Thu Aug 6 04:44:43 2009 UTC ()
From Paul Wenau: Check fgets return value in setkey to make gcc happy.


(tteras)
diff -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/setkey/setkey.c
cvs diff -r1.13 -r1.14 src/crypto/dist/ipsec-tools/src/setkey/setkey.c (switch to unified diff)

--- src/crypto/dist/ipsec-tools/src/setkey/setkey.c 2009/03/06 11:45:03 1.13
+++ src/crypto/dist/ipsec-tools/src/setkey/setkey.c 2009/08/06 04:44:43 1.14
@@ -1,1063 +1,1062 @@ @@ -1,1063 +1,1062 @@
1/* $NetBSD: setkey.c,v 1.13 2009/03/06 11:45:03 tteras Exp $ */ 1/* $NetBSD: setkey.c,v 1.14 2009/08/06 04:44:43 tteras Exp $ */
2 2
3/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */ 3/* $KAME: setkey.c,v 1.36 2003/09/24 23:52:51 itojun Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the 15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution. 16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors 17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software 18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission. 19 * without specific prior written permission.
20 * 20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#ifdef HAVE_CONFIG_H 34#ifdef HAVE_CONFIG_H
35#include "config.h" 35#include "config.h"
36#endif 36#endif
37 37
38#include <sys/types.h> 38#include <sys/types.h>
39#include <sys/param.h> 39#include <sys/param.h>
40#include <sys/socket.h> 40#include <sys/socket.h>
41#include <sys/time.h> 41#include <sys/time.h>
42#include <sys/stat.h> 42#include <sys/stat.h>
43#include <sys/sysctl.h> 43#include <sys/sysctl.h>
44#include <err.h> 44#include <err.h>
45#include <netinet/in.h> 45#include <netinet/in.h>
46#include <net/pfkeyv2.h> 46#include <net/pfkeyv2.h>
47#include PATH_IPSEC_H 47#include PATH_IPSEC_H
48 48
49#include <stdio.h> 49#include <stdio.h>
50#include <stdlib.h> 50#include <stdlib.h>
51#include <limits.h> 51#include <limits.h>
52#include <string.h> 52#include <string.h>
53#include <ctype.h> 53#include <ctype.h>
54#include <unistd.h> 54#include <unistd.h>
55#include <errno.h> 55#include <errno.h>
56#include <netdb.h> 56#include <netdb.h>
57#include <fcntl.h> 57#include <fcntl.h>
58#include <dirent.h> 58#include <dirent.h>
59#include <time.h> 59#include <time.h>
60 60
61#ifdef HAVE_READLINE 61#ifdef HAVE_READLINE
62#include <readline/readline.h> 62#include <readline/readline.h>
63#include <readline/history.h> 63#include <readline/history.h>
64#endif 64#endif
65 65
66#include "config.h" 66#include "config.h"
67#include "libpfkey.h" 67#include "libpfkey.h"
68#include "package_version.h" 68#include "package_version.h"
69#define extern /* so that variables in extern.h are not extern... */ 69#define extern /* so that variables in extern.h are not extern... */
70#include "extern.h" 70#include "extern.h"
71 71
72#define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0') 72#define strlcpy(d,s,l) (strncpy(d,s,l), (d)[(l)-1] = '\0')
73 73
74void usage __P((int)); 74void usage __P((int));
75int main __P((int, char **)); 75int main __P((int, char **));
76int get_supported __P((void)); 76int get_supported __P((void));
77void sendkeyshort __P((u_int)); 77void sendkeyshort __P((u_int));
78void promisc __P((void)); 78void promisc __P((void));
79int postproc __P((struct sadb_msg *, int)); 79int postproc __P((struct sadb_msg *, int));
80int verifypriority __P((struct sadb_msg *m)); 80int verifypriority __P((struct sadb_msg *m));
81int fileproc __P((const char *)); 81int fileproc __P((const char *));
82const char *numstr __P((int)); 82const char *numstr __P((int));
83void shortdump_hdr __P((void)); 83void shortdump_hdr __P((void));
84void shortdump __P((struct sadb_msg *)); 84void shortdump __P((struct sadb_msg *));
85static void printdate __P((void)); 85static void printdate __P((void));
86static int32_t gmt2local __P((time_t)); 86static int32_t gmt2local __P((time_t));
87void stdin_loop __P((void)); 87void stdin_loop __P((void));
88 88
89#define MODE_SCRIPT 1 89#define MODE_SCRIPT 1
90#define MODE_CMDDUMP 2 90#define MODE_CMDDUMP 2
91#define MODE_CMDFLUSH 3 91#define MODE_CMDFLUSH 3
92#define MODE_PROMISC 4 92#define MODE_PROMISC 4
93#define MODE_STDIN 5 93#define MODE_STDIN 5
94 94
95int so; 95int so;
96 96
97int f_forever = 0; 97int f_forever = 0;
98int f_all = 0; 98int f_all = 0;
99int f_verbose = 0; 99int f_verbose = 0;
100int f_mode = 0; 100int f_mode = 0;
101int f_cmddump = 0; 101int f_cmddump = 0;
102int f_policy = 0; 102int f_policy = 0;
103int f_hexdump = 0; 103int f_hexdump = 0;
104int f_tflag = 0; 104int f_tflag = 0;
105int f_notreally = 0; 105int f_notreally = 0;
106int f_withports = 0; 106int f_withports = 0;
107#ifdef HAVE_POLICY_FWD 107#ifdef HAVE_POLICY_FWD
108int f_rfcmode = 1; 108int f_rfcmode = 1;
109#define RK_OPTS "rk" 109#define RK_OPTS "rk"
110#else 110#else
111int f_rkwarn = 0; 111int f_rkwarn = 0;
112#define RK_OPTS "" 112#define RK_OPTS ""
113static void rkwarn(void); 113static void rkwarn(void);
114static void 114static void
115rkwarn(void) 115rkwarn(void)
116{ 116{
117 if (!f_rkwarn) { 117 if (!f_rkwarn) {
118 f_rkwarn = 1; 118 f_rkwarn = 1;
119 printf("warning: -r and -k options are not supported in this environment\n"); 119 printf("warning: -r and -k options are not supported in this environment\n");
120 } 120 }
121} 121}
122 122
123#endif 123#endif
124static time_t thiszone; 124static time_t thiszone;
125 125
126void 126void
127usage(int only_version) 127usage(int only_version)
128{ 128{
129 printf("setkey @(#) %s (%s)\n", TOP_PACKAGE_STRING, TOP_PACKAGE_URL);  129 printf("setkey @(#) %s (%s)\n", TOP_PACKAGE_STRING, TOP_PACKAGE_URL);
130 if (! only_version) { 130 if (! only_version) {
131 printf("usage: setkey [-v" RK_OPTS "] file ...\n"); 131 printf("usage: setkey [-v" RK_OPTS "] file ...\n");
132 printf(" setkey [-nv" RK_OPTS "] -c\n"); 132 printf(" setkey [-nv" RK_OPTS "] -c\n");
133 printf(" setkey [-nv" RK_OPTS "] -f filename\n"); 133 printf(" setkey [-nv" RK_OPTS "] -f filename\n");
134 printf(" setkey [-Palpv" RK_OPTS "] -D\n"); 134 printf(" setkey [-Palpv" RK_OPTS "] -D\n");
135 printf(" setkey [-Pv] -F\n"); 135 printf(" setkey [-Pv] -F\n");
136 printf(" setkey [-H] -x\n"); 136 printf(" setkey [-H] -x\n");
137 printf(" setkey [-V] [-h]\n"); 137 printf(" setkey [-V] [-h]\n");
138 } 138 }
139 exit(1); 139 exit(1);
140} 140}
141 141
142int 142int
143main(argc, argv) 143main(argc, argv)
144 int argc; 144 int argc;
145 char **argv; 145 char **argv;
146{ 146{
147 FILE *fp = stdin; 147 FILE *fp = stdin;
148 int c; 148 int c;
149 149
150 if (argc == 1) { 150 if (argc == 1) {
151 usage(0); 151 usage(0);
152 /* NOTREACHED */ 152 /* NOTREACHED */
153 } 153 }
154 154
155 thiszone = gmt2local(0); 155 thiszone = gmt2local(0);
156 156
157 while ((c = getopt(argc, argv, "acdf:HlnvxDFPphVrk?")) != -1) { 157 while ((c = getopt(argc, argv, "acdf:HlnvxDFPphVrk?")) != -1) {
158 switch (c) { 158 switch (c) {
159 case 'c': 159 case 'c':
160 f_mode = MODE_STDIN; 160 f_mode = MODE_STDIN;
161#ifdef HAVE_READLINE 161#ifdef HAVE_READLINE
162 /* disable filename completion */ 162 /* disable filename completion */
163 rl_bind_key('\t', rl_insert); 163 rl_bind_key('\t', rl_insert);
164#endif 164#endif
165 break; 165 break;
166 case 'f': 166 case 'f':
167 f_mode = MODE_SCRIPT; 167 f_mode = MODE_SCRIPT;
168 if ((fp = fopen(optarg, "r")) == NULL) { 168 if ((fp = fopen(optarg, "r")) == NULL) {
169 err(1, "fopen"); 169 err(1, "fopen");
170 /*NOTREACHED*/ 170 /*NOTREACHED*/
171 } 171 }
172 break; 172 break;
173 case 'D': 173 case 'D':
174 f_mode = MODE_CMDDUMP; 174 f_mode = MODE_CMDDUMP;
175 break; 175 break;
176 case 'F': 176 case 'F':
177 f_mode = MODE_CMDFLUSH; 177 f_mode = MODE_CMDFLUSH;
178 break; 178 break;
179 case 'a': 179 case 'a':
180 f_all = 1; 180 f_all = 1;
181 break; 181 break;
182 case 'l': 182 case 'l':
183 f_forever = 1; 183 f_forever = 1;
184 break; 184 break;
185 case 'n': 185 case 'n':
186 f_notreally = 1; 186 f_notreally = 1;
187 break; 187 break;
188#ifdef __NetBSD__ 188#ifdef __NetBSD__
189 case 'h': 189 case 'h':
190#endif 190#endif
191 case 'H': 191 case 'H':
192 f_hexdump = 1; 192 f_hexdump = 1;
193 break; 193 break;
194 case 'x': 194 case 'x':
195 f_mode = MODE_PROMISC; 195 f_mode = MODE_PROMISC;
196 f_tflag++; 196 f_tflag++;
197 break; 197 break;
198 case 'P': 198 case 'P':
199 f_policy = 1; 199 f_policy = 1;
200 break; 200 break;
201 case 'p': 201 case 'p':
202 f_withports = 1; 202 f_withports = 1;
203 break; 203 break;
204 case 'v': 204 case 'v':
205 f_verbose = 1; 205 f_verbose = 1;
206 break; 206 break;
207 case 'r': 207 case 'r':
208#ifdef HAVE_POLICY_FWD 208#ifdef HAVE_POLICY_FWD
209 f_rfcmode = 1; 209 f_rfcmode = 1;
210#else 210#else
211 rkwarn(); 211 rkwarn();
212#endif 212#endif
213 break; 213 break;
214 case 'k': 214 case 'k':
215#ifdef HAVE_POLICY_FWD 215#ifdef HAVE_POLICY_FWD
216 f_rfcmode = 0; 216 f_rfcmode = 0;
217#else 217#else
218 rkwarn(); 218 rkwarn();
219#endif 219#endif
220 break; 220 break;
221 case 'V': 221 case 'V':
222 usage(1); 222 usage(1);
223 break; 223 break;
224 /*NOTREACHED*/ 224 /*NOTREACHED*/
225#ifndef __NetBSD__ 225#ifndef __NetBSD__
226 case 'h': 226 case 'h':
227#endif 227#endif
228 case '?': 228 case '?':
229 default: 229 default:
230 usage(0); 230 usage(0);
231 /*NOTREACHED*/ 231 /*NOTREACHED*/
232 } 232 }
233 } 233 }
234 234
235 argc -= optind; 235 argc -= optind;
236 argv += optind; 236 argv += optind;
237 237
238 if (argc > 0) { 238 if (argc > 0) {
239 while (argc--) 239 while (argc--)
240 if (fileproc(*argv++) < 0) { 240 if (fileproc(*argv++) < 0) {
241 err(1, "%s", argv[-1]); 241 err(1, "%s", argv[-1]);
242 /*NOTREACHED*/ 242 /*NOTREACHED*/
243 } 243 }
244 exit(0); 244 exit(0);
245 } 245 }
246 246
247 so = pfkey_open(); 247 so = pfkey_open();
248 if (so < 0) { 248 if (so < 0) {
249 perror("pfkey_open"); 249 perror("pfkey_open");
250 exit(1); 250 exit(1);
251 } 251 }
252 252
253 switch (f_mode) { 253 switch (f_mode) {
254 case MODE_CMDDUMP: 254 case MODE_CMDDUMP:
255 sendkeyshort(f_policy ? SADB_X_SPDDUMP : SADB_DUMP); 255 sendkeyshort(f_policy ? SADB_X_SPDDUMP : SADB_DUMP);
256 break; 256 break;
257 case MODE_CMDFLUSH: 257 case MODE_CMDFLUSH:
258 sendkeyshort(f_policy ? SADB_X_SPDFLUSH: SADB_FLUSH); 258 sendkeyshort(f_policy ? SADB_X_SPDFLUSH: SADB_FLUSH);
259 break; 259 break;
260 case MODE_SCRIPT: 260 case MODE_SCRIPT:
261 if (get_supported() < 0) { 261 if (get_supported() < 0) {
262 errx(1, "%s", ipsec_strerror()); 262 errx(1, "%s", ipsec_strerror());
263 /*NOTREACHED*/ 263 /*NOTREACHED*/
264 } 264 }
265 if (parse(&fp)) 265 if (parse(&fp))
266 exit (1); 266 exit (1);
267 break; 267 break;
268 case MODE_STDIN: 268 case MODE_STDIN:
269 if (get_supported() < 0) { 269 if (get_supported() < 0) {
270 errx(1, "%s", ipsec_strerror()); 270 errx(1, "%s", ipsec_strerror());
271 /*NOTREACHED*/ 271 /*NOTREACHED*/
272 } 272 }
273 stdin_loop(); 273 stdin_loop();
274 break; 274 break;
275 case MODE_PROMISC: 275 case MODE_PROMISC:
276 promisc(); 276 promisc();
277 /*NOTREACHED*/ 277 /*NOTREACHED*/
278 default: 278 default:
279 usage(0); 279 usage(0);
280 /*NOTREACHED*/ 280 /*NOTREACHED*/
281 } 281 }
282 282
283 exit(0); 283 exit(0);
284} 284}
285 285
286int 286int
287get_supported() 287get_supported()
288{ 288{
289 289
290 if (pfkey_send_register(so, SADB_SATYPE_UNSPEC) < 0) 290 if (pfkey_send_register(so, SADB_SATYPE_UNSPEC) < 0)
291 return -1; 291 return -1;
292 292
293 if (pfkey_recv_register(so) < 0) 293 if (pfkey_recv_register(so) < 0)
294 return -1; 294 return -1;
295 295
296 return (0); 296 return (0);
297} 297}
298 298
299void 299void
300stdin_loop() 300stdin_loop()
301{ 301{
302 char line[1024], *semicolon, *comment; 302 char line[1024], *semicolon, *comment;
303 size_t linelen = 0; 303 size_t linelen = 0;
304  304
305 memset (line, 0, sizeof(line)); 305 memset (line, 0, sizeof(line));
306 306
307 parse_init(); 307 parse_init();
308 while (1) { 308 while (1) {
309#ifdef HAVE_READLINE 309#ifdef HAVE_READLINE
310 char *rbuf; 310 char *rbuf;
311 rbuf = readline (""); 311 rbuf = readline ("");
312 if (! rbuf) 312 if (! rbuf)
313 break; 313 break;
314#else 314#else
315 char rbuf[1024]; 315 char rbuf[1024];
316 rbuf[0] = '\0'; 316 rbuf[0] = '\0';
317 fgets (rbuf, sizeof(rbuf), stdin); 317 if (fgets(rbuf, sizeof(rbuf), stdin) == NULL)
318 if (!rbuf[0]) 
319 break; 318 break;
320 if (rbuf[strlen(rbuf)-1] == '\n') 319 if (rbuf[strlen(rbuf)-1] == '\n')
321 rbuf[strlen(rbuf)-1] = '\0'; 320 rbuf[strlen(rbuf)-1] = '\0';
322#endif 321#endif
323 comment = strchr(rbuf, '#'); 322 comment = strchr(rbuf, '#');
324 if (comment) 323 if (comment)
325 *comment = '\0'; 324 *comment = '\0';
326 325
327 if (!rbuf[0]) 326 if (!rbuf[0])
328 continue; 327 continue;
329 328
330 linelen += snprintf (&line[linelen], sizeof(line) - linelen, 329 linelen += snprintf (&line[linelen], sizeof(line) - linelen,
331 "%s%s", linelen > 0 ? " " : "", rbuf); 330 "%s%s", linelen > 0 ? " " : "", rbuf);
332 331
333 semicolon = strchr(line, ';'); 332 semicolon = strchr(line, ';');
334 while (semicolon) { 333 while (semicolon) {
335 char saved_char = *++semicolon; 334 char saved_char = *++semicolon;
336 *semicolon = '\0'; 335 *semicolon = '\0';
337#ifdef HAVE_READLINE 336#ifdef HAVE_READLINE
338 add_history (line); 337 add_history (line);
339#endif 338#endif
340 339
341#ifdef HAVE_PFKEY_POLICY_PRIORITY 340#ifdef HAVE_PFKEY_POLICY_PRIORITY
342 last_msg_type = -1; /* invalid message type */ 341 last_msg_type = -1; /* invalid message type */
343#endif 342#endif
344 343
345 parse_string (line); 344 parse_string (line);
346 if (exit_now) 345 if (exit_now)
347 return; 346 return;
348 if (saved_char) { 347 if (saved_char) {
349 *semicolon = saved_char; 348 *semicolon = saved_char;
350 linelen = strlen (semicolon); 349 linelen = strlen (semicolon);
351 memmove (line, semicolon, linelen + 1); 350 memmove (line, semicolon, linelen + 1);
352 semicolon = strchr(line, ';'); 351 semicolon = strchr(line, ';');
353 } 352 }
354 else { 353 else {
355 semicolon = NULL; 354 semicolon = NULL;
356 linelen = 0; 355 linelen = 0;
357 } 356 }
358 } 357 }
359 } 358 }
360} 359}
361 360
362void 361void
363sendkeyshort(type) 362sendkeyshort(type)
364 u_int type; 363 u_int type;
365{ 364{
366 struct sadb_msg msg; 365 struct sadb_msg msg;
367 366
368 msg.sadb_msg_version = PF_KEY_V2; 367 msg.sadb_msg_version = PF_KEY_V2;
369 msg.sadb_msg_type = type; 368 msg.sadb_msg_type = type;
370 msg.sadb_msg_errno = 0; 369 msg.sadb_msg_errno = 0;
371 msg.sadb_msg_satype = SADB_SATYPE_UNSPEC; 370 msg.sadb_msg_satype = SADB_SATYPE_UNSPEC;
372 msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg)); 371 msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg));
373 msg.sadb_msg_reserved = 0; 372 msg.sadb_msg_reserved = 0;
374 msg.sadb_msg_seq = 0; 373 msg.sadb_msg_seq = 0;
375 msg.sadb_msg_pid = getpid(); 374 msg.sadb_msg_pid = getpid();
376 375
377 sendkeymsg((char *)&msg, sizeof(msg)); 376 sendkeymsg((char *)&msg, sizeof(msg));
378 377
379 return; 378 return;
380} 379}
381 380
382void 381void
383promisc() 382promisc()
384{ 383{
385 struct sadb_msg msg; 384 struct sadb_msg msg;
386 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */ 385 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
387 ssize_t l; 386 ssize_t l;
388 387
389 msg.sadb_msg_version = PF_KEY_V2; 388 msg.sadb_msg_version = PF_KEY_V2;
390 msg.sadb_msg_type = SADB_X_PROMISC; 389 msg.sadb_msg_type = SADB_X_PROMISC;
391 msg.sadb_msg_errno = 0; 390 msg.sadb_msg_errno = 0;
392 msg.sadb_msg_satype = 1; 391 msg.sadb_msg_satype = 1;
393 msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg)); 392 msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg));
394 msg.sadb_msg_reserved = 0; 393 msg.sadb_msg_reserved = 0;
395 msg.sadb_msg_seq = 0; 394 msg.sadb_msg_seq = 0;
396 msg.sadb_msg_pid = getpid(); 395 msg.sadb_msg_pid = getpid();
397 396
398 if ((l = send(so, &msg, sizeof(msg), 0)) < 0) { 397 if ((l = send(so, &msg, sizeof(msg), 0)) < 0) {
399 err(1, "send"); 398 err(1, "send");
400 /*NOTREACHED*/ 399 /*NOTREACHED*/
401 } 400 }
402 401
403 while (1) { 402 while (1) {
404 struct sadb_msg *base; 403 struct sadb_msg *base;
405 404
406 if ((l = recv(so, rbuf, sizeof(*base), MSG_PEEK)) < 0) { 405 if ((l = recv(so, rbuf, sizeof(*base), MSG_PEEK)) < 0) {
407 err(1, "recv"); 406 err(1, "recv");
408 /*NOTREACHED*/ 407 /*NOTREACHED*/
409 } 408 }
410 409
411 if (l != sizeof(*base)) 410 if (l != sizeof(*base))
412 continue; 411 continue;
413 412
414 base = (struct sadb_msg *)rbuf; 413 base = (struct sadb_msg *)rbuf;
415 if ((l = recv(so, rbuf, PFKEY_UNUNIT64(base->sadb_msg_len), 414 if ((l = recv(so, rbuf, PFKEY_UNUNIT64(base->sadb_msg_len),
416 0)) < 0) { 415 0)) < 0) {
417 err(1, "recv"); 416 err(1, "recv");
418 /*NOTREACHED*/ 417 /*NOTREACHED*/
419 } 418 }
420 printdate(); 419 printdate();
421 if (f_hexdump) { 420 if (f_hexdump) {
422 int i; 421 int i;
423 for (i = 0; i < l; i++) { 422 for (i = 0; i < l; i++) {
424 if (i % 16 == 0) 423 if (i % 16 == 0)
425 printf("%08x: ", i); 424 printf("%08x: ", i);
426 printf("%02x ", rbuf[i] & 0xff); 425 printf("%02x ", rbuf[i] & 0xff);
427 if (i % 16 == 15) 426 if (i % 16 == 15)
428 printf("\n"); 427 printf("\n");
429 } 428 }
430 if (l % 16) 429 if (l % 16)
431 printf("\n"); 430 printf("\n");
432 } 431 }
433 /* adjust base pointer for promisc mode */ 432 /* adjust base pointer for promisc mode */
434 if (base->sadb_msg_type == SADB_X_PROMISC) { 433 if (base->sadb_msg_type == SADB_X_PROMISC) {
435 if ((ssize_t)sizeof(*base) < l) 434 if ((ssize_t)sizeof(*base) < l)
436 base++; 435 base++;
437 else 436 else
438 base = NULL; 437 base = NULL;
439 } 438 }
440 if (base) { 439 if (base) {
441 kdebug_sadb(base); 440 kdebug_sadb(base);
442 printf("\n"); 441 printf("\n");
443 fflush(stdout); 442 fflush(stdout);
444 } 443 }
445 } 444 }
446} 445}
447 446
448/* Generate 'spi' array with SPIs matching 'satype', 'srcs', and 'dsts' 447/* Generate 'spi' array with SPIs matching 'satype', 'srcs', and 'dsts'
449 * Return value is dynamically generated array of SPIs, also number of 448 * Return value is dynamically generated array of SPIs, also number of
450 * SPIs through num_spi pointer. 449 * SPIs through num_spi pointer.
451 * On any error, set *num_spi to 0 and return NULL. 450 * On any error, set *num_spi to 0 and return NULL.
452 */ 451 */
453u_int32_t * 452u_int32_t *
454sendkeymsg_spigrep(satype, srcs, dsts, num_spi) 453sendkeymsg_spigrep(satype, srcs, dsts, num_spi)
455 unsigned int satype; 454 unsigned int satype;
456 struct addrinfo *srcs; 455 struct addrinfo *srcs;
457 struct addrinfo *dsts; 456 struct addrinfo *dsts;
458 int *num_spi; 457 int *num_spi;
459{ 458{
460 struct sadb_msg msg, *m; 459 struct sadb_msg msg, *m;
461 char *buf; 460 char *buf;
462 size_t len; 461 size_t len;
463 ssize_t l; 462 ssize_t l;
464 u_char rbuf[1024 * 32]; 463 u_char rbuf[1024 * 32];
465 caddr_t mhp[SADB_EXT_MAX + 1]; 464 caddr_t mhp[SADB_EXT_MAX + 1];
466 struct sadb_address *saddr; 465 struct sadb_address *saddr;
467 struct sockaddr *s; 466 struct sockaddr *s;
468 struct addrinfo *a; 467 struct addrinfo *a;
469 struct sadb_sa *sa; 468 struct sadb_sa *sa;
470 u_int32_t *spi = NULL; 469 u_int32_t *spi = NULL;
471 int max_spi = 0, fail = 0; 470 int max_spi = 0, fail = 0;
472 471
473 *num_spi = 0; 472 *num_spi = 0;
474 473
475 if (f_notreally) { 474 if (f_notreally) {
476 return NULL; 475 return NULL;
477 } 476 }
478 477
479 { 478 {
480 struct timeval tv; 479 struct timeval tv;
481 tv.tv_sec = 1; 480 tv.tv_sec = 1;
482 tv.tv_usec = 0; 481 tv.tv_usec = 0;
483 if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) { 482 if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) {
484 perror("setsockopt"); 483 perror("setsockopt");
485 return NULL; 484 return NULL;
486 } 485 }
487 } 486 }
488 487
489 msg.sadb_msg_version = PF_KEY_V2; 488 msg.sadb_msg_version = PF_KEY_V2;
490 msg.sadb_msg_type = SADB_DUMP; 489 msg.sadb_msg_type = SADB_DUMP;
491 msg.sadb_msg_errno = 0; 490 msg.sadb_msg_errno = 0;
492 msg.sadb_msg_satype = satype; 491 msg.sadb_msg_satype = satype;
493 msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg)); 492 msg.sadb_msg_len = PFKEY_UNIT64(sizeof(msg));
494 msg.sadb_msg_reserved = 0; 493 msg.sadb_msg_reserved = 0;
495 msg.sadb_msg_seq = 0; 494 msg.sadb_msg_seq = 0;
496 msg.sadb_msg_pid = getpid(); 495 msg.sadb_msg_pid = getpid();
497 buf = (char *)&msg; 496 buf = (char *)&msg;
498 len = sizeof(msg); 497 len = sizeof(msg);
499 498
500 if (f_verbose) { 499 if (f_verbose) {
501 kdebug_sadb(&msg); 500 kdebug_sadb(&msg);
502 printf("\n"); 501 printf("\n");
503 } 502 }
504 if (f_hexdump) { 503 if (f_hexdump) {
505 int i; 504 int i;
506 for (i = 0; i < len; i++) { 505 for (i = 0; i < len; i++) {
507 if (i % 16 == 0) 506 if (i % 16 == 0)
508 printf("%08x: ", i); 507 printf("%08x: ", i);
509 printf("%02x ", buf[i] & 0xff); 508 printf("%02x ", buf[i] & 0xff);
510 if (i % 16 == 15) 509 if (i % 16 == 15)
511 printf("\n"); 510 printf("\n");
512 } 511 }
513 if (len % 16) 512 if (len % 16)
514 printf("\n"); 513 printf("\n");
515 } 514 }
516 515
517 if ((l = send(so, buf, len, 0)) < 0) { 516 if ((l = send(so, buf, len, 0)) < 0) {
518 perror("send"); 517 perror("send");
519 return NULL; 518 return NULL;
520 } 519 }
521 520
522 m = (struct sadb_msg *)rbuf; 521 m = (struct sadb_msg *)rbuf;
523 do { 522 do {
524 if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) { 523 if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
525 perror("recv"); 524 perror("recv");
526 fail = 1; 525 fail = 1;
527 break; 526 break;
528 } 527 }
529 528
530 if (PFKEY_UNUNIT64(m->sadb_msg_len) != l) { 529 if (PFKEY_UNUNIT64(m->sadb_msg_len) != l) {
531 warnx("invalid keymsg length"); 530 warnx("invalid keymsg length");
532 fail = 1; 531 fail = 1;
533 break; 532 break;
534 } 533 }
535 534
536 if (f_verbose) { 535 if (f_verbose) {
537 kdebug_sadb(m); 536 kdebug_sadb(m);
538 printf("\n"); 537 printf("\n");
539 } 538 }
540 539
541 if (m->sadb_msg_type != SADB_DUMP) { 540 if (m->sadb_msg_type != SADB_DUMP) {
542 warnx("unexpected message type"); 541 warnx("unexpected message type");
543 fail = 1; 542 fail = 1;
544 break; 543 break;
545 } 544 }
546 545
547 if (m->sadb_msg_errno != 0) { 546 if (m->sadb_msg_errno != 0) {
548 warnx("error encountered"); 547 warnx("error encountered");
549 fail = 1; 548 fail = 1;
550 break; 549 break;
551 } 550 }
552 551
553 /* match satype */ 552 /* match satype */
554 if (m->sadb_msg_satype != satype) 553 if (m->sadb_msg_satype != satype)
555 continue; 554 continue;
556 555
557 pfkey_align(m, mhp); 556 pfkey_align(m, mhp);
558 pfkey_check(mhp); 557 pfkey_check(mhp);
559 558
560 /* match src */ 559 /* match src */
561 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; 560 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
562 if (saddr == NULL) 561 if (saddr == NULL)
563 continue; 562 continue;
564 s = (struct sockaddr *)(saddr + 1); 563 s = (struct sockaddr *)(saddr + 1);
565 for (a = srcs; a; a = a->ai_next) 564 for (a = srcs; a; a = a->ai_next)
566 if (memcmp(a->ai_addr, s, a->ai_addrlen) == 0) 565 if (memcmp(a->ai_addr, s, a->ai_addrlen) == 0)
567 break; 566 break;
568 if (a == NULL) 567 if (a == NULL)
569 continue; 568 continue;
570 569
571 /* match dst */ 570 /* match dst */
572 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; 571 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
573 if (saddr == NULL) 572 if (saddr == NULL)
574 continue; 573 continue;
575 s = (struct sockaddr *)(saddr + 1); 574 s = (struct sockaddr *)(saddr + 1);
576 for (a = dsts; a; a = a->ai_next) 575 for (a = dsts; a; a = a->ai_next)
577 if (memcmp(a->ai_addr, s, a->ai_addrlen) == 0) 576 if (memcmp(a->ai_addr, s, a->ai_addrlen) == 0)
578 break; 577 break;
579 if (a == NULL) 578 if (a == NULL)
580 continue; 579 continue;
581 580
582 if (*num_spi >= max_spi) { 581 if (*num_spi >= max_spi) {
583 max_spi += 512; 582 max_spi += 512;
584 spi = realloc(spi, max_spi * sizeof(u_int32_t)); 583 spi = realloc(spi, max_spi * sizeof(u_int32_t));
585 } 584 }
586 585
587 sa = (struct sadb_sa *)mhp[SADB_EXT_SA]; 586 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
588 if (sa != NULL) 587 if (sa != NULL)
589 spi[(*num_spi)++] = (u_int32_t)ntohl(sa->sadb_sa_spi); 588 spi[(*num_spi)++] = (u_int32_t)ntohl(sa->sadb_sa_spi);
590 589
591 m = (struct sadb_msg *)((caddr_t)m + PFKEY_UNUNIT64(m->sadb_msg_len)); 590 m = (struct sadb_msg *)((caddr_t)m + PFKEY_UNUNIT64(m->sadb_msg_len));
592 591
593 if (f_verbose) { 592 if (f_verbose) {
594 kdebug_sadb(m); 593 kdebug_sadb(m);
595 printf("\n"); 594 printf("\n");
596 } 595 }
597 596
598 } while (m->sadb_msg_seq); 597 } while (m->sadb_msg_seq);
599 598
600 if (fail) { 599 if (fail) {
601 free(spi); 600 free(spi);
602 *num_spi = 0; 601 *num_spi = 0;
603 return NULL; 602 return NULL;
604 } 603 }
605 604
606 return spi; 605 return spi;
607} 606}
608 607
609int 608int
610sendkeymsg(buf, len) 609sendkeymsg(buf, len)
611 char *buf; 610 char *buf;
612 size_t len; 611 size_t len;
613{ 612{
614 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */ 613 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
615 ssize_t l; 614 ssize_t l;
616 struct sadb_msg *msg; 615 struct sadb_msg *msg;
617 616
618 if (f_notreally) { 617 if (f_notreally) {
619 goto end; 618 goto end;
620 } 619 }
621 620
622 { 621 {
623 struct timeval tv; 622 struct timeval tv;
624 tv.tv_sec = 1; 623 tv.tv_sec = 1;
625 tv.tv_usec = 0; 624 tv.tv_usec = 0;
626 if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) { 625 if (setsockopt(so, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) < 0) {
627 perror("setsockopt"); 626 perror("setsockopt");
628 goto end; 627 goto end;
629 } 628 }
630 } 629 }
631 630
632 if (f_forever) 631 if (f_forever)
633 shortdump_hdr(); 632 shortdump_hdr();
634again: 633again:
635 if (f_verbose) { 634 if (f_verbose) {
636 kdebug_sadb((struct sadb_msg *)buf); 635 kdebug_sadb((struct sadb_msg *)buf);
637 printf("\n"); 636 printf("\n");
638 } 637 }
639 if (f_hexdump) { 638 if (f_hexdump) {
640 int i; 639 int i;
641 for (i = 0; i < len; i++) { 640 for (i = 0; i < len; i++) {
642 if (i % 16 == 0) 641 if (i % 16 == 0)
643 printf("%08x: ", i); 642 printf("%08x: ", i);
644 printf("%02x ", buf[i] & 0xff); 643 printf("%02x ", buf[i] & 0xff);
645 if (i % 16 == 15) 644 if (i % 16 == 15)
646 printf("\n"); 645 printf("\n");
647 } 646 }
648 if (len % 16) 647 if (len % 16)
649 printf("\n"); 648 printf("\n");
650 } 649 }
651 650
652 if ((l = send(so, buf, len, 0)) < 0) { 651 if ((l = send(so, buf, len, 0)) < 0) {
653 perror("send"); 652 perror("send");
654 goto end; 653 goto end;
655 } 654 }
656 655
657 msg = (struct sadb_msg *)rbuf; 656 msg = (struct sadb_msg *)rbuf;
658 do { 657 do {
659 if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) { 658 if ((l = recv(so, rbuf, sizeof(rbuf), 0)) < 0) {
660 perror("recv"); 659 perror("recv");
661 goto end; 660 goto end;
662 } 661 }
663 662
664 if (PFKEY_UNUNIT64(msg->sadb_msg_len) != l) { 663 if (PFKEY_UNUNIT64(msg->sadb_msg_len) != l) {
665 warnx("invalid keymsg length"); 664 warnx("invalid keymsg length");
666 break; 665 break;
667 } 666 }
668 667
669 if (f_verbose) { 668 if (f_verbose) {
670 kdebug_sadb(msg); 669 kdebug_sadb(msg);
671 printf("\n"); 670 printf("\n");
672 } 671 }
673 if (postproc(msg, l) < 0) 672 if (postproc(msg, l) < 0)
674 break; 673 break;
675 } while (msg->sadb_msg_errno || msg->sadb_msg_seq); 674 } while (msg->sadb_msg_errno || msg->sadb_msg_seq);
676 675
677 if (f_forever) { 676 if (f_forever) {
678 fflush(stdout); 677 fflush(stdout);
679 sleep(1); 678 sleep(1);
680 goto again; 679 goto again;
681 } 680 }
682 681
683end: 682end:
684 return (0); 683 return (0);
685} 684}
686 685
687int 686int
688postproc(msg, len) 687postproc(msg, len)
689 struct sadb_msg *msg; 688 struct sadb_msg *msg;
690 int len; 689 int len;
691{ 690{
692#ifdef HAVE_PFKEY_POLICY_PRIORITY 691#ifdef HAVE_PFKEY_POLICY_PRIORITY
693 static int priority_support_check = 0; 692 static int priority_support_check = 0;
694#endif 693#endif
695 694
696 if (msg->sadb_msg_errno != 0) { 695 if (msg->sadb_msg_errno != 0) {
697 char inf[80]; 696 char inf[80];
698 const char *errmsg = NULL; 697 const char *errmsg = NULL;
699 698
700 if (f_mode == MODE_SCRIPT) 699 if (f_mode == MODE_SCRIPT)
701 snprintf(inf, sizeof(inf), "The result of line %d: ", lineno); 700 snprintf(inf, sizeof(inf), "The result of line %d: ", lineno);
702 else 701 else
703 inf[0] = '\0'; 702 inf[0] = '\0';
704 703
705 switch (msg->sadb_msg_errno) { 704 switch (msg->sadb_msg_errno) {
706 case ENOENT: 705 case ENOENT:
707 switch (msg->sadb_msg_type) { 706 switch (msg->sadb_msg_type) {
708 case SADB_DELETE: 707 case SADB_DELETE:
709 case SADB_GET: 708 case SADB_GET:
710 case SADB_X_SPDDELETE: 709 case SADB_X_SPDDELETE:
711 errmsg = "No entry"; 710 errmsg = "No entry";
712 break; 711 break;
713 case SADB_DUMP: 712 case SADB_DUMP:
714 errmsg = "No SAD entries"; 713 errmsg = "No SAD entries";
715 break; 714 break;
716 case SADB_X_SPDDUMP: 715 case SADB_X_SPDDUMP:
717 errmsg = "No SPD entries"; 716 errmsg = "No SPD entries";
718 break; 717 break;
719 } 718 }
720 break; 719 break;
721 default: 720 default:
722 errmsg = strerror(msg->sadb_msg_errno); 721 errmsg = strerror(msg->sadb_msg_errno);
723 } 722 }
724 printf("%s%s.\n", inf, errmsg); 723 printf("%s%s.\n", inf, errmsg);
725 return (-1); 724 return (-1);
726 } 725 }
727 726
728 switch (msg->sadb_msg_type) { 727 switch (msg->sadb_msg_type) {
729 case SADB_GET: 728 case SADB_GET:
730 if (f_withports) 729 if (f_withports)
731 pfkey_sadump_withports(msg); 730 pfkey_sadump_withports(msg);
732 else 731 else
733 pfkey_sadump(msg); 732 pfkey_sadump(msg);
734 break; 733 break;
735 734
736 case SADB_DUMP: 735 case SADB_DUMP:
737 /* filter out DEAD SAs */ 736 /* filter out DEAD SAs */
738 if (!f_all) { 737 if (!f_all) {
739 caddr_t mhp[SADB_EXT_MAX + 1]; 738 caddr_t mhp[SADB_EXT_MAX + 1];
740 struct sadb_sa *sa; 739 struct sadb_sa *sa;
741 pfkey_align(msg, mhp); 740 pfkey_align(msg, mhp);
742 pfkey_check(mhp); 741 pfkey_check(mhp);
743 if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) { 742 if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
744 if (sa->sadb_sa_state == SADB_SASTATE_DEAD) 743 if (sa->sadb_sa_state == SADB_SASTATE_DEAD)
745 break; 744 break;
746 } 745 }
747 } 746 }
748 if (f_forever) { 747 if (f_forever) {
749 /* TODO: f_withports */ 748 /* TODO: f_withports */
750 shortdump(msg); 749 shortdump(msg);
751 } else { 750 } else {
752 if (f_withports) 751 if (f_withports)
753 pfkey_sadump_withports(msg); 752 pfkey_sadump_withports(msg);
754 else 753 else
755 pfkey_sadump(msg); 754 pfkey_sadump(msg);
756 } 755 }
757 msg = (struct sadb_msg *)((caddr_t)msg + 756 msg = (struct sadb_msg *)((caddr_t)msg +
758 PFKEY_UNUNIT64(msg->sadb_msg_len)); 757 PFKEY_UNUNIT64(msg->sadb_msg_len));
759 if (f_verbose) { 758 if (f_verbose) {
760 kdebug_sadb((struct sadb_msg *)msg); 759 kdebug_sadb((struct sadb_msg *)msg);
761 printf("\n"); 760 printf("\n");
762 } 761 }
763 break; 762 break;
764 763
765 case SADB_X_SPDGET: 764 case SADB_X_SPDGET:
766 if (f_withports)  765 if (f_withports)
767 pfkey_spdump_withports(msg); 766 pfkey_spdump_withports(msg);
768 else 767 else
769 pfkey_spdump(msg); 768 pfkey_spdump(msg);
770 break; 769 break;
771 770
772 case SADB_X_SPDDUMP: 771 case SADB_X_SPDDUMP:
773 if (f_withports)  772 if (f_withports)
774 pfkey_spdump_withports(msg); 773 pfkey_spdump_withports(msg);
775 else 774 else
776 pfkey_spdump(msg); 775 pfkey_spdump(msg);
777 if (msg->sadb_msg_seq == 0) break; 776 if (msg->sadb_msg_seq == 0) break;
778 msg = (struct sadb_msg *)((caddr_t)msg + 777 msg = (struct sadb_msg *)((caddr_t)msg +
779 PFKEY_UNUNIT64(msg->sadb_msg_len)); 778 PFKEY_UNUNIT64(msg->sadb_msg_len));
780 if (f_verbose) { 779 if (f_verbose) {
781 kdebug_sadb((struct sadb_msg *)msg); 780 kdebug_sadb((struct sadb_msg *)msg);
782 printf("\n"); 781 printf("\n");
783 } 782 }
784 break; 783 break;
785#ifdef HAVE_PFKEY_POLICY_PRIORITY 784#ifdef HAVE_PFKEY_POLICY_PRIORITY
786 case SADB_X_SPDADD: 785 case SADB_X_SPDADD:
787 if (last_msg_type == SADB_X_SPDADD && last_priority != 0 &&  786 if (last_msg_type == SADB_X_SPDADD && last_priority != 0 &&
788 msg->sadb_msg_pid == getpid() && !priority_support_check) { 787 msg->sadb_msg_pid == getpid() && !priority_support_check) {
789 priority_support_check = 1;  788 priority_support_check = 1;
790 if (!verifypriority(msg)) 789 if (!verifypriority(msg))
791 printf ("WARNING: Kernel does not support policy priorities\n"); 790 printf ("WARNING: Kernel does not support policy priorities\n");
792 } 791 }
793 break; 792 break;
794#endif 793#endif
795 } 794 }
796 795
797 return (0); 796 return (0);
798} 797}
799 798
800#ifdef HAVE_PFKEY_POLICY_PRIORITY 799#ifdef HAVE_PFKEY_POLICY_PRIORITY
801int 800int
802verifypriority(m) 801verifypriority(m)
803 struct sadb_msg *m; 802 struct sadb_msg *m;
804{ 803{
805 caddr_t mhp[SADB_EXT_MAX + 1]; 804 caddr_t mhp[SADB_EXT_MAX + 1];
806 struct sadb_x_policy *xpl; 805 struct sadb_x_policy *xpl;
807 806
808 /* check pfkey message. */ 807 /* check pfkey message. */
809 if (pfkey_align(m, mhp)) { 808 if (pfkey_align(m, mhp)) {
810 printf("(%s\n", ipsec_strerror()); 809 printf("(%s\n", ipsec_strerror());
811 return 0; 810 return 0;
812 } 811 }
813 if (pfkey_check(mhp)) { 812 if (pfkey_check(mhp)) {
814 printf("%s\n", ipsec_strerror()); 813 printf("%s\n", ipsec_strerror());
815 return 0; 814 return 0;
816 } 815 }
817 816
818 xpl = (struct sadb_x_policy *) mhp[SADB_X_EXT_POLICY]; 817 xpl = (struct sadb_x_policy *) mhp[SADB_X_EXT_POLICY];
819 818
820 if (xpl == NULL) { 819 if (xpl == NULL) {
821 printf("no X_POLICY extension.\n"); 820 printf("no X_POLICY extension.\n");
822 return 0; 821 return 0;
823 } 822 }
824 823
825 /* now make sure they match */ 824 /* now make sure they match */
826 if (last_priority != xpl->sadb_x_policy_priority) 825 if (last_priority != xpl->sadb_x_policy_priority)
827 return 0; 826 return 0;
828 827
829 return 1;  828 return 1;
830} 829}
831#endif 830#endif
832 831
833int 832int
834fileproc(filename) 833fileproc(filename)
835 const char *filename; 834 const char *filename;
836{ 835{
837 int fd; 836 int fd;
838 ssize_t len, l; 837 ssize_t len, l;
839 u_char *p, *ep; 838 u_char *p, *ep;
840 struct sadb_msg *msg; 839 struct sadb_msg *msg;
841 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */ 840 u_char rbuf[1024 * 32]; /* XXX: Enough ? Should I do MSG_PEEK ? */
842 841
843 fd = open(filename, O_RDONLY); 842 fd = open(filename, O_RDONLY);
844 if (fd < 0) 843 if (fd < 0)
845 return -1; 844 return -1;
846 845
847 l = 0; 846 l = 0;
848 while (1) { 847 while (1) {
849 len = read(fd, rbuf + l, sizeof(rbuf) - l); 848 len = read(fd, rbuf + l, sizeof(rbuf) - l);
850 if (len < 0) { 849 if (len < 0) {
851 close(fd); 850 close(fd);
852 return -1; 851 return -1;
853 } else if (len == 0) 852 } else if (len == 0)
854 break; 853 break;
855 l += len; 854 l += len;
856 } 855 }
857 856
858 if (l < sizeof(struct sadb_msg)) { 857 if (l < sizeof(struct sadb_msg)) {
859 close(fd); 858 close(fd);
860 errno = EINVAL; 859 errno = EINVAL;
861 return -1; 860 return -1;
862 } 861 }
863 close(fd); 862 close(fd);
864 863
865 p = rbuf; 864 p = rbuf;
866 ep = rbuf + l; 865 ep = rbuf + l;
867 866
868 while (p < ep) { 867 while (p < ep) {
869 msg = (struct sadb_msg *)p; 868 msg = (struct sadb_msg *)p;
870 len = PFKEY_UNUNIT64(msg->sadb_msg_len); 869 len = PFKEY_UNUNIT64(msg->sadb_msg_len);
871 postproc(msg, len); 870 postproc(msg, len);
872 p += len; 871 p += len;
873 } 872 }
874 873
875 return (0); 874 return (0);
876} 875}
877 876
878 877
879/*------------------------------------------------------------*/ 878/*------------------------------------------------------------*/
880static const char *satype[] = { 879static const char *satype[] = {
881 NULL, NULL, "ah", "esp" 880 NULL, NULL, "ah", "esp"
882}; 881};
883static const char *sastate[] = { 882static const char *sastate[] = {
884 "L", "M", "D", "d" 883 "L", "M", "D", "d"
885}; 884};
886static const char *ipproto[] = { 885static const char *ipproto[] = {
887/*0*/ "ip", "icmp", "igmp", "ggp", "ip4", 886/*0*/ "ip", "icmp", "igmp", "ggp", "ip4",
888 NULL, "tcp", NULL, "egp", NULL, 887 NULL, "tcp", NULL, "egp", NULL,
889/*10*/ NULL, NULL, NULL, NULL, NULL, 888/*10*/ NULL, NULL, NULL, NULL, NULL,
890 NULL, NULL, "udp", NULL, NULL, 889 NULL, NULL, "udp", NULL, NULL,
891/*20*/ NULL, NULL, "idp", NULL, NULL, 890/*20*/ NULL, NULL, "idp", NULL, NULL,
892 NULL, NULL, NULL, NULL, "tp", 891 NULL, NULL, NULL, NULL, "tp",
893/*30*/ NULL, NULL, NULL, NULL, NULL, 892/*30*/ NULL, NULL, NULL, NULL, NULL,
894 NULL, NULL, NULL, NULL, NULL, 893 NULL, NULL, NULL, NULL, NULL,
895/*40*/ NULL, "ip6", NULL, "rt6", "frag6", 894/*40*/ NULL, "ip6", NULL, "rt6", "frag6",
896 NULL, "rsvp", "gre", NULL, NULL, 895 NULL, "rsvp", "gre", NULL, NULL,
897/*50*/ "esp", "ah", NULL, NULL, NULL, 896/*50*/ "esp", "ah", NULL, NULL, NULL,
898 NULL, NULL, NULL, "icmp6", "none", 897 NULL, NULL, NULL, "icmp6", "none",
899/*60*/ "dst6", 898/*60*/ "dst6",
900}; 899};
901 900
902#define STR_OR_ID(x, tab) \ 901#define STR_OR_ID(x, tab) \
903 (((x) < sizeof(tab)/sizeof(tab[0]) && tab[(x)]) ? tab[(x)] : numstr(x)) 902 (((x) < sizeof(tab)/sizeof(tab[0]) && tab[(x)]) ? tab[(x)] : numstr(x))
904 903
905const char * 904const char *
906numstr(x) 905numstr(x)
907 int x; 906 int x;
908{ 907{
909 static char buf[20]; 908 static char buf[20];
910 snprintf(buf, sizeof(buf), "#%d", x); 909 snprintf(buf, sizeof(buf), "#%d", x);
911 return buf; 910 return buf;
912} 911}
913 912
914void 913void
915shortdump_hdr() 914shortdump_hdr()
916{ 915{
917 printf("%-4s %-3s %-1s %-8s %-7s %s -> %s\n", 916 printf("%-4s %-3s %-1s %-8s %-7s %s -> %s\n",
918 "time", "p", "s", "spi", "ltime", "src", "dst"); 917 "time", "p", "s", "spi", "ltime", "src", "dst");
919} 918}
920 919
921void 920void
922shortdump(msg) 921shortdump(msg)
923 struct sadb_msg *msg; 922 struct sadb_msg *msg;
924{ 923{
925 caddr_t mhp[SADB_EXT_MAX + 1]; 924 caddr_t mhp[SADB_EXT_MAX + 1];
926 char buf[NI_MAXHOST], pbuf[NI_MAXSERV]; 925 char buf[NI_MAXHOST], pbuf[NI_MAXSERV];
927 struct sadb_sa *sa; 926 struct sadb_sa *sa;
928 struct sadb_address *saddr; 927 struct sadb_address *saddr;
929 struct sadb_lifetime *lts, *lth, *ltc; 928 struct sadb_lifetime *lts, *lth, *ltc;
930 struct sockaddr *s; 929 struct sockaddr *s;
931 u_int t; 930 u_int t;
932 time_t cur = time(0); 931 time_t cur = time(0);
933 932
934 pfkey_align(msg, mhp); 933 pfkey_align(msg, mhp);
935 pfkey_check(mhp); 934 pfkey_check(mhp);
936 935
937 printf("%02lu%02lu", (u_long)(cur % 3600) / 60, (u_long)(cur % 60)); 936 printf("%02lu%02lu", (u_long)(cur % 3600) / 60, (u_long)(cur % 60));
938 937
939 printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype)); 938 printf(" %-3s", STR_OR_ID(msg->sadb_msg_satype, satype));
940 939
941 if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) { 940 if ((sa = (struct sadb_sa *)mhp[SADB_EXT_SA]) != NULL) {
942 printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate)); 941 printf(" %-1s", STR_OR_ID(sa->sadb_sa_state, sastate));
943 printf(" %08x", (u_int32_t)ntohl(sa->sadb_sa_spi)); 942 printf(" %08x", (u_int32_t)ntohl(sa->sadb_sa_spi));
944 } else 943 } else
945 printf("%-1s %-8s", "?", "?"); 944 printf("%-1s %-8s", "?", "?");
946 945
947 lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT]; 946 lts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
948 lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; 947 lth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
949 ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; 948 ltc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
950 if (lts && lth && ltc) { 949 if (lts && lth && ltc) {
951 if (ltc->sadb_lifetime_addtime == 0) 950 if (ltc->sadb_lifetime_addtime == 0)
952 t = (u_long)0; 951 t = (u_long)0;
953 else 952 else
954 t = (u_long)(cur - ltc->sadb_lifetime_addtime); 953 t = (u_long)(cur - ltc->sadb_lifetime_addtime);
955 if (t >= 1000) 954 if (t >= 1000)
956 strlcpy(buf, " big/", sizeof(buf)); 955 strlcpy(buf, " big/", sizeof(buf));
957 else 956 else
958 snprintf(buf, sizeof(buf), " %3lu/", (u_long)t); 957 snprintf(buf, sizeof(buf), " %3lu/", (u_long)t);
959 printf("%s", buf); 958 printf("%s", buf);
960 959
961 t = (u_long)lth->sadb_lifetime_addtime; 960 t = (u_long)lth->sadb_lifetime_addtime;
962 if (t >= 1000) 961 if (t >= 1000)
963 strlcpy(buf, "big", sizeof(buf)); 962 strlcpy(buf, "big", sizeof(buf));
964 else 963 else
965 snprintf(buf, sizeof(buf), "%-3lu", (u_long)t); 964 snprintf(buf, sizeof(buf), "%-3lu", (u_long)t);
966 printf("%s", buf); 965 printf("%s", buf);
967 } else 966 } else
968 printf(" ??\?/???"); /* backslash to avoid trigraph ??/ */ 967 printf(" ??\?/???"); /* backslash to avoid trigraph ??/ */
969 968
970 printf(" "); 969 printf(" ");
971 970
972 if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) { 971 if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]) != NULL) {
973 if (saddr->sadb_address_proto) 972 if (saddr->sadb_address_proto)
974 printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto)); 973 printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
975 s = (struct sockaddr *)(saddr + 1); 974 s = (struct sockaddr *)(saddr + 1);
976 getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf), 975 getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
977 pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV); 976 pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
978 if (strcmp(pbuf, "0") != 0) 977 if (strcmp(pbuf, "0") != 0)
979 printf("%s[%s]", buf, pbuf); 978 printf("%s[%s]", buf, pbuf);
980 else 979 else
981 printf("%s", buf); 980 printf("%s", buf);
982 } else 981 } else
983 printf("?"); 982 printf("?");
984 983
985 printf(" -> "); 984 printf(" -> ");
986 985
987 if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) { 986 if ((saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]) != NULL) {
988 if (saddr->sadb_address_proto) 987 if (saddr->sadb_address_proto)
989 printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto)); 988 printf("%s ", STR_OR_ID(saddr->sadb_address_proto, ipproto));
990 989
991 s = (struct sockaddr *)(saddr + 1); 990 s = (struct sockaddr *)(saddr + 1);
992 getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf), 991 getnameinfo(s, sysdep_sa_len(s), buf, sizeof(buf),
993 pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV); 992 pbuf, sizeof(pbuf), NI_NUMERICHOST|NI_NUMERICSERV);
994 if (strcmp(pbuf, "0") != 0) 993 if (strcmp(pbuf, "0") != 0)
995 printf("%s[%s]", buf, pbuf); 994 printf("%s[%s]", buf, pbuf);
996 else 995 else
997 printf("%s", buf); 996 printf("%s", buf);
998 } else 997 } else
999 printf("?"); 998 printf("?");
1000 999
1001 printf("\n"); 1000 printf("\n");
1002} 1001}
1003 1002
1004/* From: tcpdump(1):gmt2local.c and util.c */ 1003/* From: tcpdump(1):gmt2local.c and util.c */
1005/* 1004/*
1006 * Print the timestamp 1005 * Print the timestamp
1007 */ 1006 */
1008static void 1007static void
1009printdate() 1008printdate()
1010{ 1009{
1011 struct timeval tp; 1010 struct timeval tp;
1012 int s; 1011 int s;
1013 1012
1014 if (gettimeofday(&tp, NULL) == -1) { 1013 if (gettimeofday(&tp, NULL) == -1) {
1015 perror("gettimeofday"); 1014 perror("gettimeofday");
1016 return; 1015 return;
1017 } 1016 }
1018 1017
1019 if (f_tflag == 1) { 1018 if (f_tflag == 1) {
1020 /* Default */ 1019 /* Default */
1021 s = (tp.tv_sec + thiszone ) % 86400; 1020 s = (tp.tv_sec + thiszone ) % 86400;
1022 (void)printf("%02d:%02d:%02d.%06u ", 1021 (void)printf("%02d:%02d:%02d.%06u ",
1023 s / 3600, (s % 3600) / 60, s % 60, (u_int32_t)tp.tv_usec); 1022 s / 3600, (s % 3600) / 60, s % 60, (u_int32_t)tp.tv_usec);
1024 } else if (f_tflag > 1) { 1023 } else if (f_tflag > 1) {
1025 /* Unix timeval style */ 1024 /* Unix timeval style */
1026 (void)printf("%u.%06u ", 1025 (void)printf("%u.%06u ",
1027 (u_int32_t)tp.tv_sec, (u_int32_t)tp.tv_usec); 1026 (u_int32_t)tp.tv_sec, (u_int32_t)tp.tv_usec);
1028 } 1027 }
1029 1028
1030 printf("\n"); 1029 printf("\n");
1031} 1030}
1032 1031
1033/* 1032/*
1034 * Returns the difference between gmt and local time in seconds. 1033 * Returns the difference between gmt and local time in seconds.
1035 * Use gmtime() and localtime() to keep things simple. 1034 * Use gmtime() and localtime() to keep things simple.
1036 */ 1035 */
1037int32_t 1036int32_t
1038gmt2local(time_t t) 1037gmt2local(time_t t)
1039{ 1038{
1040 register int dt, dir; 1039 register int dt, dir;
1041 register struct tm *gmt, *loc; 1040 register struct tm *gmt, *loc;
1042 struct tm sgmt; 1041 struct tm sgmt;
1043 1042
1044 if (t == 0) 1043 if (t == 0)
1045 t = time(NULL); 1044 t = time(NULL);
1046 gmt = &sgmt; 1045 gmt = &sgmt;
1047 *gmt = *gmtime(&t); 1046 *gmt = *gmtime(&t);
1048 loc = localtime(&t); 1047 loc = localtime(&t);
1049 dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 + 1048 dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 +
1050 (loc->tm_min - gmt->tm_min) * 60; 1049 (loc->tm_min - gmt->tm_min) * 60;
1051 1050
1052 /* 1051 /*
1053 * If the year or julian day is different, we span 00:00 GMT 1052 * If the year or julian day is different, we span 00:00 GMT
1054 * and must add or subtract a day. Check the year first to 1053 * and must add or subtract a day. Check the year first to
1055 * avoid problems when the julian day wraps. 1054 * avoid problems when the julian day wraps.
1056 */ 1055 */
1057 dir = loc->tm_year - gmt->tm_year; 1056 dir = loc->tm_year - gmt->tm_year;
1058 if (dir == 0) 1057 if (dir == 0)
1059 dir = loc->tm_yday - gmt->tm_yday; 1058 dir = loc->tm_yday - gmt->tm_yday;
1060 dt += dir * 24 * 60 * 60; 1059 dt += dir * 24 * 60 * 60;
1061 1060
1062 return (dt); 1061 return (dt);
1063} 1062}