]>
Commit | Line | Data |
---|---|---|
b26fc590 SD |
1 | /* |
2 | * ipmacsec.c "ip macsec". | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version | |
7 | * 2 of the License, or (at your option) any later version. | |
8 | * | |
9 | * Authors: Sabrina Dubroca <sd@queasysnail.net> | |
10 | */ | |
11 | ||
12 | #include <stdio.h> | |
13 | #include <stdlib.h> | |
14 | #include <string.h> | |
15 | #include <errno.h> | |
16 | #include <linux/genetlink.h> | |
17 | #include <linux/if_ether.h> | |
18 | #include <linux/if_macsec.h> | |
19 | ||
20 | #include "rt_names.h" | |
21 | #include "utils.h" | |
22 | #include "ip_common.h" | |
23 | #include "ll_map.h" | |
24 | #include "libgenl.h" | |
25 | ||
c2f260f4 | 26 | static const char * const values_on_off[] = { "off", "on" }; |
b26fc590 | 27 | |
c2f260f4 | 28 | static const char * const validate_str[] = { |
b26fc590 SD |
29 | [MACSEC_VALIDATE_DISABLED] = "disabled", |
30 | [MACSEC_VALIDATE_CHECK] = "check", | |
31 | [MACSEC_VALIDATE_STRICT] = "strict", | |
32 | }; | |
33 | ||
da6abdba AT |
34 | static const char * const offload_str[] = { |
35 | [MACSEC_OFFLOAD_OFF] = "off", | |
36 | [MACSEC_OFFLOAD_PHY] = "phy", | |
998534c9 | 37 | [MACSEC_OFFLOAD_MAC] = "mac", |
da6abdba AT |
38 | }; |
39 | ||
b26fc590 SD |
40 | struct sci { |
41 | __u64 sci; | |
42 | __u16 port; | |
43 | char abuf[6]; | |
44 | }; | |
45 | ||
46 | struct sa_desc { | |
47 | __u8 an; | |
48 | __u32 pn; | |
49 | __u8 key_id[MACSEC_KEYID_LEN]; | |
50 | __u32 key_len; | |
51 | __u8 key[MACSEC_MAX_KEY_LEN]; | |
52 | __u8 active; | |
53 | }; | |
54 | ||
55 | struct cipher_args { | |
56 | __u64 id; | |
57 | __u8 icv_len; | |
58 | }; | |
59 | ||
60 | struct txsc_desc { | |
61 | int ifindex; | |
62 | __u64 sci; | |
63 | __be16 port; | |
64 | struct cipher_args cipher; | |
65 | __u32 window; | |
66 | enum macsec_validation_type validate; | |
67 | __u8 encoding_sa; | |
68 | }; | |
69 | ||
70 | struct rxsc_desc { | |
71 | int ifindex; | |
72 | __u64 sci; | |
73 | __u8 active; | |
74 | }; | |
75 | ||
76 | #define MACSEC_BUFLEN 1024 | |
77 | ||
78 | ||
79 | /* netlink socket */ | |
80 | static struct rtnl_handle genl_rth; | |
81 | static int genl_family = -1; | |
82 | ||
83 | #define MACSEC_GENL_REQ(_req, _bufsiz, _cmd, _flags) \ | |
84 | GENL_REQUEST(_req, _bufsiz, genl_family, 0, MACSEC_GENL_VERSION, \ | |
85 | _cmd, _flags) | |
86 | ||
87 | ||
b26fc590 SD |
88 | static void ipmacsec_usage(void) |
89 | { | |
c2f260f4 SH |
90 | fprintf(stderr, |
91 | "Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEY\n" | |
92 | " ip macsec set DEV tx sa { 0..3 } [ OPTS ]\n" | |
93 | " ip macsec del DEV tx sa { 0..3 }\n" | |
94 | " ip macsec add DEV rx SCI [ on | off ]\n" | |
95 | " ip macsec set DEV rx SCI [ on | off ]\n" | |
96 | " ip macsec del DEV rx SCI\n" | |
97 | " ip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEY\n" | |
98 | " ip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]\n" | |
99 | " ip macsec del DEV rx SCI sa { 0..3 }\n" | |
100 | " ip macsec show\n" | |
101 | " ip macsec show DEV\n" | |
998534c9 | 102 | " ip macsec offload DEV [ off | phy | mac ]\n" |
c2f260f4 SH |
103 | "where OPTS := [ pn <u32> ] [ on | off ]\n" |
104 | " ID := 128-bit hex string\n" | |
b16f5253 | 105 | " KEY := 128-bit or 256-bit hex string\n" |
c2f260f4 | 106 | " SCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }\n"); |
b26fc590 SD |
107 | |
108 | exit(-1); | |
109 | } | |
110 | ||
c2f260f4 | 111 | static int one_of(const char *msg, const char *realval, const char * const *list, |
b26fc590 SD |
112 | size_t len, int *index) |
113 | { | |
114 | int i; | |
115 | ||
116 | for (i = 0; i < len; i++) { | |
117 | if (matches(realval, list[i]) == 0) { | |
118 | *index = i; | |
119 | return 0; | |
120 | } | |
121 | } | |
122 | ||
123 | fprintf(stderr, "Error: argument of \"%s\" must be one of ", msg); | |
124 | for (i = 0; i < len; i++) | |
125 | fprintf(stderr, "\"%s\", ", list[i]); | |
126 | fprintf(stderr, "not \"%s\"\n", realval); | |
127 | return -1; | |
128 | } | |
129 | ||
130 | static int get_an(__u8 *val, const char *arg) | |
131 | { | |
132 | int ret = get_u8(val, arg, 0); | |
133 | ||
134 | if (ret) | |
135 | return ret; | |
136 | ||
137 | if (*val > 3) | |
138 | return -1; | |
139 | ||
140 | return 0; | |
141 | } | |
142 | ||
143 | static int get_sci(__u64 *sci, const char *arg) | |
144 | { | |
0330f49e | 145 | return get_be64(sci, arg, 16); |
b26fc590 SD |
146 | } |
147 | ||
148 | static int get_port(__be16 *port, const char *arg) | |
149 | { | |
5898bd66 | 150 | return get_be16(port, arg, 0); |
b26fc590 SD |
151 | } |
152 | ||
153 | #define _STR(a) #a | |
154 | #define STR(a) _STR(a) | |
155 | ||
156 | static void get_icvlen(__u8 *icvlen, char *arg) | |
157 | { | |
158 | int ret = get_u8(icvlen, arg, 10); | |
159 | ||
160 | if (ret) | |
161 | invarg("expected ICV length", arg); | |
162 | ||
f20f5f79 | 163 | if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN) |
b26fc590 | 164 | invarg("ICV length must be in the range {" |
f20f5f79 | 165 | STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN) |
b26fc590 SD |
166 | "}", arg); |
167 | } | |
168 | ||
169 | static bool get_sa(int *argcp, char ***argvp, __u8 *an) | |
170 | { | |
171 | int argc = *argcp; | |
172 | char **argv = *argvp; | |
173 | int ret; | |
174 | ||
175 | if (argc <= 0 || strcmp(*argv, "sa") != 0) | |
176 | return false; | |
177 | ||
178 | NEXT_ARG(); | |
179 | ret = get_an(an, *argv); | |
180 | if (ret) | |
181 | invarg("expected an { 0..3 }", *argv); | |
182 | argc--; argv++; | |
183 | ||
184 | *argvp = argv; | |
185 | *argcp = argc; | |
186 | return true; | |
187 | } | |
188 | ||
189 | static int parse_sa_args(int *argcp, char ***argvp, struct sa_desc *sa) | |
190 | { | |
191 | int argc = *argcp; | |
192 | char **argv = *argvp; | |
193 | int ret; | |
194 | bool active_set = false; | |
195 | ||
196 | while (argc > 0) { | |
197 | if (strcmp(*argv, "pn") == 0) { | |
198 | if (sa->pn != 0) | |
199 | duparg2("pn", "pn"); | |
200 | NEXT_ARG(); | |
201 | ret = get_u32(&sa->pn, *argv, 0); | |
202 | if (ret) | |
203 | invarg("expected pn", *argv); | |
204 | if (sa->pn == 0) | |
205 | invarg("expected pn != 0", *argv); | |
206 | } else if (strcmp(*argv, "key") == 0) { | |
207 | unsigned int len; | |
208 | ||
209 | NEXT_ARG(); | |
210 | if (!hexstring_a2n(*argv, sa->key_id, MACSEC_KEYID_LEN, | |
211 | &len)) | |
212 | invarg("expected key id", *argv); | |
213 | NEXT_ARG(); | |
214 | if (!hexstring_a2n(*argv, sa->key, MACSEC_MAX_KEY_LEN, | |
215 | &sa->key_len)) | |
216 | invarg("expected key", *argv); | |
217 | } else if (strcmp(*argv, "on") == 0) { | |
218 | if (active_set) | |
219 | duparg2("on/off", "on"); | |
220 | sa->active = true; | |
221 | active_set = true; | |
222 | } else if (strcmp(*argv, "off") == 0) { | |
223 | if (active_set) | |
224 | duparg2("on/off", "off"); | |
225 | sa->active = false; | |
226 | active_set = true; | |
227 | } else { | |
228 | fprintf(stderr, "macsec: unknown command \"%s\"?\n", | |
229 | *argv); | |
230 | ipmacsec_usage(); | |
231 | } | |
232 | ||
233 | argv++; argc--; | |
234 | } | |
235 | ||
236 | *argvp = argv; | |
237 | *argcp = argc; | |
238 | return 0; | |
239 | } | |
240 | ||
241 | static __u64 make_sci(char *addr, __be16 port) | |
242 | { | |
243 | __u64 sci; | |
244 | ||
245 | memcpy(&sci, addr, ETH_ALEN); | |
246 | memcpy(((char *)&sci) + ETH_ALEN, &port, sizeof(port)); | |
247 | ||
248 | return sci; | |
249 | } | |
250 | ||
251 | static bool sci_complete(bool sci, bool port, bool addr, bool port_only) | |
252 | { | |
253 | return sci || (port && (addr || port_only)); | |
254 | } | |
255 | ||
256 | static int get_sci_portaddr(struct sci *sci, int *argcp, char ***argvp, | |
257 | bool port_only, bool optional) | |
258 | { | |
259 | int argc = *argcp; | |
260 | char **argv = *argvp; | |
261 | int ret; | |
262 | bool p = false, a = false, s = false; | |
263 | ||
264 | while (argc > 0) { | |
265 | if (strcmp(*argv, "sci") == 0) { | |
266 | if (p) | |
267 | invarg("expected address", *argv); | |
268 | if (a) | |
269 | invarg("expected port", *argv); | |
270 | NEXT_ARG(); | |
271 | ret = get_sci(&sci->sci, *argv); | |
272 | if (ret) | |
273 | invarg("expected sci", *argv); | |
274 | s = true; | |
275 | } else if (strcmp(*argv, "port") == 0) { | |
276 | NEXT_ARG(); | |
277 | ret = get_port(&sci->port, *argv); | |
278 | if (ret) | |
279 | invarg("expected port", *argv); | |
280 | if (sci->port == 0) | |
281 | invarg("expected port != 0", *argv); | |
282 | p = true; | |
283 | } else if (strcmp(*argv, "address") == 0) { | |
284 | NEXT_ARG(); | |
285 | ret = ll_addr_a2n(sci->abuf, sizeof(sci->abuf), *argv); | |
286 | if (ret < 0) | |
287 | invarg("expected lladdr", *argv); | |
288 | a = true; | |
289 | } else if (optional) { | |
290 | break; | |
291 | } else { | |
292 | invarg("expected sci, port, or address", *argv); | |
293 | } | |
294 | ||
295 | argv++; argc--; | |
296 | ||
297 | if (sci_complete(s, p, a, port_only)) | |
298 | break; | |
299 | } | |
300 | ||
301 | if (!optional && !sci_complete(s, p, a, port_only)) | |
302 | return -1; | |
303 | ||
304 | if (p && a) | |
305 | sci->sci = make_sci(sci->abuf, sci->port); | |
306 | ||
307 | *argvp = argv; | |
308 | *argcp = argc; | |
309 | ||
310 | return p || a || s; | |
311 | } | |
312 | ||
313 | static bool parse_rxsci(int *argcp, char ***argvp, struct rxsc_desc *rxsc, | |
314 | struct sa_desc *rxsa) | |
315 | { | |
316 | struct sci sci = { 0 }; | |
317 | ||
318 | if (*argcp == 0 || | |
319 | get_sci_portaddr(&sci, argcp, argvp, false, false) < 0) { | |
320 | fprintf(stderr, "expected sci\n"); | |
321 | ipmacsec_usage(); | |
322 | } | |
323 | ||
324 | rxsc->sci = sci.sci; | |
325 | ||
326 | return get_sa(argcp, argvp, &rxsa->an); | |
327 | } | |
328 | ||
329 | static int parse_rxsci_args(int *argcp, char ***argvp, struct rxsc_desc *rxsc) | |
330 | { | |
331 | int argc = *argcp; | |
332 | char **argv = *argvp; | |
333 | bool active_set = false; | |
334 | ||
335 | while (argc > 0) { | |
336 | if (strcmp(*argv, "on") == 0) { | |
337 | if (active_set) | |
338 | duparg2("on/off", "on"); | |
339 | rxsc->active = true; | |
340 | active_set = true; | |
341 | } else if (strcmp(*argv, "off") == 0) { | |
342 | if (active_set) | |
343 | duparg2("on/off", "off"); | |
344 | rxsc->active = false; | |
345 | active_set = true; | |
346 | } else { | |
347 | fprintf(stderr, "macsec: unknown command \"%s\"?\n", | |
348 | *argv); | |
349 | ipmacsec_usage(); | |
350 | } | |
351 | ||
352 | argv++; argc--; | |
353 | } | |
354 | ||
355 | *argvp = argv; | |
356 | *argcp = argc; | |
357 | return 0; | |
358 | } | |
359 | ||
360 | enum cmd { | |
361 | CMD_ADD, | |
362 | CMD_DEL, | |
363 | CMD_UPD, | |
791bc7ee | 364 | CMD_OFFLOAD, |
b26fc590 SD |
365 | __CMD_MAX |
366 | }; | |
367 | ||
368 | static const enum macsec_nl_commands macsec_commands[__CMD_MAX][2][2] = { | |
369 | [CMD_ADD] = { | |
370 | [0] = {-1, MACSEC_CMD_ADD_RXSC}, | |
371 | [1] = {MACSEC_CMD_ADD_TXSA, MACSEC_CMD_ADD_RXSA}, | |
372 | }, | |
373 | [CMD_UPD] = { | |
374 | [0] = {-1, MACSEC_CMD_UPD_RXSC}, | |
375 | [1] = {MACSEC_CMD_UPD_TXSA, MACSEC_CMD_UPD_RXSA}, | |
376 | }, | |
377 | [CMD_DEL] = { | |
378 | [0] = {-1, MACSEC_CMD_DEL_RXSC}, | |
379 | [1] = {MACSEC_CMD_DEL_TXSA, MACSEC_CMD_DEL_RXSA}, | |
380 | }, | |
791bc7ee AT |
381 | [CMD_OFFLOAD] = { |
382 | [0] = {-1, MACSEC_CMD_UPD_OFFLOAD }, | |
383 | }, | |
b26fc590 SD |
384 | }; |
385 | ||
386 | static int do_modify_nl(enum cmd c, enum macsec_nl_commands cmd, int ifindex, | |
387 | struct rxsc_desc *rxsc, struct sa_desc *sa) | |
388 | { | |
389 | struct rtattr *attr_sa; | |
390 | ||
391 | MACSEC_GENL_REQ(req, MACSEC_BUFLEN, cmd, NLM_F_REQUEST); | |
392 | ||
393 | addattr32(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_IFINDEX, ifindex); | |
394 | if (rxsc) { | |
395 | struct rtattr *attr_rxsc; | |
396 | ||
397 | attr_rxsc = addattr_nest(&req.n, MACSEC_BUFLEN, | |
398 | MACSEC_ATTR_RXSC_CONFIG); | |
399 | addattr64(&req.n, MACSEC_BUFLEN, | |
400 | MACSEC_RXSC_ATTR_SCI, rxsc->sci); | |
401 | if (c != CMD_DEL && rxsc->active != 0xff) | |
402 | addattr8(&req.n, MACSEC_BUFLEN, | |
403 | MACSEC_RXSC_ATTR_ACTIVE, rxsc->active); | |
404 | ||
405 | addattr_nest_end(&req.n, attr_rxsc); | |
406 | } | |
407 | ||
408 | if (sa->an == 0xff) | |
409 | goto talk; | |
410 | ||
411 | attr_sa = addattr_nest(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_SA_CONFIG); | |
412 | ||
413 | addattr8(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_AN, sa->an); | |
414 | ||
415 | if (c != CMD_DEL) { | |
416 | if (sa->pn) | |
417 | addattr32(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_PN, | |
418 | sa->pn); | |
419 | ||
420 | if (sa->key_len) { | |
421 | addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_KEYID, | |
422 | sa->key_id, MACSEC_KEYID_LEN); | |
423 | addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_KEY, | |
424 | sa->key, sa->key_len); | |
425 | } | |
426 | ||
427 | if (sa->active != 0xff) { | |
428 | addattr8(&req.n, MACSEC_BUFLEN, | |
429 | MACSEC_SA_ATTR_ACTIVE, sa->active); | |
430 | } | |
431 | } | |
432 | ||
433 | addattr_nest_end(&req.n, attr_sa); | |
434 | ||
435 | talk: | |
86bf43c7 | 436 | if (rtnl_talk(&genl_rth, &req.n, NULL) < 0) |
b26fc590 SD |
437 | return -2; |
438 | ||
439 | return 0; | |
440 | } | |
441 | ||
442 | static bool check_sa_args(enum cmd c, struct sa_desc *sa) | |
443 | { | |
444 | if (c == CMD_ADD) { | |
445 | if (!sa->key_len) { | |
446 | fprintf(stderr, "cannot create SA without key\n"); | |
447 | return -1; | |
448 | } | |
449 | ||
450 | if (sa->pn == 0) { | |
451 | fprintf(stderr, "must specify a packet number != 0\n"); | |
452 | return -1; | |
453 | } | |
454 | } else if (c == CMD_UPD) { | |
455 | if (sa->key_len) { | |
456 | fprintf(stderr, "cannot change key on SA\n"); | |
457 | return -1; | |
458 | } | |
459 | } | |
460 | ||
461 | return 0; | |
462 | } | |
463 | ||
464 | static int do_modify_txsa(enum cmd c, int argc, char **argv, int ifindex) | |
465 | { | |
466 | struct sa_desc txsa = {0}; | |
467 | enum macsec_nl_commands cmd; | |
468 | ||
469 | txsa.an = 0xff; | |
470 | txsa.active = 0xff; | |
471 | ||
472 | if (argc == 0 || !get_sa(&argc, &argv, &txsa.an)) | |
473 | ipmacsec_usage(); | |
474 | ||
475 | if (c == CMD_DEL) | |
476 | goto modify; | |
477 | ||
478 | if (parse_sa_args(&argc, &argv, &txsa)) | |
479 | return -1; | |
480 | ||
481 | if (check_sa_args(c, &txsa)) | |
482 | return -1; | |
483 | ||
484 | modify: | |
485 | cmd = macsec_commands[c][1][0]; | |
486 | return do_modify_nl(c, cmd, ifindex, NULL, &txsa); | |
487 | } | |
488 | ||
489 | static int do_modify_rxsci(enum cmd c, int argc, char **argv, int ifindex) | |
490 | { | |
491 | struct rxsc_desc rxsc = {0}; | |
492 | struct sa_desc rxsa = {0}; | |
493 | bool sa_set; | |
494 | enum macsec_nl_commands cmd; | |
495 | ||
496 | rxsc.ifindex = ifindex; | |
497 | rxsc.active = 0xff; | |
498 | rxsa.an = 0xff; | |
499 | rxsa.active = 0xff; | |
500 | ||
501 | sa_set = parse_rxsci(&argc, &argv, &rxsc, &rxsa); | |
502 | ||
503 | if (c == CMD_DEL) | |
504 | goto modify; | |
505 | ||
506 | if (sa_set && (parse_sa_args(&argc, &argv, &rxsa) || | |
507 | check_sa_args(c, &rxsa))) | |
508 | return -1; | |
509 | if (!sa_set && parse_rxsci_args(&argc, &argv, &rxsc)) | |
510 | return -1; | |
511 | ||
512 | modify: | |
513 | cmd = macsec_commands[c][sa_set][1]; | |
514 | return do_modify_nl(c, cmd, rxsc.ifindex, &rxsc, &rxsa); | |
515 | } | |
516 | ||
517 | static int do_modify(enum cmd c, int argc, char **argv) | |
518 | { | |
519 | int ifindex; | |
520 | ||
521 | if (argc == 0) | |
522 | ipmacsec_usage(); | |
523 | ||
524 | ifindex = ll_name_to_index(*argv); | |
525 | if (!ifindex) { | |
526 | fprintf(stderr, "Device \"%s\" does not exist.\n", *argv); | |
527 | return -1; | |
528 | } | |
529 | argc--; argv++; | |
530 | ||
531 | if (argc == 0) | |
532 | ipmacsec_usage(); | |
533 | ||
534 | if (strcmp(*argv, "tx") == 0) | |
535 | return do_modify_txsa(c, argc-1, argv+1, ifindex); | |
536 | if (strcmp(*argv, "rx") == 0) | |
537 | return do_modify_rxsci(c, argc-1, argv+1, ifindex); | |
538 | ||
539 | ipmacsec_usage(); | |
540 | return -1; | |
541 | } | |
542 | ||
791bc7ee AT |
543 | static int do_offload(enum cmd c, int argc, char **argv) |
544 | { | |
545 | enum macsec_offload offload; | |
546 | struct rtattr *attr; | |
547 | int ifindex, ret; | |
548 | ||
549 | if (argc == 0) | |
550 | ipmacsec_usage(); | |
551 | ||
552 | ifindex = ll_name_to_index(*argv); | |
553 | if (!ifindex) { | |
554 | fprintf(stderr, "Device \"%s\" does not exist.\n", *argv); | |
555 | return -1; | |
556 | } | |
557 | argc--; argv++; | |
558 | ||
559 | if (argc == 0) | |
560 | ipmacsec_usage(); | |
561 | ||
562 | ret = one_of("offload", *argv, offload_str, ARRAY_SIZE(offload_str), | |
563 | (int *)&offload); | |
564 | if (ret) | |
565 | ipmacsec_usage(); | |
566 | ||
567 | MACSEC_GENL_REQ(req, MACSEC_BUFLEN, macsec_commands[c][0][1], NLM_F_REQUEST); | |
568 | ||
569 | addattr32(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_IFINDEX, ifindex); | |
570 | ||
571 | attr = addattr_nest(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_OFFLOAD); | |
572 | addattr8(&req.n, MACSEC_BUFLEN, MACSEC_OFFLOAD_ATTR_TYPE, offload); | |
573 | addattr_nest_end(&req.n, attr); | |
574 | ||
575 | if (rtnl_talk(&genl_rth, &req.n, NULL) < 0) | |
576 | return -2; | |
577 | ||
578 | return 0; | |
579 | } | |
580 | ||
b26fc590 SD |
581 | /* dump/show */ |
582 | static struct { | |
583 | int ifindex; | |
584 | __u64 sci; | |
585 | } filter; | |
586 | ||
587 | static int validate_dump(struct rtattr **attrs) | |
588 | { | |
589 | return attrs[MACSEC_ATTR_IFINDEX] && attrs[MACSEC_ATTR_SECY] && | |
590 | attrs[MACSEC_ATTR_TXSA_LIST] && attrs[MACSEC_ATTR_RXSC_LIST] && | |
591 | attrs[MACSEC_ATTR_TXSC_STATS] && attrs[MACSEC_ATTR_SECY_STATS]; | |
592 | ||
593 | } | |
594 | ||
595 | static int validate_secy_dump(struct rtattr **attrs) | |
596 | { | |
597 | return attrs[MACSEC_SECY_ATTR_SCI] && | |
598 | attrs[MACSEC_SECY_ATTR_ENCODING_SA] && | |
599 | attrs[MACSEC_SECY_ATTR_CIPHER_SUITE] && | |
600 | attrs[MACSEC_SECY_ATTR_ICV_LEN] && | |
601 | attrs[MACSEC_SECY_ATTR_PROTECT] && | |
602 | attrs[MACSEC_SECY_ATTR_REPLAY] && | |
603 | attrs[MACSEC_SECY_ATTR_OPER] && | |
604 | attrs[MACSEC_SECY_ATTR_VALIDATE] && | |
605 | attrs[MACSEC_SECY_ATTR_ENCRYPT] && | |
606 | attrs[MACSEC_SECY_ATTR_INC_SCI] && | |
607 | attrs[MACSEC_SECY_ATTR_ES] && | |
608 | attrs[MACSEC_SECY_ATTR_SCB]; | |
609 | } | |
610 | ||
c0b904de | 611 | static void print_flag(struct rtattr *attrs[], const char *desc, |
b26fc590 SD |
612 | int field) |
613 | { | |
c0b904de | 614 | __u8 flag; |
c3398346 | 615 | |
c0b904de SH |
616 | if (!attrs[field]) |
617 | return; | |
618 | ||
619 | flag = rta_getattr_u8(attrs[field]); | |
620 | if (is_json_context()) | |
621 | print_bool(PRINT_JSON, desc, NULL, flag); | |
622 | else { | |
623 | print_string(PRINT_FP, NULL, "%s ", desc); | |
624 | print_string(PRINT_FP, NULL, "%s ", | |
625 | flag ? "on" : "off"); | |
c3398346 | 626 | } |
b26fc590 SD |
627 | } |
628 | ||
c0b904de SH |
629 | static void print_key(struct rtattr *key) |
630 | { | |
631 | SPRINT_BUF(keyid); | |
632 | ||
633 | print_string(PRINT_ANY, "key", " key %s\n", | |
634 | hexstring_n2a(RTA_DATA(key), RTA_PAYLOAD(key), | |
635 | keyid, sizeof(keyid))); | |
636 | } | |
637 | ||
b16f5253 PM |
638 | #define CIPHER_NAME_GCM_AES_128 "GCM-AES-128" |
639 | #define CIPHER_NAME_GCM_AES_256 "GCM-AES-256" | |
640 | #define DEFAULT_CIPHER_NAME CIPHER_NAME_GCM_AES_128 | |
b26fc590 SD |
641 | |
642 | static const char *cs_id_to_name(__u64 cid) | |
643 | { | |
644 | switch (cid) { | |
645 | case MACSEC_DEFAULT_CIPHER_ID: | |
b26fc590 | 646 | return DEFAULT_CIPHER_NAME; |
b16f5253 PM |
647 | case MACSEC_CIPHER_ID_GCM_AES_128: |
648 | /* MACSEC_DEFAULT_CIPHER_ALT: */ | |
649 | return CIPHER_NAME_GCM_AES_128; | |
650 | case MACSEC_CIPHER_ID_GCM_AES_256: | |
651 | return CIPHER_NAME_GCM_AES_256; | |
b26fc590 SD |
652 | default: |
653 | return "(unknown)"; | |
654 | } | |
655 | } | |
656 | ||
c15674d8 AT |
657 | static const char *validate_to_str(__u8 validate) |
658 | { | |
659 | if (validate >= ARRAY_SIZE(validate_str)) | |
660 | return "(unknown)"; | |
661 | ||
662 | return validate_str[validate]; | |
663 | } | |
664 | ||
da6abdba AT |
665 | static const char *offload_to_str(__u8 offload) |
666 | { | |
667 | if (offload >= ARRAY_SIZE(offload_str)) | |
668 | return "(unknown)"; | |
669 | ||
670 | return offload_str[offload]; | |
671 | } | |
672 | ||
c0b904de | 673 | static void print_attrs(struct rtattr *attrs[]) |
b26fc590 | 674 | { |
c0b904de | 675 | print_flag(attrs, "protect", MACSEC_SECY_ATTR_PROTECT); |
b26fc590 SD |
676 | |
677 | if (attrs[MACSEC_SECY_ATTR_VALIDATE]) { | |
678 | __u8 val = rta_getattr_u8(attrs[MACSEC_SECY_ATTR_VALIDATE]); | |
679 | ||
c0b904de | 680 | print_string(PRINT_ANY, "validate", |
c15674d8 | 681 | "validate %s ", validate_to_str(val)); |
b26fc590 SD |
682 | } |
683 | ||
c0b904de SH |
684 | print_flag(attrs, "sc", MACSEC_RXSC_ATTR_ACTIVE); |
685 | print_flag(attrs, "sa", MACSEC_SA_ATTR_ACTIVE); | |
686 | print_flag(attrs, "encrypt", MACSEC_SECY_ATTR_ENCRYPT); | |
687 | print_flag(attrs, "send_sci", MACSEC_SECY_ATTR_INC_SCI); | |
688 | print_flag(attrs, "end_station", MACSEC_SECY_ATTR_ES); | |
689 | print_flag(attrs, "scb", MACSEC_SECY_ATTR_SCB); | |
690 | print_flag(attrs, "replay", MACSEC_SECY_ATTR_REPLAY); | |
b26fc590 | 691 | |
b26fc590 | 692 | if (attrs[MACSEC_SECY_ATTR_WINDOW]) { |
c0b904de SH |
693 | __u32 win = rta_getattr_u32(attrs[MACSEC_SECY_ATTR_WINDOW]); |
694 | ||
695 | print_uint(PRINT_ANY, "window", "window %u ", win); | |
b26fc590 SD |
696 | } |
697 | ||
c0b904de SH |
698 | if (attrs[MACSEC_SECY_ATTR_CIPHER_SUITE]) { |
699 | __u64 cid = rta_getattr_u64(attrs[MACSEC_SECY_ATTR_CIPHER_SUITE]); | |
700 | ||
b85076cd | 701 | print_nl(); |
c0b904de SH |
702 | print_string(PRINT_ANY, "cipher_suite", |
703 | " cipher suite: %s,", cs_id_to_name(cid)); | |
b26fc590 SD |
704 | } |
705 | ||
c0b904de SH |
706 | if (attrs[MACSEC_SECY_ATTR_ICV_LEN]) { |
707 | __u8 icv_len = rta_getattr_u8(attrs[MACSEC_SECY_ATTR_ICV_LEN]); | |
708 | ||
709 | print_uint(PRINT_ANY, "icv_length", | |
710 | " using ICV length %u\n", icv_len); | |
711 | } | |
b26fc590 SD |
712 | } |
713 | ||
79940533 | 714 | static __u64 getattr_u64(const struct rtattr *stat) |
d3418638 | 715 | { |
79940533 SH |
716 | size_t len = RTA_PAYLOAD(stat); |
717 | ||
718 | switch (len) { | |
d3418638 SH |
719 | case sizeof(__u64): |
720 | return rta_getattr_u64(stat); | |
721 | case sizeof(__u32): | |
722 | return rta_getattr_u32(stat); | |
723 | case sizeof(__u16): | |
724 | return rta_getattr_u16(stat); | |
725 | case sizeof(__u8): | |
726 | return rta_getattr_u8(stat); | |
727 | default: | |
79940533 SH |
728 | fprintf(stderr, "invalid attribute length %zu\n", |
729 | len); | |
d3418638 SH |
730 | exit(-1); |
731 | } | |
732 | } | |
733 | ||
c0b904de SH |
734 | static void print_fp_stats(const char *prefix, |
735 | const char *names[], unsigned int num, | |
736 | struct rtattr *stats[]) | |
b26fc590 | 737 | { |
d3418638 SH |
738 | unsigned int i; |
739 | int pad; | |
b26fc590 | 740 | |
d3418638 SH |
741 | printf("%sstats:", prefix); |
742 | ||
743 | for (i = 1; i < num; i++) { | |
744 | if (!names[i]) | |
745 | continue; | |
746 | printf(" %s", names[i]); | |
747 | } | |
748 | ||
749 | printf("\n%s ", prefix); | |
750 | ||
751 | for (i = 1; i < num; i++) { | |
752 | if (!names[i]) | |
753 | continue; | |
754 | ||
755 | pad = strlen(names[i]) + 1; | |
756 | if (stats[i]) | |
4db2ff0d | 757 | printf("%*llu", pad, getattr_u64(stats[i])); |
b26fc590 | 758 | else |
d3418638 | 759 | printf("%*c", pad, '-'); |
b26fc590 | 760 | } |
d3418638 | 761 | printf("\n"); |
b26fc590 SD |
762 | } |
763 | ||
c0b904de SH |
764 | static void print_json_stats(const char *names[], unsigned int num, |
765 | struct rtattr *stats[]) | |
766 | { | |
767 | unsigned int i; | |
768 | ||
769 | for (i = 1; i < num; i++) { | |
770 | if (!names[i] || !stats[i]) | |
771 | continue; | |
772 | ||
4db2ff0d THJ |
773 | print_u64(PRINT_JSON, names[i], |
774 | NULL, getattr_u64(stats[i])); | |
c0b904de SH |
775 | } |
776 | } | |
777 | ||
778 | static void print_stats(const char *prefix, | |
779 | const char *names[], unsigned int num, | |
780 | struct rtattr *stats[]) | |
781 | { | |
782 | ||
783 | if (is_json_context()) | |
784 | print_json_stats(names, num, stats); | |
785 | else | |
786 | print_fp_stats(prefix, names, num, stats); | |
787 | } | |
788 | ||
b26fc590 | 789 | static const char *txsc_stats_names[NUM_MACSEC_TXSC_STATS_ATTR] = { |
3a4df039 DH |
790 | [MACSEC_TXSC_STATS_ATTR_OUT_PKTS_PROTECTED] = "OutPktsProtected", |
791 | [MACSEC_TXSC_STATS_ATTR_OUT_PKTS_ENCRYPTED] = "OutPktsEncrypted", | |
792 | [MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_PROTECTED] = "OutOctetsProtected", | |
793 | [MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_ENCRYPTED] = "OutOctetsEncrypted", | |
b26fc590 SD |
794 | }; |
795 | ||
796 | static void print_txsc_stats(const char *prefix, struct rtattr *attr) | |
797 | { | |
798 | struct rtattr *stats[MACSEC_TXSC_STATS_ATTR_MAX + 1]; | |
b26fc590 SD |
799 | |
800 | if (!attr || show_stats == 0) | |
801 | return; | |
802 | ||
9b45f8ec | 803 | parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX, attr); |
b26fc590 | 804 | |
d3418638 SH |
805 | print_stats(prefix, txsc_stats_names, NUM_MACSEC_TXSC_STATS_ATTR, |
806 | stats); | |
b26fc590 SD |
807 | } |
808 | ||
809 | static const char *secy_stats_names[NUM_MACSEC_SECY_STATS_ATTR] = { | |
810 | [MACSEC_SECY_STATS_ATTR_OUT_PKTS_UNTAGGED] = "OutPktsUntagged", | |
811 | [MACSEC_SECY_STATS_ATTR_IN_PKTS_UNTAGGED] = "InPktsUntagged", | |
812 | [MACSEC_SECY_STATS_ATTR_OUT_PKTS_TOO_LONG] = "OutPktsTooLong", | |
813 | [MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_TAG] = "InPktsNoTag", | |
814 | [MACSEC_SECY_STATS_ATTR_IN_PKTS_BAD_TAG] = "InPktsBadTag", | |
815 | [MACSEC_SECY_STATS_ATTR_IN_PKTS_UNKNOWN_SCI] = "InPktsUnknownSCI", | |
816 | [MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_SCI] = "InPktsNoSCI", | |
817 | [MACSEC_SECY_STATS_ATTR_IN_PKTS_OVERRUN] = "InPktsOverrun", | |
818 | }; | |
819 | ||
820 | static void print_secy_stats(const char *prefix, struct rtattr *attr) | |
821 | { | |
822 | struct rtattr *stats[MACSEC_SECY_STATS_ATTR_MAX + 1]; | |
b26fc590 SD |
823 | |
824 | if (!attr || show_stats == 0) | |
825 | return; | |
826 | ||
9b45f8ec | 827 | parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX, attr); |
b26fc590 | 828 | |
d3418638 SH |
829 | print_stats(prefix, secy_stats_names, |
830 | NUM_MACSEC_SECY_STATS_ATTR, stats); | |
b26fc590 SD |
831 | } |
832 | ||
833 | static const char *rxsa_stats_names[NUM_MACSEC_SA_STATS_ATTR] = { | |
834 | [MACSEC_SA_STATS_ATTR_IN_PKTS_OK] = "InPktsOK", | |
835 | [MACSEC_SA_STATS_ATTR_IN_PKTS_INVALID] = "InPktsInvalid", | |
836 | [MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_VALID] = "InPktsNotValid", | |
837 | [MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_USING_SA] = "InPktsNotUsingSA", | |
838 | [MACSEC_SA_STATS_ATTR_IN_PKTS_UNUSED_SA] = "InPktsUnusedSA", | |
839 | }; | |
840 | ||
841 | static void print_rxsa_stats(const char *prefix, struct rtattr *attr) | |
842 | { | |
843 | struct rtattr *stats[MACSEC_SA_STATS_ATTR_MAX + 1]; | |
b26fc590 SD |
844 | |
845 | if (!attr || show_stats == 0) | |
846 | return; | |
847 | ||
9b45f8ec | 848 | parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX, attr); |
b26fc590 | 849 | |
d3418638 | 850 | print_stats(prefix, rxsa_stats_names, NUM_MACSEC_SA_STATS_ATTR, stats); |
b26fc590 SD |
851 | } |
852 | ||
853 | static const char *txsa_stats_names[NUM_MACSEC_SA_STATS_ATTR] = { | |
854 | [MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED] = "OutPktsProtected", | |
855 | [MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED] = "OutPktsEncrypted", | |
856 | }; | |
857 | ||
858 | static void print_txsa_stats(const char *prefix, struct rtattr *attr) | |
859 | { | |
860 | struct rtattr *stats[MACSEC_SA_STATS_ATTR_MAX + 1]; | |
861 | ||
862 | if (!attr || show_stats == 0) | |
863 | return; | |
864 | ||
9b45f8ec | 865 | parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX, attr); |
d3418638 SH |
866 | |
867 | print_stats(prefix, txsa_stats_names, NUM_MACSEC_SA_STATS_ATTR, stats); | |
b26fc590 SD |
868 | } |
869 | ||
870 | static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa, | |
871 | struct rtattr *txsc_stats, struct rtattr *secy_stats, | |
872 | struct rtattr *sa) | |
873 | { | |
874 | struct rtattr *sa_attr[MACSEC_SA_ATTR_MAX + 1]; | |
875 | struct rtattr *a; | |
876 | int rem; | |
877 | ||
c0b904de SH |
878 | print_string(PRINT_FP, NULL, "%s", prefix); |
879 | print_0xhex(PRINT_ANY, "sci", | |
880 | "TXSC: %016llx", ntohll(sci)); | |
881 | print_uint(PRINT_ANY, "encoding_sa", | |
882 | " on SA %d\n", encoding_sa); | |
883 | ||
b26fc590 SD |
884 | print_secy_stats(prefix, secy_stats); |
885 | print_txsc_stats(prefix, txsc_stats); | |
886 | ||
c0b904de | 887 | open_json_array(PRINT_JSON, "sa_list"); |
b26fc590 SD |
888 | rem = RTA_PAYLOAD(sa); |
889 | for (a = RTA_DATA(sa); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) { | |
b26fc590 SD |
890 | bool state; |
891 | ||
c0b904de | 892 | open_json_object(NULL); |
9b45f8ec | 893 | parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX, a); |
b26fc590 | 894 | state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]); |
c0b904de SH |
895 | |
896 | print_string(PRINT_FP, NULL, "%s", prefix); | |
897 | print_string(PRINT_FP, NULL, "%s", prefix); | |
898 | print_uint(PRINT_ANY, "an", "%d:", | |
899 | rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_AN])); | |
900 | print_uint(PRINT_ANY, "pn", " PN %u,", | |
901 | rta_getattr_u32(sa_attr[MACSEC_SA_ATTR_PN])); | |
902 | ||
903 | print_bool(PRINT_JSON, "active", NULL, state); | |
904 | print_string(PRINT_FP, NULL, | |
905 | " state %s,", state ? "on" : "off"); | |
906 | print_key(sa_attr[MACSEC_SA_ATTR_KEYID]); | |
907 | ||
b26fc590 | 908 | print_txsa_stats(prefix, sa_attr[MACSEC_SA_ATTR_STATS]); |
c0b904de | 909 | close_json_object(); |
b26fc590 | 910 | } |
c0b904de | 911 | close_json_array(PRINT_JSON, NULL); |
b26fc590 SD |
912 | } |
913 | ||
914 | static const char *rxsc_stats_names[NUM_MACSEC_RXSC_STATS_ATTR] = { | |
915 | [MACSEC_RXSC_STATS_ATTR_IN_OCTETS_VALIDATED] = "InOctetsValidated", | |
916 | [MACSEC_RXSC_STATS_ATTR_IN_OCTETS_DECRYPTED] = "InOctetsDecrypted", | |
917 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNCHECKED] = "InPktsUnchecked", | |
918 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_DELAYED] = "InPktsDelayed", | |
919 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_OK] = "InPktsOK", | |
920 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_INVALID] = "InPktsInvalid", | |
921 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_LATE] = "InPktsLate", | |
922 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_VALID] = "InPktsNotValid", | |
923 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_USING_SA] = "InPktsNotUsingSA", | |
924 | [MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNUSED_SA] = "InPktsUnusedSA", | |
925 | }; | |
926 | ||
927 | static void print_rxsc_stats(const char *prefix, struct rtattr *attr) | |
928 | { | |
929 | struct rtattr *stats[MACSEC_RXSC_STATS_ATTR_MAX + 1]; | |
b26fc590 SD |
930 | |
931 | if (!attr || show_stats == 0) | |
932 | return; | |
933 | ||
9b45f8ec | 934 | parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX, attr); |
b26fc590 | 935 | |
d3418638 SH |
936 | print_stats(prefix, rxsc_stats_names, |
937 | NUM_MACSEC_RXSC_STATS_ATTR, stats); | |
b26fc590 SD |
938 | } |
939 | ||
c0b904de | 940 | static void print_rx_sc(const char *prefix, __be64 sci, __u8 active, |
b26fc590 SD |
941 | struct rtattr *rxsc_stats, struct rtattr *sa) |
942 | { | |
943 | struct rtattr *sa_attr[MACSEC_SA_ATTR_MAX + 1]; | |
944 | struct rtattr *a; | |
945 | int rem; | |
946 | ||
c0b904de SH |
947 | print_string(PRINT_FP, NULL, "%s", prefix); |
948 | print_0xhex(PRINT_ANY, "sci", | |
949 | "RXSC: %016llx,", ntohll(sci)); | |
950 | print_bool(PRINT_JSON, "active", NULL, active); | |
951 | print_string(PRINT_FP, NULL, | |
952 | " state %s\n", active ? "on" : "off"); | |
b26fc590 SD |
953 | print_rxsc_stats(prefix, rxsc_stats); |
954 | ||
c0b904de | 955 | open_json_array(PRINT_JSON, "sa_list"); |
b26fc590 SD |
956 | rem = RTA_PAYLOAD(sa); |
957 | for (a = RTA_DATA(sa); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) { | |
b26fc590 SD |
958 | bool state; |
959 | ||
c0b904de | 960 | open_json_object(NULL); |
9b45f8ec | 961 | parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX, a); |
b26fc590 | 962 | state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]); |
c0b904de SH |
963 | |
964 | print_string(PRINT_FP, NULL, "%s", prefix); | |
965 | print_string(PRINT_FP, NULL, "%s", prefix); | |
966 | print_uint(PRINT_ANY, "an", "%u:", | |
967 | rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_AN])); | |
968 | print_uint(PRINT_ANY, "pn", " PN %u,", | |
969 | rta_getattr_u32(sa_attr[MACSEC_SA_ATTR_PN])); | |
970 | ||
971 | print_bool(PRINT_JSON, "active", NULL, state); | |
972 | print_string(PRINT_FP, NULL, " state %s,", | |
973 | state ? "on" : "off"); | |
974 | ||
975 | print_key(sa_attr[MACSEC_SA_ATTR_KEYID]); | |
976 | ||
b26fc590 | 977 | print_rxsa_stats(prefix, sa_attr[MACSEC_SA_ATTR_STATS]); |
c0b904de SH |
978 | close_json_object(); |
979 | } | |
980 | close_json_array(PRINT_JSON, NULL); | |
981 | } | |
982 | ||
983 | static void print_rxsc_list(struct rtattr *sc) | |
984 | { | |
985 | int rem = RTA_PAYLOAD(sc); | |
986 | struct rtattr *c; | |
987 | ||
988 | open_json_array(PRINT_JSON, "rx_sc"); | |
989 | for (c = RTA_DATA(sc); RTA_OK(c, rem); c = RTA_NEXT(c, rem)) { | |
990 | struct rtattr *sc_attr[MACSEC_RXSC_ATTR_MAX + 1]; | |
991 | ||
992 | open_json_object(NULL); | |
993 | ||
9b45f8ec | 994 | parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX, c); |
c0b904de SH |
995 | print_rx_sc(" ", |
996 | rta_getattr_u64(sc_attr[MACSEC_RXSC_ATTR_SCI]), | |
997 | rta_getattr_u32(sc_attr[MACSEC_RXSC_ATTR_ACTIVE]), | |
998 | sc_attr[MACSEC_RXSC_ATTR_STATS], | |
999 | sc_attr[MACSEC_RXSC_ATTR_SA_LIST]); | |
1000 | close_json_object(); | |
b26fc590 | 1001 | } |
c0b904de | 1002 | close_json_array(PRINT_JSON, NULL); |
b26fc590 SD |
1003 | } |
1004 | ||
cd554f2c | 1005 | static int process(struct nlmsghdr *n, void *arg) |
b26fc590 SD |
1006 | { |
1007 | struct genlmsghdr *ghdr; | |
c0b904de | 1008 | struct rtattr *attrs[MACSEC_ATTR_MAX + 1]; |
b26fc590 SD |
1009 | struct rtattr *attrs_secy[MACSEC_SECY_ATTR_MAX + 1]; |
1010 | int len = n->nlmsg_len; | |
1011 | int ifindex; | |
1012 | __u64 sci; | |
1013 | __u8 encoding_sa; | |
b26fc590 SD |
1014 | |
1015 | if (n->nlmsg_type != genl_family) | |
1016 | return -1; | |
1017 | ||
1018 | len -= NLMSG_LENGTH(GENL_HDRLEN); | |
1019 | if (len < 0) | |
1020 | return -1; | |
1021 | ||
1022 | ghdr = NLMSG_DATA(n); | |
1023 | if (ghdr->cmd != MACSEC_CMD_GET_TXSC) | |
1024 | return 0; | |
1025 | ||
1026 | parse_rtattr(attrs, MACSEC_ATTR_MAX, (void *) ghdr + GENL_HDRLEN, len); | |
1027 | if (!validate_dump(attrs)) { | |
c0b904de | 1028 | fprintf(stderr, "incomplete dump message\n"); |
b26fc590 SD |
1029 | return -1; |
1030 | } | |
1031 | ||
1032 | ifindex = rta_getattr_u32(attrs[MACSEC_ATTR_IFINDEX]); | |
9b45f8ec | 1033 | parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX, |
b26fc590 SD |
1034 | attrs[MACSEC_ATTR_SECY]); |
1035 | ||
1036 | if (!validate_secy_dump(attrs_secy)) { | |
c0b904de | 1037 | fprintf(stderr, "incomplete dump message\n"); |
b26fc590 SD |
1038 | return -1; |
1039 | } | |
1040 | ||
1041 | sci = rta_getattr_u64(attrs_secy[MACSEC_SECY_ATTR_SCI]); | |
1042 | encoding_sa = rta_getattr_u8(attrs_secy[MACSEC_SECY_ATTR_ENCODING_SA]); | |
1043 | ||
1044 | if (filter.ifindex && ifindex != filter.ifindex) | |
1045 | return 0; | |
1046 | ||
1047 | if (filter.sci && sci != filter.sci) | |
1048 | return 0; | |
1049 | ||
c0b904de SH |
1050 | open_json_object(NULL); |
1051 | print_uint(PRINT_ANY, "ifindex", "%u: ", ifindex); | |
1052 | print_color_string(PRINT_ANY, COLOR_IFNAME, "ifname", | |
1053 | "%s: ", ll_index_to_name(ifindex)); | |
1054 | ||
1055 | print_attrs(attrs_secy); | |
b26fc590 SD |
1056 | |
1057 | print_tx_sc(" ", sci, encoding_sa, | |
1058 | attrs[MACSEC_ATTR_TXSC_STATS], | |
1059 | attrs[MACSEC_ATTR_SECY_STATS], | |
1060 | attrs[MACSEC_ATTR_TXSA_LIST]); | |
1061 | ||
c0b904de SH |
1062 | if (attrs[MACSEC_ATTR_RXSC_LIST]) |
1063 | print_rxsc_list(attrs[MACSEC_ATTR_RXSC_LIST]); | |
b26fc590 | 1064 | |
da6abdba AT |
1065 | if (attrs[MACSEC_ATTR_OFFLOAD]) { |
1066 | struct rtattr *attrs_offload[MACSEC_OFFLOAD_ATTR_MAX + 1]; | |
1067 | __u8 offload; | |
1068 | ||
1069 | parse_rtattr_nested(attrs_offload, MACSEC_OFFLOAD_ATTR_MAX, | |
1070 | attrs[MACSEC_ATTR_OFFLOAD]); | |
1071 | ||
1072 | offload = rta_getattr_u8(attrs_offload[MACSEC_OFFLOAD_ATTR_TYPE]); | |
1073 | print_string(PRINT_ANY, "offload", | |
1074 | " offload: %s ", offload_to_str(offload)); | |
1075 | print_nl(); | |
1076 | } | |
1077 | ||
c0b904de | 1078 | close_json_object(); |
b26fc590 SD |
1079 | |
1080 | return 0; | |
1081 | } | |
1082 | ||
1083 | static int do_dump(int ifindex) | |
1084 | { | |
1085 | MACSEC_GENL_REQ(req, MACSEC_BUFLEN, MACSEC_CMD_GET_TXSC, | |
1086 | NLM_F_REQUEST | NLM_F_DUMP); | |
1087 | ||
1088 | memset(&filter, 0, sizeof(filter)); | |
1089 | filter.ifindex = ifindex; | |
1090 | ||
1091 | req.n.nlmsg_seq = genl_rth.dump = ++genl_rth.seq; | |
1092 | if (rtnl_send(&genl_rth, &req, req.n.nlmsg_len) < 0) { | |
1093 | perror("Failed to send dump request"); | |
1094 | exit(1); | |
1095 | } | |
1096 | ||
c0b904de | 1097 | new_json_obj(json); |
b26fc590 | 1098 | if (rtnl_dump_filter(&genl_rth, process, stdout) < 0) { |
c0b904de | 1099 | delete_json_obj(); |
b26fc590 SD |
1100 | fprintf(stderr, "Dump terminated\n"); |
1101 | exit(1); | |
1102 | } | |
c0b904de | 1103 | delete_json_obj(); |
b26fc590 SD |
1104 | |
1105 | return 0; | |
1106 | } | |
1107 | ||
1108 | static int do_show(int argc, char **argv) | |
1109 | { | |
1110 | int ifindex; | |
1111 | ||
1112 | if (argc == 0) | |
1113 | return do_dump(0); | |
1114 | ||
1115 | ifindex = ll_name_to_index(*argv); | |
1116 | if (ifindex == 0) { | |
1117 | fprintf(stderr, "Device \"%s\" does not exist.\n", *argv); | |
1118 | return -1; | |
1119 | } | |
1120 | ||
1121 | argc--, argv++; | |
1122 | if (argc == 0) | |
1123 | return do_dump(ifindex); | |
1124 | ||
1125 | ipmacsec_usage(); | |
1126 | return -1; | |
1127 | } | |
1128 | ||
1129 | int do_ipmacsec(int argc, char **argv) | |
1130 | { | |
b26fc590 SD |
1131 | if (argc < 1) |
1132 | ipmacsec_usage(); | |
1133 | ||
1134 | if (matches(*argv, "help") == 0) | |
1135 | ipmacsec_usage(); | |
1136 | ||
688f9aa4 SD |
1137 | if (genl_init_handle(&genl_rth, MACSEC_GENL_NAME, &genl_family)) |
1138 | exit(1); | |
1139 | ||
b26fc590 SD |
1140 | if (matches(*argv, "show") == 0) |
1141 | return do_show(argc-1, argv+1); | |
1142 | ||
1143 | if (matches(*argv, "add") == 0) | |
1144 | return do_modify(CMD_ADD, argc-1, argv+1); | |
1145 | if (matches(*argv, "set") == 0) | |
1146 | return do_modify(CMD_UPD, argc-1, argv+1); | |
1147 | if (matches(*argv, "delete") == 0) | |
1148 | return do_modify(CMD_DEL, argc-1, argv+1); | |
791bc7ee AT |
1149 | if (matches(*argv, "offload") == 0) |
1150 | return do_offload(CMD_OFFLOAD, argc-1, argv+1); | |
b26fc590 SD |
1151 | |
1152 | fprintf(stderr, "Command \"%s\" is unknown, try \"ip macsec help\".\n", | |
1153 | *argv); | |
1154 | exit(-1); | |
1155 | } | |
1156 | ||
1157 | /* device creation */ | |
1158 | static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) | |
1159 | { | |
1160 | if (!tb) | |
1161 | return; | |
1162 | ||
1163 | if (tb[IFLA_MACSEC_SCI]) { | |
c3398346 JF |
1164 | if (is_json_context()) { |
1165 | SPRINT_BUF(b1); | |
1166 | ||
1167 | snprintf(b1, sizeof(b1), "%016llx", | |
1168 | ntohll(rta_getattr_u64(tb[IFLA_MACSEC_SCI]))); | |
1169 | print_string(PRINT_JSON, "sci", NULL, b1); | |
1170 | } else { | |
1171 | fprintf(f, "sci %016llx ", | |
1172 | ntohll(rta_getattr_u64(tb[IFLA_MACSEC_SCI]))); | |
1173 | } | |
b26fc590 SD |
1174 | } |
1175 | ||
c0b904de | 1176 | print_flag(tb, "protect", IFLA_MACSEC_PROTECT); |
b26fc590 SD |
1177 | |
1178 | if (tb[IFLA_MACSEC_CIPHER_SUITE]) { | |
c0b904de SH |
1179 | __u64 csid |
1180 | = rta_getattr_u64(tb[IFLA_MACSEC_CIPHER_SUITE]); | |
b26fc590 | 1181 | |
c3398346 JF |
1182 | print_string(PRINT_ANY, |
1183 | "cipher_suite", | |
1184 | "cipher %s ", | |
1185 | cs_id_to_name(csid)); | |
b26fc590 SD |
1186 | } |
1187 | ||
1188 | if (tb[IFLA_MACSEC_ICV_LEN]) { | |
c3398346 JF |
1189 | if (is_json_context()) { |
1190 | char b2[4]; | |
1191 | ||
1192 | snprintf(b2, sizeof(b2), "%hhu", | |
1193 | rta_getattr_u8(tb[IFLA_MACSEC_ICV_LEN])); | |
1194 | print_uint(PRINT_JSON, "icv_len", NULL, atoi(b2)); | |
1195 | } else { | |
1196 | fprintf(f, "icvlen %hhu ", | |
1197 | rta_getattr_u8(tb[IFLA_MACSEC_ICV_LEN])); | |
1198 | } | |
b26fc590 SD |
1199 | } |
1200 | ||
1201 | if (tb[IFLA_MACSEC_ENCODING_SA]) { | |
c3398346 JF |
1202 | if (is_json_context()) { |
1203 | char b2[4]; | |
1204 | ||
1205 | snprintf(b2, sizeof(b2), "%hhu", | |
1206 | rta_getattr_u8(tb[IFLA_MACSEC_ENCODING_SA])); | |
1207 | print_uint(PRINT_JSON, "encoding_sa", NULL, atoi(b2)); | |
1208 | } else { | |
1209 | fprintf(f, "encodingsa %hhu ", | |
1210 | rta_getattr_u8(tb[IFLA_MACSEC_ENCODING_SA])); | |
1211 | } | |
b26fc590 SD |
1212 | } |
1213 | ||
1214 | if (tb[IFLA_MACSEC_VALIDATION]) { | |
1215 | __u8 val = rta_getattr_u8(tb[IFLA_MACSEC_VALIDATION]); | |
1216 | ||
c3398346 JF |
1217 | print_string(PRINT_ANY, |
1218 | "validation", | |
1219 | "validate %s ", | |
c15674d8 | 1220 | validate_to_str(val)); |
c3398346 JF |
1221 | } |
1222 | ||
1223 | const char *inc_sci, *es, *replay; | |
1224 | ||
1225 | if (is_json_context()) { | |
1226 | inc_sci = "inc_sci"; | |
1227 | replay = "replay_protect"; | |
1228 | es = "es"; | |
1229 | } else { | |
1230 | inc_sci = "send_sci"; | |
1231 | es = "end_station"; | |
1232 | replay = "replay"; | |
b26fc590 SD |
1233 | } |
1234 | ||
c0b904de SH |
1235 | print_flag(tb, "encrypt", IFLA_MACSEC_ENCRYPT); |
1236 | print_flag(tb, inc_sci, IFLA_MACSEC_INC_SCI); | |
1237 | print_flag(tb, es, IFLA_MACSEC_ES); | |
1238 | print_flag(tb, "scb", IFLA_MACSEC_SCB); | |
1239 | print_flag(tb, replay, IFLA_MACSEC_REPLAY_PROTECT); | |
b26fc590 | 1240 | |
c3398346 JF |
1241 | if (tb[IFLA_MACSEC_WINDOW]) |
1242 | print_int(PRINT_ANY, | |
1243 | "window", | |
1244 | "window %d ", | |
1245 | rta_getattr_u32(tb[IFLA_MACSEC_WINDOW])); | |
b26fc590 SD |
1246 | } |
1247 | ||
b26fc590 SD |
1248 | static bool check_txsc_flags(bool es, bool scb, bool sci) |
1249 | { | |
1250 | if (sci && (es || scb)) | |
1251 | return false; | |
1252 | if (es && scb) | |
1253 | return false; | |
1254 | return true; | |
1255 | } | |
1256 | ||
1257 | static void usage(FILE *f) | |
1258 | { | |
1259 | fprintf(f, | |
5898bd66 | 1260 | "Usage: ... macsec [ [ address <lladdr> ] port { 1..2^16-1 } | sci <u64> ]\n" |
b16f5253 | 1261 | " [ cipher { default | gcm-aes-128 | gcm-aes-256 } ]\n" |
89bb6e67 | 1262 | " [ icvlen { 8..16 } ]\n" |
b26fc590 SD |
1263 | " [ encrypt { on | off } ]\n" |
1264 | " [ send_sci { on | off } ]\n" | |
1265 | " [ end_station { on | off } ]\n" | |
1266 | " [ scb { on | off } ]\n" | |
1267 | " [ protect { on | off } ]\n" | |
1268 | " [ replay { on | off} window { 0..2^32-1 } ]\n" | |
1269 | " [ validate { strict | check | disabled } ]\n" | |
1270 | " [ encodingsa { 0..3 } ]\n" | |
1271 | ); | |
b26fc590 SD |
1272 | } |
1273 | ||
1274 | static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, | |
28254695 | 1275 | struct nlmsghdr *n) |
b26fc590 SD |
1276 | { |
1277 | int ret; | |
1278 | __u8 encoding_sa = 0xff; | |
1279 | __u32 window = -1; | |
1280 | struct cipher_args cipher = {0}; | |
1281 | enum macsec_validation_type validate; | |
1282 | bool es = false, scb = false, send_sci = false; | |
1283 | int replay_protect = -1; | |
1284 | struct sci sci = { 0 }; | |
1285 | ||
1286 | ret = get_sci_portaddr(&sci, &argc, &argv, true, true); | |
1287 | if (ret < 0) { | |
1288 | fprintf(stderr, "expected sci\n"); | |
1289 | return -1; | |
1290 | } | |
1291 | ||
1292 | if (ret > 0) { | |
1293 | if (sci.sci) | |
28254695 | 1294 | addattr_l(n, MACSEC_BUFLEN, IFLA_MACSEC_SCI, |
b26fc590 SD |
1295 | &sci.sci, sizeof(sci.sci)); |
1296 | else | |
28254695 | 1297 | addattr_l(n, MACSEC_BUFLEN, IFLA_MACSEC_PORT, |
b26fc590 SD |
1298 | &sci.port, sizeof(sci.port)); |
1299 | } | |
1300 | ||
1301 | while (argc > 0) { | |
1302 | if (strcmp(*argv, "cipher") == 0) { | |
89bb6e67 | 1303 | NEXT_ARG(); |
b26fc590 | 1304 | if (cipher.id) |
89bb6e67 | 1305 | duparg("cipher", *argv); |
b16f5253 | 1306 | if (strcmp(*argv, "default") == 0) |
89bb6e67 | 1307 | cipher.id = MACSEC_DEFAULT_CIPHER_ID; |
b16f5253 PM |
1308 | else if (strcmp(*argv, "gcm-aes-128") == 0 || |
1309 | strcmp(*argv, "GCM-AES-128") == 0) | |
1310 | cipher.id = MACSEC_CIPHER_ID_GCM_AES_128; | |
1311 | else if (strcmp(*argv, "gcm-aes-256") == 0 || | |
1312 | strcmp(*argv, "GCM-AES-256") == 0) | |
1313 | cipher.id = MACSEC_CIPHER_ID_GCM_AES_256; | |
89bb6e67 | 1314 | else |
b16f5253 PM |
1315 | invarg("expected: default, gcm-aes-128 or" |
1316 | " gcm-aes-256", *argv); | |
89bb6e67 | 1317 | } else if (strcmp(*argv, "icvlen") == 0) { |
b26fc590 | 1318 | NEXT_ARG(); |
89bb6e67 DC |
1319 | if (cipher.icv_len) |
1320 | duparg("icvlen", *argv); | |
1321 | get_icvlen(&cipher.icv_len, *argv); | |
b26fc590 SD |
1322 | } else if (strcmp(*argv, "encrypt") == 0) { |
1323 | NEXT_ARG(); | |
1324 | int i; | |
1325 | ||
1326 | ret = one_of("encrypt", *argv, values_on_off, | |
1327 | ARRAY_SIZE(values_on_off), &i); | |
1328 | if (ret != 0) | |
1329 | return ret; | |
28254695 | 1330 | addattr8(n, MACSEC_BUFLEN, IFLA_MACSEC_ENCRYPT, i); |
b26fc590 SD |
1331 | } else if (strcmp(*argv, "send_sci") == 0) { |
1332 | NEXT_ARG(); | |
1333 | int i; | |
1334 | ||
1335 | ret = one_of("send_sci", *argv, values_on_off, | |
1336 | ARRAY_SIZE(values_on_off), &i); | |
1337 | if (ret != 0) | |
1338 | return ret; | |
1339 | send_sci = i; | |
28254695 | 1340 | addattr8(n, MACSEC_BUFLEN, |
b26fc590 SD |
1341 | IFLA_MACSEC_INC_SCI, send_sci); |
1342 | } else if (strcmp(*argv, "end_station") == 0) { | |
1343 | NEXT_ARG(); | |
1344 | int i; | |
1345 | ||
1346 | ret = one_of("end_station", *argv, values_on_off, | |
1347 | ARRAY_SIZE(values_on_off), &i); | |
1348 | if (ret != 0) | |
1349 | return ret; | |
1350 | es = i; | |
28254695 | 1351 | addattr8(n, MACSEC_BUFLEN, IFLA_MACSEC_ES, es); |
b26fc590 SD |
1352 | } else if (strcmp(*argv, "scb") == 0) { |
1353 | NEXT_ARG(); | |
1354 | int i; | |
1355 | ||
1356 | ret = one_of("scb", *argv, values_on_off, | |
1357 | ARRAY_SIZE(values_on_off), &i); | |
1358 | if (ret != 0) | |
1359 | return ret; | |
1360 | scb = i; | |
28254695 | 1361 | addattr8(n, MACSEC_BUFLEN, IFLA_MACSEC_SCB, scb); |
b26fc590 SD |
1362 | } else if (strcmp(*argv, "protect") == 0) { |
1363 | NEXT_ARG(); | |
1364 | int i; | |
1365 | ||
1366 | ret = one_of("protect", *argv, values_on_off, | |
1367 | ARRAY_SIZE(values_on_off), &i); | |
1368 | if (ret != 0) | |
1369 | return ret; | |
28254695 | 1370 | addattr8(n, MACSEC_BUFLEN, IFLA_MACSEC_PROTECT, i); |
b26fc590 SD |
1371 | } else if (strcmp(*argv, "replay") == 0) { |
1372 | NEXT_ARG(); | |
1373 | int i; | |
1374 | ||
1375 | ret = one_of("replay", *argv, values_on_off, | |
1376 | ARRAY_SIZE(values_on_off), &i); | |
1377 | if (ret != 0) | |
1378 | return ret; | |
1379 | replay_protect = !!i; | |
1380 | } else if (strcmp(*argv, "window") == 0) { | |
1381 | NEXT_ARG(); | |
1382 | ret = get_u32(&window, *argv, 0); | |
1383 | if (ret) | |
1384 | invarg("expected replay window size", *argv); | |
1385 | } else if (strcmp(*argv, "validate") == 0) { | |
1386 | NEXT_ARG(); | |
1387 | ret = one_of("validate", *argv, | |
c2f260f4 | 1388 | validate_str, ARRAY_SIZE(validate_str), |
b26fc590 SD |
1389 | (int *)&validate); |
1390 | if (ret != 0) | |
1391 | return ret; | |
28254695 | 1392 | addattr8(n, MACSEC_BUFLEN, |
b26fc590 SD |
1393 | IFLA_MACSEC_VALIDATION, validate); |
1394 | } else if (strcmp(*argv, "encodingsa") == 0) { | |
1395 | if (encoding_sa != 0xff) | |
1396 | duparg2("encodingsa", "encodingsa"); | |
1397 | NEXT_ARG(); | |
1398 | ret = get_an(&encoding_sa, *argv); | |
1399 | if (ret) | |
1400 | invarg("expected an { 0..3 }", *argv); | |
1401 | } else { | |
1402 | fprintf(stderr, "macsec: unknown command \"%s\"?\n", | |
1403 | *argv); | |
1404 | usage(stderr); | |
1405 | return -1; | |
1406 | } | |
1407 | ||
1408 | argv++; argc--; | |
1409 | } | |
1410 | ||
1411 | if (!check_txsc_flags(es, scb, send_sci)) { | |
c2f260f4 SH |
1412 | fprintf(stderr, |
1413 | "invalid combination of send_sci/end_station/scb\n"); | |
b26fc590 SD |
1414 | return -1; |
1415 | } | |
1416 | ||
1417 | if (window != -1 && replay_protect == -1) { | |
1418 | fprintf(stderr, | |
1419 | "replay window set, but replay protection not enabled. did you mean 'replay on window %u'?\n", | |
1420 | window); | |
1421 | return -1; | |
1422 | } else if (window == -1 && replay_protect == 1) { | |
1423 | fprintf(stderr, | |
1424 | "replay protection enabled, but no window set. did you mean 'replay on window VALUE'?\n"); | |
1425 | return -1; | |
1426 | } | |
1427 | ||
89bb6e67 | 1428 | if (cipher.id) |
28254695 | 1429 | addattr_l(n, MACSEC_BUFLEN, IFLA_MACSEC_CIPHER_SUITE, |
b26fc590 | 1430 | &cipher.id, sizeof(cipher.id)); |
89bb6e67 | 1431 | if (cipher.icv_len) |
28254695 | 1432 | addattr_l(n, MACSEC_BUFLEN, IFLA_MACSEC_ICV_LEN, |
b26fc590 | 1433 | &cipher.icv_len, sizeof(cipher.icv_len)); |
b26fc590 SD |
1434 | |
1435 | if (replay_protect != -1) { | |
28254695 SP |
1436 | addattr32(n, MACSEC_BUFLEN, IFLA_MACSEC_WINDOW, window); |
1437 | addattr8(n, MACSEC_BUFLEN, IFLA_MACSEC_REPLAY_PROTECT, | |
b26fc590 SD |
1438 | replay_protect); |
1439 | } | |
1440 | ||
1441 | if (encoding_sa != 0xff) { | |
28254695 | 1442 | addattr_l(n, MACSEC_BUFLEN, IFLA_MACSEC_ENCODING_SA, |
b26fc590 SD |
1443 | &encoding_sa, sizeof(encoding_sa)); |
1444 | } | |
1445 | ||
1446 | return 0; | |
1447 | } | |
1448 | ||
1449 | static void macsec_print_help(struct link_util *lu, int argc, char **argv, | |
1450 | FILE *f) | |
1451 | { | |
1452 | usage(f); | |
1453 | } | |
1454 | ||
1455 | struct link_util macsec_link_util = { | |
1456 | .id = "macsec", | |
1457 | .maxattr = IFLA_MACSEC_MAX, | |
1458 | .parse_opt = macsec_parse_opt, | |
1459 | .print_help = macsec_print_help, | |
1460 | .print_opt = macsec_print_opt, | |
b26fc590 | 1461 | }; |