2
* RFC2367 PF_KEYv2 Key management API message parser
3
* Copyright (C) 2003 Michael Richardson <mcr@freeswan.org>
5
* This program is free software; you can redistribute it and/or modify it
6
* under the terms of the GNU General Public License as published by the
7
* Free Software Foundation; either version 2 of the License, or (at your
8
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10
* This program is distributed in the hope that it will be useful, but
11
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15
* RCSID $Id: pfkey_print.c,v 1.4 2003/11/28 00:30:53 mcr Exp $
18
char pfkey_v2_print_c_version[] = "$Id: pfkey_print.c,v 1.4 2003/11/28 00:30:53 mcr Exp $";
20
#include <sys/types.h>
27
pfkey_print(struct sadb_msg *msg, FILE *out)
32
fprintf(out, "version=%d type=%d errno=%d satype=%d len=%d seq=%d pid=%d ",
33
msg->sadb_msg_version,
41
len = IPSEC_PFKEYv2_LEN(msg->sadb_msg_len);
42
len -= sizeof(struct sadb_msg);
44
se = (struct sadb_ext *)(&msg[1]);
45
while(len > sizeof(struct sadb_ext)) {
46
fprintf(out, "{ext=%d len=%d ", se->sadb_ext_type, se->sadb_ext_len);
48
/* make sure that there is enough left */
49
if(IPSEC_PFKEYv2_LEN(se->sadb_ext_len) > len) {
50
fprintf(out, "short-packet(%d<%d) ", len,
51
(int)IPSEC_PFKEYv2_LEN(se->sadb_ext_len));
53
/* force it to match */
54
se->sadb_ext_len = IPSEC_PFKEYv2_WORDS(len);
58
/* okay, decode what we know */
59
switch(se->sadb_ext_type) {
62
struct sadb_sa *sa = (struct sadb_sa *)se;
63
fprintf(out, "spi=%08x replay=%d state=%d auth=%d encrypt=%d flags=%08x ref=%08x}",
74
case SADB_X_EXT_ADDRESS_SRC_FLOW:
75
case SADB_X_EXT_ADDRESS_DST_FLOW:
76
case SADB_X_EXT_ADDRESS_SRC_MASK:
77
case SADB_X_EXT_ADDRESS_DST_MASK:
78
case SADB_EXT_ADDRESS_DST:
79
case SADB_EXT_ADDRESS_SRC:
81
struct sadb_address *addr = (struct sadb_address *)se;
82
int alen = IPSEC_PFKEYv2_LEN(addr->sadb_address_len)-sizeof(struct sadb_address);
83
unsigned char *bytes = (unsigned char *)&addr[1];
85
fprintf(out, "proto=%d prefixlen=%d addr=0x",
86
addr->sadb_address_proto,
87
addr->sadb_address_prefixlen);
91
fprintf(out, "%02x", *bytes);
99
case SADB_X_EXT_PROTOCOL:
101
struct sadb_protocol *sp = (struct sadb_protocol *)se;
102
fprintf(out, "proto=%d direction=%d flags=%d } ",
103
sp->sadb_protocol_proto,
104
sp->sadb_protocol_direction,
105
sp->sadb_protocol_flags);
109
case SADB_EXT_LIFETIME_CURRENT:
110
case SADB_EXT_LIFETIME_HARD:
111
case SADB_EXT_LIFETIME_SOFT:
113
struct sadb_lifetime *life = (struct sadb_lifetime *)se;
115
fprintf(out, "allocations=%d bytes=%qd addtime=%qd usetime=%qd packets=%d",
116
life->sadb_lifetime_allocations,
117
life->sadb_lifetime_bytes,
118
life->sadb_lifetime_addtime,
119
life->sadb_lifetime_usetime,
120
life->sadb_x_lifetime_packets);
126
case SADB_EXT_RESERVED:
127
case SADB_EXT_ADDRESS_PROXY:
128
case SADB_EXT_KEY_AUTH:
129
case SADB_EXT_KEY_ENCRYPT:
130
case SADB_EXT_IDENTITY_SRC:
131
case SADB_EXT_IDENTITY_DST:
132
case SADB_EXT_SENSITIVITY:
133
case SADB_EXT_PROPOSAL:
134
case SADB_EXT_SUPPORTED_AUTH:
135
case SADB_EXT_SUPPORTED_ENCRYPT:
136
case SADB_EXT_SPIRANGE:
137
case SADB_X_EXT_KMPRIVATE:
138
case SADB_X_EXT_SATYPE2:
140
case SADB_X_EXT_ADDRESS_DST2:
141
case SADB_X_EXT_DEBUG:
145
unsigned char *bytes;
149
elen = IPSEC_PFKEYv2_LEN(se->sadb_ext_len)-sizeof(struct sadb_ext);
150
bytes = (unsigned char *)&se[1];
152
fprintf(out, "bytes=0x");
155
fprintf(out, "%02x", *bytes);
164
/* skip to next extension header */
166
unsigned int elen = IPSEC_PFKEYv2_LEN(se->sadb_ext_len);
168
if(elen < sizeof(struct sadb_ext)) {
169
fprintf(out, "illegal-length(%d) ",elen);
170
elen = sizeof(struct sadb_ext);
173
se = (struct sadb_ext *)(((unsigned char *)se)+elen);