static int xfrm_report_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
FILE *fp = (FILE *)arg;
struct xfrm_user_report *xrep = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr *tb[XFRMA_MAX+1];
__u16 family;
len -= NLMSG_LENGTH(sizeof(*xrep));
if (len < 0) {
fprintf(stderr, "BUG: wrong nlmsg len %d\n", len);
return -1;
}
family = xrep->sel.family;
if (family == AF_UNSPEC)
family = preferred_family;
fprintf(fp, "report ");
fprintf(fp, "proto %s ", strxf_xfrmproto(xrep->proto));
fprintf(fp, "%s", _SL_);
xfrm_selector_print(&xrep->sel, family, fp, " sel ");
parse_rtattr(tb, XFRMA_MAX, XFRMREP_RTA(xrep), len);
xfrm_xfrma_print(tb, family, fp, " ");
if (oneline)
fprintf(fp, "\n");
return 0;
}
static int xfrm_acquire_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
FILE *fp = (FILE*)arg;
struct xfrm_user_acquire *xacq = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr * tb[XFRMA_MAX+1];
__u16 family;
len -= NLMSG_LENGTH(sizeof(*xacq));
if (len < 0) {
fprintf(stderr, "BUG: wrong nlmsg len %d\n", len);
return -1;
}
parse_rtattr(tb, XFRMA_MAX, XFRMACQ_RTA(xacq), len);
family = xacq->sel.family;
if (family == AF_UNSPEC)
family = xacq->policy.sel.family;
if (family == AF_UNSPEC)
family = preferred_family;
fprintf(fp, "acquire ");
fprintf(fp, "proto %s ", strxf_xfrmproto(xacq->id.proto));
if (show_stats > 0 || xacq->id.spi) {
__u32 spi = ntohl(xacq->id.spi);
fprintf(fp, "spi 0x%08x", spi);
if (show_stats > 0)
fprintf(fp, "(%u)", spi);
fprintf(fp, " ");
}
fprintf(fp, "%s", _SL_);
xfrm_selector_print(&xacq->sel, family, fp, " sel ");
xfrm_policy_info_print(&xacq->policy, tb, fp, " ", " policy ");
if (show_stats > 0)
fprintf(fp, " seq 0x%08u ", xacq->seq);
if (show_stats > 0) {
fprintf(fp, "%s-mask %s ",
strxf_algotype(XFRMA_ALG_CRYPT),
strxf_mask32(xacq->ealgos));
fprintf(fp, "%s-mask %s ",
strxf_algotype(XFRMA_ALG_AUTH),
strxf_mask32(xacq->aalgos));
fprintf(fp, "%s-mask %s",
strxf_algotype(XFRMA_ALG_COMP),
strxf_mask32(xacq->calgos));
}
fprintf(fp, "%s", _SL_);
if (oneline)
fprintf(fp, "\n");
fflush(fp);
return 0;
}
void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
char buf[STRBUF_SIZE];
memset(buf, '\0', sizeof(buf));
xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
if (prefix)
STRBUF_CAT(buf, prefix);
STRBUF_CAT(buf, "\t");
fprintf(fp, buf);
fprintf(fp, "dir ");
switch (xpinfo->dir) {
case XFRM_POLICY_IN:
fprintf(fp, "in");
break;
case XFRM_POLICY_OUT:
fprintf(fp, "out");
break;
case XFRM_POLICY_FWD:
fprintf(fp, "fwd");
break;
default:
fprintf(fp, "%u", xpinfo->dir);
break;
}
fprintf(fp, " ");
switch (xpinfo->action) {
case XFRM_POLICY_ALLOW:
if (show_stats > 0)
fprintf(fp, "action allow ");
break;
case XFRM_POLICY_BLOCK:
fprintf(fp, "action block ");
break;
default:
fprintf(fp, "action %u ", xpinfo->action);
break;
}
if (show_stats)
fprintf(fp, "index %u ", xpinfo->index);
fprintf(fp, "priority %u ", xpinfo->priority);
if (show_stats > 0) {
fprintf(fp, "share %s ", strxf_share(xpinfo->share));
fprintf(fp, "flag 0x%s", strxf_mask8(xpinfo->flags));
}
fprintf(fp, "%s", _SL_);
if (show_stats > 0)
xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf);
xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf);
}
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
char buf[STRBUF_SIZE];
int force_spi = xfrm_xfrmproto_is_ipsec(xsinfo->id.proto);
memset(buf, '\0', sizeof(buf));
xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
xsinfo->reqid, xsinfo->family, force_spi, fp,
prefix, title);
if (prefix)
STRBUF_CAT(buf, prefix);
STRBUF_CAT(buf, "\t");
fputs(buf, fp);
fprintf(fp, "replay-window %u ", xsinfo->replay_window);
if (show_stats > 0)
fprintf(fp, "seq 0x%08u ", xsinfo->seq);
if (show_stats > 0 || xsinfo->flags) {
__u8 flags = xsinfo->flags;
fprintf(fp, "flag ");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOECN, "noecn");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_DECAP_DSCP, "decap-dscp");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOPMTUDISC, "nopmtudisc");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_WILDRECV, "wildrecv");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_ICMP, "icmp");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_AF_UNSPEC, "af-unspec");
if (flags)
fprintf(fp, "%x", flags);
}
if (show_stats > 0)
fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags));
fprintf(fp, "%s", _SL_);
xfrm_xfrma_print(tb, xsinfo->family, fp, buf);
if (!xfrm_selector_iszero(&xsinfo->sel)) {
char sbuf[STRBUF_SIZE];
memcpy(sbuf, buf, sizeof(sbuf));
STRBUF_CAT(sbuf, "sel ");
xfrm_selector_print(&xsinfo->sel, xsinfo->family, fp, sbuf);
}
if (show_stats > 0) {
xfrm_lifetime_print(&xsinfo->lft, &xsinfo->curlft, fp, buf);
xfrm_stats_print(&xsinfo->stats, fp, buf);
}
}
static int
parse_reply (struct nl_msg *msg, void *arg)
{
struct nlmsghdr *n = nlmsg_hdr (msg);
struct nlattr *tb[XFRMA_MAX + 1];
struct xfrm_userpolicy_info *xpinfo = NULL;
if (n->nlmsg_type != XFRM_MSG_NEWPOLICY) {
g_warning ("msg type %d not NEWPOLICY", n->nlmsg_type);
return NL_SKIP;
}
/* Netlink message header is followed by 'struct xfrm_userpolicy_info' and
* then the attributes.
*/
if (!nlmsg_valid_hdr (n, sizeof (struct xfrm_userpolicy_info))) {
g_warning ("msg too short");
return -NLE_MSG_TOOSHORT;
}
xpinfo = nlmsg_data (n);
if (nla_parse (tb, XFRMA_MAX,
nlmsg_attrdata (n, sizeof (struct xfrm_userpolicy_info)),
nlmsg_attrlen (n, sizeof (struct xfrm_userpolicy_info)),
NULL) < 0) {
g_warning ("failed to parse attributes");
return NL_SKIP;
}
if (tb[XFRMA_TMPL]) {
int attrlen = nla_len (tb[XFRMA_TMPL]);
struct xfrm_user_tmpl *list = nla_data (tb[XFRMA_TMPL]);
int i;
xfrm_selector_print (&xpinfo->sel);
for (i = 0; i < attrlen / sizeof (struct xfrm_user_tmpl); i++) {
struct xfrm_user_tmpl *tmpl = &list[i];
char buf[INET6_ADDRSTRLEN];
g_print (" tmpl ");
inet_ntop (tmpl->family, (gpointer) &tmpl->saddr, buf, sizeof (buf));
g_print ("src %s ", buf);
inet_ntop (tmpl->family, &tmpl->id.daddr, buf, sizeof (buf));
g_print ("dst %s\n", buf);
}
}
return NL_OK;
}
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
char buf[STRBUF_SIZE];
memset(buf, '\0', sizeof(buf));
xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
xsinfo->reqid, xsinfo->family, 1, fp, prefix,
title);
if (prefix)
STRBUF_CAT(buf, prefix);
STRBUF_CAT(buf, "\t");
fprintf(fp, buf);
fprintf(fp, "replay-window %u ", xsinfo->replay_window);
if (show_stats > 0)
fprintf(fp, "seq 0x%08u ", xsinfo->seq);
if (show_stats > 0 || xsinfo->flags) {
__u8 flags = xsinfo->flags;
fprintf(fp, "flag ");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOECN, "noecn");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_DECAP_DSCP, "decap-dscp");
if (flags)
fprintf(fp, "%x", flags);
if (show_stats > 0)
fprintf(fp, " (0x%s)", strxf_mask8(flags));
}
fprintf(fp, "%s", _SL_);
xfrm_xfrma_print(tb, xsinfo->family, fp, buf);
if (!xfrm_selector_iszero(&xsinfo->sel)) {
char sbuf[STRBUF_SIZE];
memcpy(sbuf, buf, sizeof(sbuf));
STRBUF_CAT(sbuf, "sel ");
xfrm_selector_print(&xsinfo->sel, xsinfo->family, fp, sbuf);
}
if (show_stats > 0) {
xfrm_lifetime_print(&xsinfo->lft, &xsinfo->curlft, fp, buf);
xfrm_stats_print(&xsinfo->stats, fp, buf);
}
}
void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
char buf[STRBUF_SIZE];
memset(buf, '\0', sizeof(buf));
xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
if (prefix)
STRBUF_CAT(buf, prefix);
STRBUF_CAT(buf, "\t");
fputs(buf, fp);
fprintf(fp, "dir ");
switch (xpinfo->dir) {
case XFRM_POLICY_IN:
fprintf(fp, "in");
break;
case XFRM_POLICY_OUT:
fprintf(fp, "out");
break;
case XFRM_POLICY_FWD:
fprintf(fp, "fwd");
break;
default:
fprintf(fp, "%u", xpinfo->dir);
break;
}
fprintf(fp, " ");
switch (xpinfo->action) {
case XFRM_POLICY_ALLOW:
if (show_stats > 0)
fprintf(fp, "action allow ");
break;
case XFRM_POLICY_BLOCK:
fprintf(fp, "action block ");
break;
default:
fprintf(fp, "action %u ", xpinfo->action);
break;
}
if (show_stats)
fprintf(fp, "index %u ", xpinfo->index);
fprintf(fp, "priority %u ", xpinfo->priority);
if (tb[XFRMA_POLICY_TYPE]) {
struct xfrm_userpolicy_type *upt;
fprintf(fp, "ptype ");
if (RTA_PAYLOAD(tb[XFRMA_POLICY_TYPE]) < sizeof(*upt))
fprintf(fp, "(ERROR truncated)");
upt = (struct xfrm_userpolicy_type *)RTA_DATA(tb[XFRMA_POLICY_TYPE]);
fprintf(fp, "%s ", strxf_ptype(upt->type));
}
if (show_stats > 0)
fprintf(fp, "share %s ", strxf_share(xpinfo->share));
if (show_stats > 0 || xpinfo->flags) {
__u8 flags = xpinfo->flags;
fprintf(fp, "flag ");
XFRM_FLAG_PRINT(fp, flags, XFRM_POLICY_LOCALOK, "localok");
if (flags)
fprintf(fp, "%x", flags);
}
if (show_stats > 0)
fprintf(fp, " (0x%s)", strxf_mask8(xpinfo->flags));
fprintf(fp, "%s", _SL_);
if (show_stats > 0)
xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf);
xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf);
}
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
char buf[STRBUF_SIZE];
int force_spi = xfrm_xfrmproto_is_ipsec(xsinfo->id.proto);
memset(buf, '\0', sizeof(buf));
xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
xsinfo->reqid, xsinfo->family, force_spi, fp,
prefix, title);
if (prefix)
STRBUF_CAT(buf, prefix);
STRBUF_CAT(buf, "\t");
fputs(buf, fp);
fprintf(fp, "replay-window %u ", xsinfo->replay_window);
if (show_stats > 0)
fprintf(fp, "seq 0x%08u ", xsinfo->seq);
if (show_stats > 0 || xsinfo->flags) {
__u8 flags = xsinfo->flags;
fprintf(fp, "flag ");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOECN, "noecn");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_DECAP_DSCP, "decap-dscp");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOPMTUDISC, "nopmtudisc");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_WILDRECV, "wildrecv");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_ICMP, "icmp");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_AF_UNSPEC, "af-unspec");
XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_ALIGN4, "align4");
if (flags)
fprintf(fp, "%x", flags);
}
if (show_stats > 0 && tb[XFRMA_SA_EXTRA_FLAGS]) {
__u32 extra_flags = *(__u32 *)RTA_DATA(tb[XFRMA_SA_EXTRA_FLAGS]);
fprintf(fp, "extra_flag ");
XFRM_FLAG_PRINT(fp, extra_flags,
XFRM_SA_XFLAG_DONT_ENCAP_DSCP,
"dont-encap-dscp");
if (extra_flags)
fprintf(fp, "%x", extra_flags);
}
if (show_stats > 0)
fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags));
fprintf(fp, "%s", _SL_);
xfrm_xfrma_print(tb, xsinfo->family, fp, buf);
if (!xfrm_selector_iszero(&xsinfo->sel)) {
char sbuf[STRBUF_SIZE];
memcpy(sbuf, buf, sizeof(sbuf));
STRBUF_CAT(sbuf, "sel ");
xfrm_selector_print(&xsinfo->sel, xsinfo->family, fp, sbuf);
}
if (show_stats > 0) {
xfrm_lifetime_print(&xsinfo->lft, &xsinfo->curlft, fp, buf);
xfrm_stats_print(&xsinfo->stats, fp, buf);
}
if (tb[XFRMA_SEC_CTX]) {
struct xfrm_user_sec_ctx *sctx;
fprintf(fp, "\tsecurity context ");
if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
fprintf(fp, "(ERROR truncated)");
sctx = (struct xfrm_user_sec_ctx *)RTA_DATA(tb[XFRMA_SEC_CTX]);
fprintf(fp, "%s %s", (char *)(sctx + 1), _SL_);
}
}
