exit(-1);
}
+/* This is based on utils.c(inet_addr_match) */
+int xfrm_addr_match(xfrm_address_t *x1, xfrm_address_t *x2, int bits)
+{
+ __u32 *a1 = (__u32 *)x1;
+ __u32 *a2 = (__u32 *)x2;
+ int words = bits >> 0x05;
+
+ bits &= 0x1f;
+
+ if (words)
+ if (memcmp(a1, a2, words << 2))
+ return -1;
+
+ if (bits) {
+ __u32 w1, w2;
+ __u32 mask;
+
+ w1 = a1[words];
+ w2 = a2[words];
+
+ mask = htonl((0xffffffff) << (0x20 - bits));
+
+ if ((w1 ^ w2) & mask)
+ return 1;
+ }
+
+ return 0;
+}
+
struct typeent {
const char *t_name;
int t_type;
};
static const struct typeent xfrmproto_types[]= {
- { "esp", IPPROTO_ESP }, { "ah", IPPROTO_AH },
- { "comp", IPPROTO_COMP }, { NULL, -1 }
+ { "esp", IPPROTO_ESP }, { "ah", IPPROTO_AH }, { "comp", IPPROTO_COMP },
+ { NULL, -1 }
};
int xfrm_xfrmproto_getbyname(char *name)
return NULL;
}
-const char *strxf_flags(__u8 flags)
+const char *strxf_mask8(__u8 mask)
{
static char str[16];
- const int sn = sizeof(flags) * 8 - 1;
+ const int sn = sizeof(mask) * 8 - 1;
__u8 b;
int i = 0;
for (b = (1 << sn); b > 0; b >>= 1)
- str[i++] = ((b & flags) ? '1' : '0');
+ str[i++] = ((b & mask) ? '1' : '0');
str[i] = '\0';
return str;
}
+const char *strxf_mask32(__u32 mask)
+{
+ static char str[16];
+
+ sprintf(str, "%.8x", mask);
+
+ return str;
+}
+
const char *strxf_share(__u8 share)
{
static char str[32];
strcpy(str, "unique");
break;
default:
- sprintf(str, "%d", share);
+ sprintf(str, "%u", share);
break;
}
if (pp)
p = pp->p_name;
else {
- sprintf(buf, "%d", proto);
+ sprintf(buf, "%u", proto);
p = buf;
}
}
void xfrm_id_info_print(xfrm_address_t *saddr, struct xfrm_id *id,
- __u8 mode, __u32 reqid, __u16 family, FILE *fp,
- const char *prefix)
+ __u8 mode, __u32 reqid, __u16 family, int force_spi,
+ FILE *fp, const char *prefix)
{
char abuf[256];
- __u32 spi;
if (prefix)
fprintf(fp, prefix);
fprintf(fp, "proto %s ", strxf_xfrmproto(id->proto));
- spi = ntohl(id->spi);
- fprintf(fp, "spi 0x%08x", spi);
- if (show_stats > 0)
- fprintf(fp, "(%u)", spi);
- fprintf(fp, " ");
+
+ if (show_stats > 0 || force_spi || id->spi) {
+ __u32 spi = ntohl(id->spi);
+ fprintf(fp, "spi 0x%08x", spi);
+ if (show_stats > 0)
+ fprintf(fp, "(%u)", spi);
+ fprintf(fp, " ");
+ }
fprintf(fp, "reqid %u", reqid);
if (show_stats > 0)
if (prefix)
fprintf(fp, prefix);
fprintf(fp, " ");
- fprintf(fp, "replay-window %d ", s->replay_window);
- fprintf(fp, "replay %d ", s->replay);
- fprintf(fp, "failed %d", s->integrity_failed);
+ fprintf(fp, "replay-window %u ", s->replay_window);
+ fprintf(fp, "replay %u ", s->replay);
+ fprintf(fp, "failed %u", s->integrity_failed);
fprintf(fp, "%s", _SL_);
}
fprintf(fp, prefix);
memset(abuf, '\0', sizeof(abuf));
- fprintf(fp, "src %s/%d ", rt_addr_n2a(f, sizeof(sel->saddr),
+ fprintf(fp, "src %s/%u ", rt_addr_n2a(f, sizeof(sel->saddr),
&sel->saddr, abuf, sizeof(abuf)),
sel->prefixlen_s);
memset(abuf, '\0', sizeof(abuf));
- fprintf(fp, "dst %s/%d ", rt_addr_n2a(f, sizeof(sel->daddr),
+ fprintf(fp, "dst %s/%u ", rt_addr_n2a(f, sizeof(sel->daddr),
&sel->daddr, abuf, sizeof(abuf)),
sel->prefixlen_d);
fprintf(fp, "%s", _SL_);
}
-static void xfrm_algo_print(struct xfrm_algo *algo, int type, FILE *fp,
- const char *prefix)
+static void xfrm_algo_print(struct xfrm_algo *algo, int type, int len,
+ FILE *fp, const char *prefix)
{
- int len;
+ int keylen;
int i;
if (prefix)
fprintf(fp, prefix);
fprintf(fp, "%s ", strxf_algotype(type));
+
+ if (len < sizeof(*algo)) {
+ fprintf(fp, "(ERROR truncated)");
+ goto fin;
+ }
+ len -= sizeof(*algo);
+
fprintf(fp, "%s ", algo->alg_name);
+ keylen = algo->alg_key_len / 8;
+ if (len < keylen) {
+ fprintf(fp, "(ERROR truncated)");
+ goto fin;
+ }
+
fprintf(fp, "0x");
- len = algo->alg_key_len / 8;
- for (i = 0; i < len; i ++)
+ for (i = 0; i < keylen; i ++)
fprintf(fp, "%.2x", (unsigned char)algo->alg_key[i]);
if (show_stats > 0)
fprintf(fp, " (%d bits)", algo->alg_key_len);
+ fin:
fprintf(fp, "%s", _SL_);
}
-static const char *strxf_mask(__u32 mask)
-{
- static char str[128];
- const int sn = sizeof(mask) * 8 - 1;
- __u32 b;
- int finish = 0;
- int broken = 0;
- int i = 0;
-
- for (b = (1 << sn); b > 0; b >>= 1) {
- if ((b & mask) == 0) {
- if (!finish)
- finish = 1;
- } else {
- if (!finish)
- i ++;
- else {
- broken = 1;
- break;
- }
- }
- }
-
- if (!broken)
- sprintf(str, "%u", i);
- else
- sprintf(str, "broken(%u)", mask);
-
- return str;
-}
-
-static void xfrm_tmpl_print(struct xfrm_user_tmpl *tmpls, int ntmpls,
+static void xfrm_tmpl_print(struct xfrm_user_tmpl *tmpls, int len,
__u16 family, FILE *fp, const char *prefix)
{
+ int ntmpls = len / sizeof(struct xfrm_user_tmpl);
int i;
+ if (ntmpls <= 0) {
+ if (prefix)
+ fprintf(fp, prefix);
+ fprintf(fp, "(ERROR \"tmpl\" truncated)");
+ fprintf(fp, "%s", _SL_);
+ return;
+ }
+
for (i = 0; i < ntmpls; i++) {
struct xfrm_user_tmpl *tmpl = &tmpls[i];
fprintf(fp, "tmpl");
xfrm_id_info_print(&tmpl->saddr, &tmpl->id, tmpl->mode,
- tmpl->reqid, family, fp, prefix);
+ tmpl->reqid, family, 0, fp, prefix);
+
+ if (show_stats > 0 || tmpl->optional) {
+ if (prefix)
+ fprintf(fp, prefix);
+ fprintf(fp, "\t");
+ switch (tmpl->optional) {
+ case 0:
+ if (show_stats > 0)
+ fprintf(fp, "level required ");
+ break;
+ case 1:
+ fprintf(fp, "level use ");
+ break;
+ default:
+ fprintf(fp, "level %u ", tmpl->optional);
+ break;
+ }
- if (prefix)
- fprintf(fp, prefix);
- fprintf(fp, "\t");
- switch (tmpl->optional) {
- case 0:
if (show_stats > 0)
- fprintf(fp, "level required ");
- break;
- case 1:
- fprintf(fp, "level use ");
- break;
- default:
- fprintf(fp, "level %d ", tmpl->optional);
- break;
+ fprintf(fp, "share %s ", strxf_share(tmpl->share));
+
+ fprintf(fp, "%s", _SL_);
}
if (show_stats > 0) {
- fprintf(fp, "share %s ", strxf_share(tmpl->share));
- fprintf(fp, "algo-mask:");
- fprintf(fp, "%s=%s, ",
+ if (prefix)
+ fprintf(fp, prefix);
+ fprintf(fp, "\t");
+ fprintf(fp, "%s-mask %s ",
strxf_algotype(XFRMA_ALG_CRYPT),
- strxf_mask(tmpl->ealgos));
- fprintf(fp, "%s=%s, ",
+ strxf_mask32(tmpl->ealgos));
+ fprintf(fp, "%s-mask %s ",
strxf_algotype(XFRMA_ALG_AUTH),
- strxf_mask(tmpl->aalgos));
- fprintf(fp, "%s=%s",
+ strxf_mask32(tmpl->aalgos));
+ fprintf(fp, "%s-mask %s",
strxf_algotype(XFRMA_ALG_COMP),
- strxf_mask(tmpl->calgos));
+ strxf_mask32(tmpl->calgos));
+
+ fprintf(fp, "%s", _SL_);
}
- fprintf(fp, "%s", _SL_);
}
}
for (i = 0; i < ntb; i++) {
__u16 type = tb[i]->rta_type;
+ int len = RTA_PAYLOAD(tb[i]);
void *data = RTA_DATA(tb[i]);
switch (type) {
case XFRMA_ALG_CRYPT:
case XFRMA_ALG_AUTH:
case XFRMA_ALG_COMP:
- xfrm_algo_print((struct xfrm_algo *)data, type, fp,
- prefix);
+ xfrm_algo_print((struct xfrm_algo *)data, type, len,
+ fp, prefix);
break;
case XFRMA_ENCAP:
+ {
+ struct xfrm_encap_tmpl *e;
+ char abuf[256];
+
if (prefix)
fprintf(fp, prefix);
- /* XXX */
- fprintf(fp, "encap (not implemented yet!)");
+ fprintf(fp, "encap ");
+
+ if (len < sizeof(*e)) {
+ fprintf(fp, "(ERROR truncated)");
+ fprintf(fp, "%s", _SL_);
+ break;
+ }
+ e = (struct xfrm_encap_tmpl *)data;
+
+ fprintf(fp, "type %u ", e->encap_type);
+ fprintf(fp, "sport %u ", ntohs(e->encap_sport));
+ fprintf(fp, "dport %u ", ntohs(e->encap_dport));
+
+ memset(abuf, '\0', sizeof(abuf));
+ fprintf(fp, "addr %s",
+ rt_addr_n2a(family, sizeof(e->encap_oa),
+ &e->encap_oa, abuf, sizeof(abuf)));
fprintf(fp, "%s", _SL_);
break;
+ }
case XFRMA_TMPL:
- {
- int len = tb[i]->rta_len;
- int ntmpls = len / sizeof(struct xfrm_user_tmpl);
-
xfrm_tmpl_print((struct xfrm_user_tmpl *)data,
- ntmpls, family, fp, prefix);
+ len, family, fp, prefix);
break;
- }
default:
if (prefix)
fprintf(fp, prefix);
get_prefix(&src, *argv, preferred_family);
if (src.family == AF_UNSPEC)
- invarg("\"SADDR\" address family is AF_UNSPEC", *argv);
+ invarg("\"src\" address family is AF_UNSPEC", *argv);
if (family)
*family = src.family;
get_prefix(&dst, *argv, preferred_family);
if (dst.family == AF_UNSPEC)
- invarg("\"DADDR\" address family is AF_UNSPEC", *argv);
+ invarg("\"dst\" address family is AF_UNSPEC", *argv);
if (family)
*family = dst.family;
}
if (src.family && dst.family && (src.family != dst.family))
- invarg("the same address family is required between \"SADDR\" and \"DADDR\"", *argv);
+ invarg("the same address family is required between \"src\" and \"dst\"", *argv);
if (loose == 0 && id->proto == 0)
missarg("XFRM_PROTO");
get_prefix(&src, *argv, preferred_family);
if (src.family == AF_UNSPEC)
- invarg("\"SADDR\" address family is AF_UNSPEC", *argv);
+ invarg("\"src\" address family is AF_UNSPEC", *argv);
sel->family = src.family;
memcpy(&sel->saddr, &src.data, sizeof(sel->saddr));
get_prefix(&dst, *argv, preferred_family);
if (dst.family == AF_UNSPEC)
- invarg("\"DADDR\" address family is AF_UNSPEC", *argv);
+ invarg("\"dst\" address family is AF_UNSPEC", *argv);
sel->family = dst.family;
memcpy(&sel->daddr, &dst.data, sizeof(sel->daddr));
}
if (src.family && dst.family && (src.family != dst.family))
- invarg("the same address family is required between \"SADDR\" and \"DADDR\"", *argv);
+ invarg("the same address family is required between \"src\" and \"dst\"", *argv);
if (argc == *argcp)
missarg("SELECTOR");
static void usage(void)
{
fprintf(stderr, "Usage: ip xfrm state { add | update } ID [ ALGO-LIST ] [ mode MODE ]\n");
- fprintf(stderr, " [ reqid REQID ] [ FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ]\n");
+ fprintf(stderr, " [ reqid REQID ] [ replay-window SIZE ] [ flag FLAG-LIST ]\n");
+ fprintf(stderr, " [ sel SELECTOR ] [ LIMIT-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm state { delete | get } ID\n");
fprintf(stderr, "Usage: ip xfrm state { flush | list } [ ID ] [ mode MODE ] [ reqid REQID ]\n");
- fprintf(stderr, " [ FLAG_LIST ]\n");
+ fprintf(stderr, " [ flag FLAG_LIST ]\n");
fprintf(stderr, "ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM_PROTO ] [ spi SPI ]\n");
//fprintf(stderr, "XFRM_PROTO := [ esp | ah | comp ]\n");
fprintf(stderr, "MODE := [ transport | tunnel ](default=transport)\n");
//fprintf(stderr, "REQID - number(default=0)\n");
- fprintf(stderr, "FLAG-LIST := [ FLAG-LIST ] [ flag FLAG ]\n");
- fprintf(stderr, "FLAG := [ noecn ]\n");
+ fprintf(stderr, "FLAG-LIST := [ FLAG-LIST ] FLAG\n");
+ fprintf(stderr, "FLAG := [ noecn | decap-dscp ]\n");
fprintf(stderr, "ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]\n");
fprintf(stderr, "ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY\n");
//fprintf(stderr, "ALGO_NAME - algorithm name\n");
//fprintf(stderr, "ALGO_KEY - algorithm key\n");
- fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ upspec UPSPEC ] [ dev DEV ]\n");
+ fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]\n");
fprintf(stderr, "UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |\n");
fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] ]\n");
int len;
int slen = strlen(key);
-#if 1
+#if 0
/* XXX: verifying both name and key is required! */
fprintf(stderr, "warning: ALGONAME/ALGOKEY will send to kernel promiscuously!(verifying them isn't implemented yet)\n");
#endif
invarg("\"FLAG\" is invalid", *argv);
*flags = val;
} else {
- if (strcmp(*argv, "noecn") == 0)
- *flags |= XFRM_STATE_NOECN;
- else
- invarg("\"FLAG\" is invalid", *argv);
+ while (1) {
+ if (strcmp(*argv, "noecn") == 0)
+ *flags |= XFRM_STATE_NOECN;
+ else if (strcmp(*argv, "decap-dscp") == 0)
+ *flags |= XFRM_STATE_DECAP_DSCP;
+ else {
+ PREV_ARG(); /* back track */
+ break;
+ }
+
+ if (!NEXT_ARG_OK())
+ break;
+ NEXT_ARG();
+ }
}
filter.state_flags_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "reqid") == 0) {
NEXT_ARG();
xfrm_reqid_parse(&req.xsinfo.reqid, &argc, &argv);
+ } else if (strcmp(*argv, "replay-window") == 0) {
+ NEXT_ARG();
+ if (get_u8(&req.xsinfo.replay_window, *argv, 0))
+ invarg("\"replay-window\" value is invalid", *argv);
} else if (strcmp(*argv, "flag") == 0) {
NEXT_ARG();
xfrm_state_flag_parse(&req.xsinfo.flags, &argc, &argv);
return 1;
if (filter.id_src_mask)
- if (memcmp(&xsinfo->saddr, &filter.xsinfo.saddr,
- filter.id_src_mask) != 0)
+ if (xfrm_addr_match(&xsinfo->saddr, &filter.xsinfo.saddr,
+ filter.id_src_mask))
return 0;
if (filter.id_dst_mask)
- if (memcmp(&xsinfo->id.daddr, &filter.xsinfo.id.daddr,
- filter.id_dst_mask) != 0)
+ if (xfrm_addr_match(&xsinfo->id.daddr, &filter.xsinfo.id.daddr,
+ filter.id_dst_mask))
return 0;
if ((xsinfo->id.proto^filter.xsinfo.id.proto)&filter.id_proto_mask)
return 0;
fprintf(fp, "Deleted ");
xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
- xsinfo->reqid, xsinfo->family, fp, NULL);
+ xsinfo->reqid, xsinfo->family, 1, fp, NULL);
fprintf(fp, "\t");
- fprintf(fp, "replay-window %d ", xsinfo->replay_window);
+ fprintf(fp, "replay-window %u ", xsinfo->replay_window);
if (show_stats > 0)
fprintf(fp, "seq 0x%08u ", xsinfo->seq);
- if (xsinfo->flags) {
- fprintf(fp, "flag 0x%s", strxf_flags(xsinfo->flags));
- if (show_stats > 0) {
- if (xsinfo->flags) {
- fprintf(fp, "(");
- if (xsinfo->flags & XFRM_STATE_NOECN)
- fprintf(fp, "noecn");
- fprintf(fp, ")");
- }
- }
+ if (show_stats > 0 || xsinfo->flags) {
+ __u8 flags = xsinfo->flags;
+
+ fprintf(fp, "flag ");
+ XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOECN, "noecn");
+ XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_DECAP_DSCP, "decap-dscp");
+ if (flags)
+ fprintf(fp, "%x", flags);
+ if (show_stats > 0)
+ fprintf(fp, " (0x%s)", strxf_mask8(flags));
}
fprintf(fp, "%s", _SL_);
projects / thirdparty / iproute2.git / commitdiff
