Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
iproute2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
iproute2
Commits
7809c616
Commit
7809c616
authored
Aug 11, 2004
by
net[shemminger]!shemminger
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Import patch xrfm-msg.patch
(Logical change 1.64)
parent
96f13b80
Changes
4
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
326 additions
and
229 deletions
+326
-229
ip/ipxfrm.c
ip/ipxfrm.c
+148
-91
ip/xfrm.h
ip/xfrm.h
+3
-1
ip/xfrm_policy.c
ip/xfrm_policy.c
+48
-43
ip/xfrm_state.c
ip/xfrm_state.c
+127
-94
No files found.
ip/ipxfrm.c
View file @
7809c616
This diff is collapsed.
Click to expand it.
ip/xfrm.h
View file @
7809c616
...
...
@@ -78,6 +78,8 @@ extern struct xfrm_filter filter;
int
do_xfrm_state
(
int
argc
,
char
**
argv
);
int
do_xfrm_policy
(
int
argc
,
char
**
argv
);
int
xfrm_algotype_getbyname
(
char
*
name
);
const
char
*
strxf_algotype
(
int
type
);
const
char
*
strxf_flags
(
__u8
flags
);
const
char
*
strxf_share
(
__u8
share
);
const
char
*
strxf_proto
(
__u8
proto
);
...
...
@@ -93,7 +95,7 @@ void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
void
xfrm_xfrma_print
(
struct
rtattr
*
tb
[],
int
ntb
,
__u16
family
,
FILE
*
fp
,
const
char
*
prefix
);
int
xfrm_id_parse
(
xfrm_address_t
*
saddr
,
struct
xfrm_id
*
id
,
__u16
*
family
,
int
*
argcp
,
char
***
argvp
);
int
loose
,
int
*
argcp
,
char
***
argvp
);
int
xfrm_mode_parse
(
__u8
*
mode
,
int
*
argcp
,
char
***
argvp
);
int
xfrm_reqid_parse
(
__u32
*
reqid
,
int
*
argcp
,
char
***
argvp
);
int
xfrm_selector_parse
(
struct
xfrm_selector
*
sel
,
int
*
argcp
,
char
***
argvp
);
...
...
ip/xfrm_policy.c
View file @
7809c616
...
...
@@ -53,14 +53,14 @@ static void usage(void) __attribute__((noreturn));
static
void
usage
(
void
)
{
fprintf
(
stderr
,
"Usage: ip xfrm policy { add | update } dir DIR
sel
SELECTOR [ index INDEX ]
\n
"
);
fprintf
(
stderr
,
"Usage: ip xfrm policy { add | update } dir DIR SELECTOR [ index INDEX ]
\n
"
);
fprintf
(
stderr
,
" [ action ACTION ] [ priority PRIORITY ] [ LIMIT-LIST ] [ TMPL-LIST ]
\n
"
);
fprintf
(
stderr
,
"Usage: ip xfrm policy { delete | get } dir DIR [
sel
SELECTOR | index INDEX ]
\n
"
);
fprintf
(
stderr
,
"Usage: ip xfrm policy { flush | list } [ dir DIR ] [
sel
SELECTOR ]
\n
"
);
fprintf
(
stderr
,
"Usage: ip xfrm policy { delete | get } dir DIR [ SELECTOR | index INDEX ]
\n
"
);
fprintf
(
stderr
,
"Usage: ip xfrm policy { flush | list } [ dir DIR ] [ SELECTOR ]
\n
"
);
fprintf
(
stderr
,
" [ index INDEX ] [ action ACTION ] [ priority PRIORITY ]
\n
"
);
fprintf
(
stderr
,
"DIR := [ in | out | fwd ]
\n
"
);
fprintf
(
stderr
,
"SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [
upspec
UPSPEC ] [ dev DEV ]
\n
"
);
fprintf
(
stderr
,
"SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]
\n
"
);
fprintf
(
stderr
,
"UPSPEC := proto PROTO [ sport PORT ] [ dport PORT ]
\n
"
);
...
...
@@ -134,7 +134,7 @@ static int xfrm_tmpl_parse(struct xfrm_user_tmpl *tmpl,
else
if
(
strcmp
(
*
argv
,
"use"
)
==
0
)
tmpl
->
optional
=
1
;
else
invarg
(
"
\"
level
\"
value
is invalid
\n
"
,
*
argv
);
invarg
(
"
\"
LEVEL
\"
is invalid
\n
"
,
*
argv
);
}
else
{
if
(
idp
)
{
...
...
@@ -143,7 +143,7 @@ static int xfrm_tmpl_parse(struct xfrm_user_tmpl *tmpl,
}
idp
=
*
argv
;
xfrm_id_parse
(
&
tmpl
->
saddr
,
&
tmpl
->
id
,
&
tmpl
->
family
,
&
argc
,
&
argv
);
0
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
tmpl
->
family
;
}
...
...
@@ -171,6 +171,7 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
char
buf
[
RTA_BUF_SIZE
];
}
req
;
char
*
dirp
=
NULL
;
char
*
selp
=
NULL
;
char
tmpls_buf
[
XFRM_TMPLS_BUF_SIZE
];
int
tmpls_len
=
0
;
...
...
@@ -198,12 +199,6 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
filter
.
dir_mask
=
XFRM_FILTER_MASK_FULL
;
}
else
if
(
strcmp
(
*
argv
,
"sel"
)
==
0
)
{
NEXT_ARG
();
xfrm_selector_parse
(
&
req
.
xpinfo
.
sel
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
req
.
xpinfo
.
sel
.
family
;
}
else
if
(
strcmp
(
*
argv
,
"index"
)
==
0
)
{
NEXT_ARG
();
if
(
get_u32
(
&
req
.
xpinfo
.
index
,
*
argv
,
0
))
...
...
@@ -250,8 +245,15 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
xfrm_tmpl_parse
(
tmpl
,
&
argc
,
&
argv
);
tmpls_len
+=
sizeof
(
*
tmpl
);
}
else
invarg
(
"unknown"
,
*
argv
);
}
else
{
if
(
selp
)
duparg
(
"unknown"
,
*
argv
);
selp
=
*
argv
;
xfrm_selector_parse
(
&
req
.
xpinfo
.
sel
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
req
.
xpinfo
.
sel
.
family
;
}
argc
--
;
argv
++
;
}
...
...
@@ -362,7 +364,6 @@ int xfrm_policy_print(struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
if
(
n
->
nlmsg_type
==
XFRM_MSG_DELPOLICY
)
fprintf
(
fp
,
"Deleted "
);
fprintf
(
fp
,
"sel "
);
xfrm_selector_print
(
&
xpinfo
->
sel
,
preferred_family
,
fp
,
NULL
);
fprintf
(
fp
,
"
\t
"
);
...
...
@@ -383,33 +384,36 @@ int xfrm_policy_print(struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
}
fprintf
(
fp
,
" "
);
fprintf
(
fp
,
"action "
);
switch
(
xpinfo
->
action
)
{
case
XFRM_POLICY_ALLOW
:
fprintf
(
fp
,
"allow"
);
if
(
show_stats
>
0
)
fprintf
(
fp
,
"action allow "
);
break
;
case
XFRM_POLICY_BLOCK
:
fprintf
(
fp
,
"
block
"
);
fprintf
(
fp
,
"
action block
"
);
break
;
default:
fprintf
(
fp
,
"
%d
"
,
xpinfo
->
action
);
fprintf
(
fp
,
"
action %d
"
,
xpinfo
->
action
);
break
;
}
fprintf
(
fp
,
" "
);
fprintf
(
fp
,
"index %u "
,
xpinfo
->
index
);
if
(
show_stats
)
fprintf
(
fp
,
"index %u "
,
xpinfo
->
index
);
fprintf
(
fp
,
"priority %u "
,
xpinfo
->
priority
);
if
(
show_stats
>
0
)
{
fprintf
(
fp
,
"share %s "
,
strxf_share
(
xpinfo
->
share
));
fprintf
(
fp
,
"flags 0x%s"
,
strxf_flags
(
xpinfo
->
flags
));
}
fprintf
(
fp
,
"
\n
"
);
fprintf
(
fp
,
"
%s"
,
_SL_
);
if
(
show_stats
>
0
)
xfrm_lifetime_print
(
&
xpinfo
->
lft
,
&
xpinfo
->
curlft
,
fp
,
"
\t
"
);
xfrm_xfrma_print
(
tb
,
ntb
,
xpinfo
->
sel
.
family
,
fp
,
"
\t
"
);
if
(
oneline
)
fprintf
(
fp
,
"
\n
"
);
return
0
;
}
...
...
@@ -440,16 +444,6 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete,
NEXT_ARG
();
xfrm_policy_dir_parse
(
&
req
.
xpid
.
dir
,
&
argc
,
&
argv
);
}
else
if
(
strcmp
(
*
argv
,
"sel"
)
==
0
)
{
if
(
selp
)
duparg
(
"sel"
,
*
argv
);
selp
=
*
argv
;
NEXT_ARG
();
xfrm_selector_parse
(
&
req
.
xpid
.
sel
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
req
.
xpid
.
sel
.
family
;
}
else
if
(
strcmp
(
*
argv
,
"index"
)
==
0
)
{
if
(
indexp
)
duparg
(
"index"
,
*
argv
);
...
...
@@ -459,8 +453,16 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete,
if
(
get_u32
(
&
req
.
xpid
.
index
,
*
argv
,
0
))
invarg
(
"
\"
INDEX
\"
is invalid"
,
*
argv
);
}
else
invarg
(
"unknown"
,
*
argv
);
}
else
{
if
(
selp
)
invarg
(
"unknown"
,
*
argv
);
selp
=
*
argv
;
xfrm_selector_parse
(
&
req
.
xpid
.
sel
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
req
.
xpid
.
sel
.
family
;
}
argc
--
;
argv
++
;
}
...
...
@@ -564,6 +566,7 @@ int xfrm_policy_keep(struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
static
int
xfrm_policy_list_or_flush
(
int
argc
,
char
**
argv
,
int
flush
)
{
char
*
selp
=
NULL
;
struct
rtnl_handle
rth
;
if
(
argc
>
0
)
...
...
@@ -577,12 +580,6 @@ static int xfrm_policy_list_or_flush(int argc, char **argv, int flush)
filter
.
dir_mask
=
XFRM_FILTER_MASK_FULL
;
}
else
if
(
strcmp
(
*
argv
,
"sel"
)
==
0
)
{
NEXT_ARG
();
xfrm_selector_parse
(
&
filter
.
xpinfo
.
sel
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
filter
.
xpinfo
.
sel
.
family
;
}
else
if
(
strcmp
(
*
argv
,
"index"
)
==
0
)
{
NEXT_ARG
();
if
(
get_u32
(
&
filter
.
xpinfo
.
index
,
*
argv
,
0
))
...
...
@@ -597,7 +594,7 @@ static int xfrm_policy_list_or_flush(int argc, char **argv, int flush)
else
if
(
strcmp
(
*
argv
,
"block"
)
==
0
)
filter
.
xpinfo
.
action
=
XFRM_POLICY_BLOCK
;
else
invarg
(
"
\"
action
\"
value
is invalid
\n
"
,
*
argv
);
invarg
(
"
\"
ACTION
\"
is invalid
\n
"
,
*
argv
);
filter
.
action_mask
=
XFRM_FILTER_MASK_FULL
;
...
...
@@ -608,8 +605,16 @@ static int xfrm_policy_list_or_flush(int argc, char **argv, int flush)
filter
.
priority_mask
=
XFRM_FILTER_MASK_FULL
;
}
else
invarg
(
"unknown"
,
*
argv
);
}
else
{
if
(
selp
)
invarg
(
"unknown"
,
*
argv
);
selp
=
*
argv
;
xfrm_selector_parse
(
&
filter
.
xpinfo
.
sel
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
filter
.
xpinfo
.
sel
.
family
;
}
argc
--
;
argv
++
;
}
...
...
ip/xfrm_state.c
View file @
7809c616
...
...
@@ -67,8 +67,8 @@ static void usage(void)
fprintf
(
stderr
,
"XFRM_PROTO := [ "
);
fprintf
(
stderr
,
"%s | "
,
strxf_proto
(
IPPROTO_ESP
));
fprintf
(
stderr
,
"%s | "
,
strxf_proto
(
IPPROTO_AH
));
fprintf
(
stderr
,
"%s"
,
strxf_proto
(
IPPROTO_COMP
));
fprintf
(
stderr
,
"
]
\n
"
);
fprintf
(
stderr
,
"%s
"
,
strxf_proto
(
IPPROTO_COMP
));
fprintf
(
stderr
,
"]
\n
"
);
//fprintf(stderr, "SPI - security parameter index(default=0)\n");
...
...
@@ -78,9 +78,14 @@ static void usage(void)
fprintf
(
stderr
,
"FLAG-LIST := [ FLAG-LIST ] [ flag FLAG ]
\n
"
);
fprintf
(
stderr
,
"FLAG := [ noecn ]
\n
"
);
fprintf
(
stderr
,
"ALGO-LIST := [ ALGO-LIST ] | [
algo
ALGO ]
\n
"
);
fprintf
(
stderr
,
"ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]
\n
"
);
fprintf
(
stderr
,
"ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY
\n
"
);
fprintf
(
stderr
,
"ALGO_TYPE := [ E | A | C ]
\n
"
);
fprintf
(
stderr
,
"ALGO_TYPE := [ "
);
fprintf
(
stderr
,
"%s | "
,
strxf_algotype
(
XFRMA_ALG_CRYPT
));
fprintf
(
stderr
,
"%s | "
,
strxf_algotype
(
XFRMA_ALG_AUTH
));
fprintf
(
stderr
,
"%s "
,
strxf_algotype
(
XFRMA_ALG_COMP
));
fprintf
(
stderr
,
"]
\n
"
);
//fprintf(stderr, "ALGO_NAME - algorithm name\n");
//fprintf(stderr, "ALGO_KEY - algorithm key\n");
...
...
@@ -99,6 +104,7 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
char
*
name
,
char
*
key
,
int
max
)
{
int
len
;
int
slen
=
strlen
(
key
);
#if 1
/* XXX: verifying both name and key is required! */
...
...
@@ -107,30 +113,37 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
strncpy
(
alg
->
alg_name
,
name
,
sizeof
(
alg
->
alg_name
));
if
(
strncmp
(
key
,
"0x"
,
2
)
==
0
)
{
if
(
s
len
>
2
&&
s
trncmp
(
key
,
"0x"
,
2
)
==
0
)
{
/*
* XXX: fix me!!
*/
__u64
val
=
0
;
char
*
p
=
(
char
*
)
&
val
;
union
{
__u64
x
;
unsigned
char
p
[
8
];
}
val
;
memset
(
&
val
,
0
,
sizeof
(
val
));
if
(
get_u64
(
&
val
,
key
,
16
))
if
(
get_u64
(
&
val
.
x
,
key
,
16
))
invarg
(
"
\"
ALGOKEY
\"
is invalid"
,
key
);
len
=
(
s
trlen
(
key
)
-
2
)
/
2
;
len
=
(
s
len
-
2
)
/
2
;
if
(
len
>
sizeof
(
val
))
invarg
(
"
\"
ALGOKEY
\"
is invalid: too large"
,
key
);
if
(
len
>
0
)
{
int
index
=
sizeof
(
val
)
-
len
;
int
i
;
if
(
len
>
max
)
invarg
(
"
\"
ALGOKEY
\"
makes buffer overflow
\n
"
,
key
);
memcpy
(
alg
->
alg_key
,
&
p
[
index
],
len
);
for
(
i
=
sizeof
(
val
.
p
)
-
1
;
i
>=
0
;
i
--
)
{
int
j
=
sizeof
(
val
.
p
)
-
1
-
i
;
alg
->
alg_key
[
j
]
=
val
.
p
[
i
];
}
}
}
else
{
len
=
s
trlen
(
key
)
;
len
=
s
len
;
if
(
len
>
0
)
{
if
(
len
>
max
)
invarg
(
"
\"
ALGOKEY
\"
makes buffer overflow
\n
"
,
key
);
...
...
@@ -197,56 +210,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
req
.
xsinfo
.
lft
.
hard_packet_limit
=
XFRM_INF
;
while
(
argc
>
0
)
{
if
(
strcmp
(
*
argv
,
"algo"
)
==
0
)
{
struct
{
struct
xfrm_algo
alg
;
char
buf
[
XFRM_ALGO_KEY_BUF_SIZE
];
}
alg
;
int
len
;
enum
xfrm_attr_type_t
type
;
char
*
name
;
char
*
key
;
NEXT_ARG
();
if
(
strcmp
(
*
argv
,
"E"
)
==
0
)
{
if
(
ealgop
)
duparg
(
"ALGOTYPE"
,
*
argv
);
ealgop
=
*
argv
;
type
=
XFRMA_ALG_CRYPT
;
}
else
if
(
strcmp
(
*
argv
,
"A"
)
==
0
)
{
if
(
aalgop
)
duparg
(
"ALGOTYPE"
,
*
argv
);
aalgop
=
*
argv
;
type
=
XFRMA_ALG_AUTH
;
}
else
if
(
strcmp
(
*
argv
,
"C"
)
==
0
)
{
if
(
calgop
)
duparg
(
"ALGOTYPE"
,
*
argv
);
calgop
=
*
argv
;
type
=
XFRMA_ALG_COMP
;
}
else
invarg
(
"
\"
ALGOTYPE
\"
is invalid
\n
"
,
*
argv
);
if
(
!
NEXT_ARG_OK
())
missarg
(
"ALGONAME"
);
NEXT_ARG
();
name
=
*
argv
;
if
(
!
NEXT_ARG_OK
())
missarg
(
"ALGOKEY"
);
NEXT_ARG
();
key
=
*
argv
;
memset
(
&
alg
,
0
,
sizeof
(
alg
));
xfrm_algo_parse
((
void
*
)
&
alg
,
type
,
name
,
key
,
sizeof
(
alg
.
buf
));
len
=
sizeof
(
struct
xfrm_algo
)
+
alg
.
alg
.
alg_key_len
;
addattr_l
(
&
req
.
n
,
sizeof
(
req
.
buf
),
type
,
(
void
*
)
&
alg
,
len
);
}
else
if
(
strcmp
(
*
argv
,
"mode"
)
==
0
)
{
if
(
strcmp
(
*
argv
,
"mode"
)
==
0
)
{
NEXT_ARG
();
xfrm_mode_parse
(
&
req
.
xsinfo
.
mode
,
&
argc
,
&
argv
);
}
else
if
(
strcmp
(
*
argv
,
"reqid"
)
==
0
)
{
...
...
@@ -258,20 +222,79 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
}
else
if
(
strcmp
(
*
argv
,
"sel"
)
==
0
)
{
NEXT_ARG
();
xfrm_selector_parse
(
&
req
.
xsinfo
.
sel
,
&
argc
,
&
argv
);
}
else
if
(
strcmp
(
*
argv
,
"limit"
)
==
0
)
{
NEXT_ARG
();
xfrm_lifetime_cfg_parse
(
&
req
.
xsinfo
.
lft
,
&
argc
,
&
argv
);
}
else
{
if
(
idp
)
invarg
(
"unknown"
,
*
argv
);
idp
=
*
argv
;
/* ID */
xfrm_id_parse
(
&
req
.
xsinfo
.
saddr
,
&
req
.
xsinfo
.
id
,
&
req
.
xsinfo
.
family
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
req
.
xsinfo
.
family
;
/* try to assume ALGO */
int
type
=
xfrm_algotype_getbyname
(
*
argv
);
switch
(
type
)
{
case
XFRMA_ALG_CRYPT
:
case
XFRMA_ALG_AUTH
:
case
XFRMA_ALG_COMP
:
{
/* ALGO */
struct
{
struct
xfrm_algo
alg
;
char
buf
[
XFRM_ALGO_KEY_BUF_SIZE
];
}
alg
;
int
len
;
char
*
name
;
char
*
key
;
switch
(
type
)
{
case
XFRMA_ALG_CRYPT
:
if
(
ealgop
)
duparg
(
"ALGOTYPE"
,
*
argv
);
ealgop
=
*
argv
;
break
;
case
XFRMA_ALG_AUTH
:
if
(
aalgop
)
duparg
(
"ALGOTYPE"
,
*
argv
);
aalgop
=
*
argv
;
break
;
case
XFRMA_ALG_COMP
:
if
(
calgop
)
duparg
(
"ALGOTYPE"
,
*
argv
);
calgop
=
*
argv
;
break
;
default:
/* not reached */
invarg
(
"
\"
ALGOTYPE
\"
is invalid
\n
"
,
*
argv
);
}
if
(
!
NEXT_ARG_OK
())
missarg
(
"ALGONAME"
);
NEXT_ARG
();
name
=
*
argv
;
if
(
!
NEXT_ARG_OK
())
missarg
(
"ALGOKEY"
);
NEXT_ARG
();
key
=
*
argv
;
memset
(
&
alg
,
0
,
sizeof
(
alg
));
xfrm_algo_parse
((
void
*
)
&
alg
,
type
,
name
,
key
,
sizeof
(
alg
.
buf
));
len
=
sizeof
(
struct
xfrm_algo
)
+
alg
.
alg
.
alg_key_len
;
addattr_l
(
&
req
.
n
,
sizeof
(
req
.
buf
),
type
,
(
void
*
)
&
alg
,
len
);
break
;
}
default:
/* try to assume ID */
if
(
idp
)
invarg
(
"unknown"
,
*
argv
);
idp
=
*
argv
;
/* ID */
xfrm_id_parse
(
&
req
.
xsinfo
.
saddr
,
&
req
.
xsinfo
.
id
,
&
req
.
xsinfo
.
family
,
0
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
req
.
xsinfo
.
family
;
}
}
argc
--
;
argv
++
;
}
...
...
@@ -285,14 +308,14 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
if
(
req
.
xsinfo
.
id
.
proto
!=
IPPROTO_ESP
&&
req
.
xsinfo
.
id
.
proto
!=
IPPROTO_AH
&&
req
.
xsinfo
.
id
.
proto
!=
IPPROTO_COMP
)
{
fprintf
(
stderr
,
"
\"
ALGO
\"
is invalid with proto=%
d
\n
"
,
req
.
xsinfo
.
id
.
proto
);
fprintf
(
stderr
,
"
\"
ALGO
\"
is invalid with proto=%
s
\n
"
,
strxf_proto
(
req
.
xsinfo
.
id
.
proto
)
);
exit
(
1
);
}
}
else
{
if
(
req
.
xsinfo
.
id
.
proto
==
IPPROTO_ESP
||
req
.
xsinfo
.
id
.
proto
==
IPPROTO_AH
||
req
.
xsinfo
.
id
.
proto
==
IPPROTO_COMP
)
{
fprintf
(
stderr
,
"
\"
ALGO
\"
is required with proto=%
d
\n
"
,
req
.
xsinfo
.
id
.
proto
);
fprintf
(
stderr
,
"
\"
ALGO
\"
is required with proto=%
s
\n
"
,
strxf_proto
(
req
.
xsinfo
.
id
.
proto
)
);
exit
(
1
);
}
}
...
...
@@ -339,6 +362,15 @@ static int xfrm_state_filter_match(struct xfrm_usersa_info *xsinfo)
return
1
;
}
static
int
xfrm_selector_iszero
(
struct
xfrm_selector
*
s
)
{
struct
xfrm_selector
s0
;
memset
(
&
s0
,
0
,
sizeof
(
s0
));
return
(
memcmp
(
&
s0
,
s
,
sizeof
(
s0
))
==
0
);
}
int
xfrm_state_print
(
struct
sockaddr_nl
*
who
,
struct
nlmsghdr
*
n
,
void
*
arg
)
{
FILE
*
fp
=
(
FILE
*
)
arg
;
...
...
@@ -373,33 +405,35 @@ int xfrm_state_print(struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
xsinfo
->
reqid
,
xsinfo
->
family
,
fp
,
NULL
);
fprintf
(
fp
,
"
\t
"
);
if
(
show_stats
>
0
)
{
fprintf
(
fp
,
"replay-window %d "
,
xsinfo
->
replay_window
);
if
(
show_stats
>
0
)
fprintf
(
fp
,
"seq 0x%08u "
,
xsinfo
->
seq
);
fprintf
(
fp
,
"replay-window %d "
,
xsinfo
->
replay_window
);
}
fprintf
(
fp
,
"flag 0x%s"
,
strxf_flags
(
xsinfo
->
flags
));
if
(
show_stats
>
0
)
{
if
(
xsinfo
->
flags
)
{
fprintf
(
fp
,
"("
);
if
(
xsinfo
->
flags
&
XFRM_STATE_NOECN
)
fprintf
(
fp
,
"
noecn
"
);
fprintf
(
fp
,
")"
);
if
(
xsinfo
->
flags
)
{
fprintf
(
fp
,
"flag 0x%s"
,
strxf_flags
(
xsinfo
->
flags
));
if
(
show_stats
>
0
)
{
if
(
xsinfo
->
flags
)
{
fprintf
(
fp
,
"("
);
if
(
xsinfo
->
flags
&
XFRM_STATE_NOECN
)
fprintf
(
fp
,
"noecn"
);
fprintf
(
fp
,
"
)
"
);
}
}
}
fprintf
(
fp
,
"
\n
"
);
fprintf
(
fp
,
"
%s"
,
_SL_
);
xfrm_xfrma_print
(
tb
,
ntb
,
xsinfo
->
family
,
fp
,
"
\t
"
);
if
(
show_stats
>
0
)
{
fprintf
(
fp
,
"
\t
sel
\n
"
);
xfrm_selector_print
(
&
xsinfo
->
sel
,
xsinfo
->
family
,
fp
,
"
\t
"
);
}
if
(
!
xfrm_selector_iszero
(
&
xsinfo
->
sel
))
xfrm_selector_print
(
&
xsinfo
->
sel
,
xsinfo
->
family
,
fp
,
"
\t
sel "
);
if
(
show_stats
>
0
)
{
xfrm_lifetime_print
(
&
xsinfo
->
lft
,
&
xsinfo
->
curlft
,
fp
,
"
\t
"
);
xfrm_stats_print
(
&
xsinfo
->
stats
,
fp
,
"
\t
"
);
}
if
(
oneline
)
fprintf
(
fp
,
"
\n
"
);
return
0
;
}
...
...
@@ -434,7 +468,7 @@ static int xfrm_state_get_or_delete(int argc, char **argv, int delete)
/* ID */
memset
(
&
id
,
0
,
sizeof
(
id
));
xfrm_id_parse
(
&
ignore_saddr
,
&
id
,
&
req
.
xsid
.
family
,
xfrm_id_parse
(
&
ignore_saddr
,
&
id
,
&
req
.
xsid
.
family
,
0
,
&
argc
,
&
argv
);
memcpy
(
&
req
.
xsid
.
daddr
,
&
id
.
daddr
,
sizeof
(
req
.
xsid
.
daddr
));
...
...
@@ -557,9 +591,8 @@ static int xfrm_state_list_or_flush(int argc, char **argv, int flush)
idp
=
*
argv
;
/* ID */
xfrm_id_parse
(
&
filter
.
xsinfo
.
saddr
,
&
filter
.
xsinfo
.
id
,
&
filter
.
xsinfo
.
family
,
&
argc
,
&
argv
);
xfrm_id_parse
(
&
filter
.
xsinfo
.
saddr
,
&
filter
.
xsinfo
.
id
,
&
filter
.
xsinfo
.
family
,
1
,
&
argc
,
&
argv
);
if
(
preferred_family
==
AF_UNSPEC
)
preferred_family
=
filter
.
xsinfo
.
family
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
![net[shemminger]!shemminger's avatar](https://secure.gravatar.com/avatar/c9eee92d72f5376b932c9e5180ad5446?s=48&d=identicon "net[shemminger]!shemminger")