |
605 | break; | |
606 | default: | |
607 | printf("unknown-af "); | |
608 | break; | |
609 | } | |
610 | } | |
611 | ||
612 | /* upper layer protocol */ | |
613 | if (m_saddr && m_daddr) { | |
614 | if (m_saddr->sadb_address_proto != | |
615 | m_daddr->sadb_address_proto) { | |
616 | printf("upper layer protocol mismatched.\n"); | |
617 | return; | |
618 | } | |
619 | str_upperspec((u_int)m_saddr->sadb_address_proto, (u_int)sport, | |
620 | (u_int)dport); | |
621 | } | |
622 | } | |
623 | #ifdef SADB_X_EXT_TAG | |
624 | else if (m_tag) | |
625 | printf("tagged \"%s\" ", m_tag->sadb_x_tag_name); | |
626 | #endif | |
627 | else | |
628 | printf("(no selector, probably per-socket policy) "); | |
629 | ||
630 | /* policy */ | |
631 | { | |
632 | char *d_xpl; | |
633 | ||
634 | if (m_xpl == NULL) { | |
635 | printf("no X_POLICY extension.\n"); | |
636 | return; | |
637 | } | |
638 | if (withports) | |
639 | d_xpl = ipsec_dump_policy_withports(m_xpl, "\n\t"); | |
640 | else | |
641 | d_xpl = ipsec_dump_policy((ipsec_policy_t)m_xpl, "\n\t"); | |
642 | ||
643 | if (!d_xpl) | |
644 | printf("\n\tPolicy:[%s]\n", ipsec_strerror()); | |
645 | else { | |
646 | /* dump SPD */ | |
647 | printf("\n\t%s\n", d_xpl); | |
648 | free(d_xpl); | |
649 | } | |
650 | } | |
651 | ||
652 | /* lifetime */ | |
653 | if (m_lftc) { | |
654 | printf("\tcreated: %s ", | |
655 | str_time((long)m_lftc->sadb_lifetime_addtime)); | |
656 | printf("lastused: %s\n", | |
657 | str_time((long)m_lftc->sadb_lifetime_usetime)); | |
658 | } | |
659 | if (m_lfth) { | |
660 | printf("\tlifetime: %lu(s) ", | |
661 | (u_long)m_lfth->sadb_lifetime_addtime); | |
662 | printf("validtime: %lu(s)\n", | |
663 | (u_long)m_lfth->sadb_lifetime_usetime); | |
664 | } | |
665 | ||
666 | if (m_ipif) { | |
667 | printf("\t"); | |
668 | if (m_ipif->sadb_x_ipsecif_internal_if[0]) | |
669 | printf("internal_if: %s ", m_ipif->sadb_x_ipsecif_internal_if); | |
670 | if (m_ipif->sadb_x_ipsecif_outgoing_if[0]) | |
671 | printf("outgoing_if: %s ", m_ipif->sadb_x_ipsecif_outgoing_if); | |
672 | if (m_ipif->sadb_x_ipsecif_ipsec_if[0]) | |
673 | printf("ipsec_if: %s ", m_ipif->sadb_x_ipsecif_ipsec_if); | |
674 | printf("disabled: %d\n", m_ipif->sadb_x_ipsecif_init_disabled); | |
675 | } | |
676 | ||
677 | printf("\tspid=%ld seq=%ld pid=%ld\n", | |
678 | (u_long)m_xpl->sadb_x_policy_id, | |
679 | (u_long)m->sadb_msg_seq, | |
680 | (u_long)m->sadb_msg_pid); | |
681 | ||
682 | /* XXX TEST */ | |
683 | printf("\trefcnt=%u\n", m->sadb_msg_reserved); | |
684 | ||
685 | return; | |
686 | } | |
687 | ||
688 | /* | |
689 | * set "ipaddress" to buffer. | |
690 | */ | |
691 | static char * | |
692 | str_ipaddr(sa) | |
693 | struct sockaddr *sa; | |
694 | { | |
695 | static char buf[NI_MAXHOST]; | |
696 | const int niflag = NI_NUMERICHOST; | |
697 | ||
698 | if (sa == NULL) | |
699 | return ""; | |
700 | ||
701 | if (getnameinfo(sa, (socklen_t)sysdep_sa_len(sa), buf, sizeof(buf), | |
702 | NULL, 0, niflag) == 0) | |
703 | return buf; | |
704 | return NULL; | |
705 | } | |
706 | ||
707 | /* | |
708 | * set "port" to buffer. | |
709 | */ | |
710 | static char * | |
711 | str_ipport(sa) | |
712 | struct sockaddr *sa; | |
713 | { | |
714 | static char buf[NI_MAXHOST]; | |
715 | const int niflag = NI_NUMERICSERV; | |
716 | ||
717 | if (sa == NULL) | |
718 | return ""; | |
719 | ||
720 | if (getnameinfo(sa, (socklen_t)sysdep_sa_len(sa), NULL, 0, | |
721 | buf, sizeof(buf), niflag) == 0) | |
722 | return buf; | |
723 | return NULL; | |
724 | } | |
725 | ||
726 | ||
727 | /* | |
728 | * set "/prefix[port number]" to buffer. | |
729 | */ | |
730 | static char * | |
731 | str_prefport(family, pref, port, ulp) | |
732 | u_int family, pref, port, ulp; | |
733 | { | |
734 | static char buf[128]; | |
735 | char prefbuf[128]; | |
736 | char portbuf[128]; | |
737 | int plen; | |
738 | ||
739 | switch (family) { | |
740 | case AF_INET: | |
741 | plen = sizeof(struct in_addr) << 3; | |
742 | break; | |
743 | case AF_INET6: | |
744 | plen = sizeof(struct in6_addr) << 3; | |
745 | break; | |
746 | default: | |
747 | return "?"; | |
748 | } | |
749 | ||
750 | if (pref == plen) | |
751 | prefbuf[0] = '\0'; | |
752 | else | |
753 | snprintf(prefbuf, sizeof(prefbuf), "/%u", pref); | |
754 | ||
755 | if (ulp == IPPROTO_ICMPV6) | |
756 | memset(portbuf, 0, sizeof(portbuf)); | |
757 | else { | |
758 | if (port == IPSEC_PORT_ANY) | |
759 | snprintf(portbuf, sizeof(portbuf), "[%s]", "any"); | |
760 | else | |
761 | snprintf(portbuf, sizeof(portbuf), "[%u]", port); | |
762 | } | |
763 | ||
764 | snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf); | |
765 | ||
766 | return buf; | |
767 | } | |
768 | ||
769 | static void | |
770 | str_upperspec(ulp, p1, p2) | |
771 | u_int ulp, p1, p2; | |
772 | { | |
773 | if (ulp == IPSEC_ULPROTO_ANY) | |
774 | printf("any"); | |
775 | else if (ulp == IPPROTO_ICMPV6) { | |
776 | printf("icmp6"); | |
777 | if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY)) | |
778 | printf(" %u,%u", p1, p2); | |
779 | } else { | |
780 | struct protoent *ent; | |
781 | ||
782 | switch (ulp) { | |
783 | case IPPROTO_IPV4: | |
784 | printf("ip4"); | |
785 | break; | |
786 | default: | |
787 | ent = getprotobynumber((int)ulp); | |
788 | if (ent) | |
789 | printf("%s", ent->p_name); | |
790 | else | |
791 | printf("%u", ulp); | |
792 | ||
793 | endprotoent(); | |
794 | break; | |
795 | } | |
796 | } | |
797 | } | |
798 | ||
799 | /* | |
800 | * set "Mon Day Time Year" to buffer | |
801 | */ | |
802 | static char * | |
803 | str_time(t) | |
804 | time_t t; | |
805 | { | |
806 | static char buf[128]; | |
807 | ||
808 | if (t == 0) { | |
809 | int i = 0; | |
810 | for (;i < 20;) buf[i++] = ' '; | |
811 | } else { | |
812 | char *t0; | |
813 | t0 = ctime(&t); | |
814 | memcpy(buf, t0 + 4, 20); | |
815 | } | |
816 | ||
817 | buf[20] = '\0'; | |
818 | ||
819 | return(buf); | |
820 | } | |
821 | ||
822 | static void | |
823 | str_lifetime_byte(x, str) | |
824 | struct sadb_lifetime *x; | |
825 | char *str; | |
826 | { | |
827 | double y; | |
828 | char *unit; | |
829 | int w; | |
830 | ||
831 | if (x == NULL) { | |
832 | printf("\t%s: 0(bytes)", str); | |
833 | return; | |
834 | } | |
835 | ||
836 | #if 0 | |
837 | if ((x->sadb_lifetime_bytes) / 1024 / 1024) { | |
838 | y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024; | |
839 | unit = "M"; | |
840 | w = 1; | |
841 | } else if ((x->sadb_lifetime_bytes) / 1024) { | |
842 | y = (x->sadb_lifetime_bytes) * 1.0 / 1024; | |
843 | unit = "K"; | |
844 | w = 1; | |
845 | } else { | |
846 | y = (x->sadb_lifetime_bytes) * 1.0; | |
847 | unit = ""; | |
848 | w = 0; | |
849 | } | |
850 | #else | |
851 | y = (x->sadb_lifetime_bytes) * 1.0; | |
852 | unit = ""; | |
853 | w = 0; | |
854 | #endif | |
855 | printf("\t%s: %.*f(%sbytes)", str, w, y, unit); | |
856 | } |