Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sbin/setkey support DUMP by sysctl
details: https://anonhg.NetBSD.org/src/rev/35cc3828c4d7
branches: trunk
changeset: 551788:35cc3828c4d7
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Sep 12 07:45:21 2003 +0000
description:
support DUMP by sysctl
diffstat:
sbin/setkey/parse.y | 61 ++++++++++++++++++++++++++++++++++++++++++++-
sbin/setkey/setkey.8 | 11 +++++++-
sbin/setkey/setkey.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++--
sbin/setkey/token.l | 3 +-
4 files changed, 138 insertions(+), 7 deletions(-)
diffs (256 lines):
diff -r 0f6a6e8cf720 -r 35cc3828c4d7 sbin/setkey/parse.y
--- a/sbin/setkey/parse.y Fri Sep 12 07:44:10 2003 +0000
+++ b/sbin/setkey/parse.y Fri Sep 12 07:45:21 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.13 2003/09/07 22:20:05 itojun Exp $ */
+/* $NetBSD: parse.y,v 1.14 2003/09/12 07:45:21 itojun Exp $ */
/* $KAME: parse.y,v 1.80 2003/06/27 07:15:45 itojun Exp $ */
/*
@@ -72,6 +72,9 @@
int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
struct addrinfo *, int, struct addrinfo *, int));
+#ifdef SADB_X_EXT_TAG
+static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *));
+#endif
static int setkeymsg_addr __P((unsigned int, unsigned int,
struct addrinfo *, struct addrinfo *, int));
static int setkeymsg_add __P((unsigned int, unsigned int,
@@ -106,6 +109,7 @@
%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
%token F_POLICY PL_REQUESTS
%token F_AIFLAGS
+%token TAGGED
%type <num> prefix protocol_spec upper_spec
%type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
@@ -502,6 +506,19 @@
if (status < 0)
return -1;
}
+ | SPDADD TAGGED QUOTEDSTRING policy_spec EOT
+ {
+#ifdef SADB_X_EXT_TAG
+ int status;
+
+ status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
+ $3.buf, &$4);
+ if (status < 0)
+ return -1;
+#else
+ return -1;
+#endif
+ }
;
spddelete_command
@@ -798,6 +815,48 @@
return 0;
}
+#ifdef SADB_X_EXT_TAG
+static int
+setkeymsg_spdaddr_tag(type, tag, policy)
+ unsigned int type;
+ char *tag;
+ vchar_t *policy;
+{
+ struct sadb_msg *msg;
+ char buf[BUFSIZ];
+ int l, l0;
+ struct sadb_x_tag m_tag;
+ int n;
+
+ msg = (struct sadb_msg *)buf;
+
+ /* fix up length afterwards */
+ setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
+ l = sizeof(struct sadb_msg);
+
+ memcpy(buf + l, policy->buf, policy->len);
+ l += policy->len;
+
+ l0 = l;
+ n = 0;
+
+ memset(&m_tag, 0, sizeof(m_tag));
+ m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
+ m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
+ if (strlcpy(m_tag.sadb_x_tag_name, tag,
+ sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
+ return -1;
+ memcpy(buf + l, &m_tag, sizeof(m_tag));
+ l += sizeof(m_tag);
+
+ msg->sadb_msg_len = PFKEY_UNIT64(l);
+
+ sendkeymsg(buf, l);
+
+ return 0;
+}
+#endif
+
/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
static int
setkeymsg_addr(type, satype, srcs, dsts, no_spi)
diff -r 0f6a6e8cf720 -r 35cc3828c4d7 sbin/setkey/setkey.8
--- a/sbin/setkey/setkey.8 Fri Sep 12 07:44:10 2003 +0000
+++ b/sbin/setkey/setkey.8 Fri Sep 12 07:45:21 2003 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: setkey.8,v 1.25 2003/09/08 07:09:13 wiz Exp $
+.\" $NetBSD: setkey.8,v 1.26 2003/09/12 07:45:21 itojun Exp $
.\" $KAME: setkey.8,v 1.90 2003/09/08 06:10:43 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -190,6 +190,15 @@
.Xc
Add an SPD entry.
.\"
+.\".It Xo
+.\".Li spdadd tagged
+.\".Ar tag Ar policy
+.\".Li ;
+.\".Xc
+.\"Add an SPD entry based on PF tag.
+.\".Ar tag
+.\"must be a string surrounded by doublequote.
+.\"
.It Xo
.Li spddelete
.Op Fl 46n
diff -r 0f6a6e8cf720 -r 35cc3828c4d7 sbin/setkey/setkey.c
--- a/sbin/setkey/setkey.c Fri Sep 12 07:44:10 2003 +0000
+++ b/sbin/setkey/setkey.c Fri Sep 12 07:45:21 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: setkey.c,v 1.10 2003/09/08 12:34:29 itojun Exp $ */
+/* $NetBSD: setkey.c,v 1.11 2003/09/12 07:45:21 itojun Exp $ */
/* $KAME: setkey.c,v 1.31 2003/09/08 12:31:58 itojun Exp $ */
/*
@@ -35,11 +35,13 @@
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/stat.h>
+#include <sys/sysctl.h>
#include <err.h>
#include <net/route.h>
#include <netinet/in.h>
#include <net/pfkeyv2.h>
#include <netkey/keydb.h>
+#include <netkey/key_var.h>
#include <netkey/key_debug.h>
#include <netinet6/ipsec.h>
@@ -65,6 +67,7 @@
int postproc __P((struct sadb_msg *, int));
int fileproc __P((const char *));
int dumpkernfs __P((const char *));
+int sysctldump __P((u_int, u_int8_t));
const char *numstr __P((int));
void shortdump_hdr __P((void));
void shortdump __P((struct sadb_msg *));
@@ -114,6 +117,7 @@
FILE *fp = stdin;
int c;
struct stat sb;
+ int error;
if (argc == 1) {
usage();
@@ -190,10 +194,25 @@
switch (f_mode) {
case MODE_CMDDUMP:
- if (kernfs)
+ if (kernfs) {
dumpkernfs(f_policy ? "/kern/ipsecsp" : "/kern/ipsecsa");
- else
- sendkeyshort(f_policy ? SADB_X_SPDDUMP: SADB_DUMP);
+ break;
+ }
+
+ error = sysctldump(f_policy ? SADB_X_SPDDUMP : SADB_DUMP,
+ SADB_SATYPE_UNSPEC);
+ if (error == 0)
+ break;
+ if (error < 0) {
+ if (errno == ENOENT) {
+ printf("No S%cD entries.\n",
+ f_policy ? 'P' : 'A');
+ break;
+ } else if (errno != 0)
+ err(1, "sysctl");
+ }
+
+ sendkeyshort(f_policy ? SADB_X_SPDDUMP : SADB_DUMP);
break;
case MODE_CMDFLUSH:
sendkeyshort(f_policy ? SADB_X_SPDFLUSH: SADB_FLUSH);
@@ -544,6 +563,49 @@
return (0);
}
+int
+sysctldump(type, satype)
+ u_int type;
+ u_int8_t satype;
+{
+ int mib[] = { CTL_NET, PF_KEY, KEYCTL_DUMPSA, 0 };
+ size_t len, l;
+ char *buf, *p, *ep;
+ struct sadb_msg *msg;
+
+ if (type == SADB_DUMP) {
+ mib[2] = KEYCTL_DUMPSA;
+ mib[3] = satype;
+ l = 4;
+ } else if (type == SADB_X_SPDDUMP) {
+ mib[2] = KEYCTL_DUMPSP;
+ l = 3;
+ } else
+ return (EINVAL);
+
+ if (sysctl(mib, l, NULL, &len, NULL, 0) < 0)
+ return (-1);
+ buf = malloc(len);
+ if (!buf)
+ return (ENOBUFS);
+ if (sysctl(mib, l, buf, &len, NULL, 0) < 0) {
+ free(buf);
+ return (-1);
+ }
+
+ p = buf;
+ ep = buf + len;
+ while (p < ep) {
+ msg = (struct sadb_msg *)p;
+ l = PFKEY_UNUNIT64(msg->sadb_msg_len);
+ postproc(msg, l);
+ p += l;
+ }
+
+ free(buf);
+ return (0);
+}
+
/*------------------------------------------------------------*/
static const char *satype[] = {
NULL, NULL, "ah", "esp"
diff -r 0f6a6e8cf720 -r 35cc3828c4d7 sbin/setkey/token.l
--- a/sbin/setkey/token.l Fri Sep 12 07:44:10 2003 +0000
+++ b/sbin/setkey/token.l Fri Sep 12 07:45:21 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.13 2003/09/07 22:20:05 itojun Exp $ */
+/* $NetBSD: token.l,v 1.14 2003/09/12 07:45:22 itojun Exp $ */
/* $KAME: token.l,v 1.43 2003/07/25 09:35:28 itojun Exp $ */
/*
@@ -106,6 +106,7 @@
spddelete { return(SPDDELETE); }
spddump { return(SPDDUMP); }
spdflush { return(SPDFLUSH); }
+tagged { return(TAGGED); }
{hyphen}P { BEGIN S_PL; return(F_POLICY); }
<S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-_/ \n\t]* {
yymore();
Home |
Main Index |
Thread Index |
Old Index