#include <netdb.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
+#include <linux/udp.h>
#include "utils.h"
#include "xfrm.h"
return str;
}
-const char *strxf_mask8(__u8 mask)
+static const char *strxf_mask8(__u8 mask)
{
static char str[16];
const int sn = sizeof(mask) * 8 - 1;
return str;
}
-const char *strxf_share(__u8 share)
+static const char *strxf_share(__u8 share)
{
static char str[32];
return str;
}
-void xfrm_id_info_print(xfrm_address_t *saddr, struct xfrm_id *id,
+static void xfrm_id_info_print(xfrm_address_t *saddr, struct xfrm_id *id,
__u8 mode, __u32 reqid, __u16 family, int force_spi,
FILE *fp, const char *prefix, const char *title)
{
return str;
}
-void xfrm_stats_print(struct xfrm_stats *s, FILE *fp, const char *prefix)
+static void xfrm_stats_print(struct xfrm_stats *s, FILE *fp,
+ const char *prefix)
{
if (prefix)
fputs(prefix, fp);
return str;
}
-void xfrm_lifetime_print(struct xfrm_lifetime_cfg *cfg,
+static void xfrm_lifetime_print(struct xfrm_lifetime_cfg *cfg,
struct xfrm_lifetime_cur *cur,
FILE *fp, const char *prefix)
{
}
static void __xfrm_algo_print(struct xfrm_algo *algo, int type, int len,
- FILE *fp, const char *prefix, int newline)
+ FILE *fp, const char *prefix, int newline,
+ bool nokeys)
{
int keylen;
int i;
goto fin;
}
- if (keylen > 0) {
+ if (nokeys)
+ fprintf(fp, "<<Keys hidden>>");
+ else if (keylen > 0) {
fprintf(fp, "0x");
for (i = 0; i < keylen; i++)
fprintf(fp, "%.2x", (unsigned char)algo->alg_key[i]);
}
static inline void xfrm_algo_print(struct xfrm_algo *algo, int type, int len,
- FILE *fp, const char *prefix)
+ FILE *fp, const char *prefix, bool nokeys)
{
- return __xfrm_algo_print(algo, type, len, fp, prefix, 1);
+ return __xfrm_algo_print(algo, type, len, fp, prefix, 1, nokeys);
}
static void xfrm_aead_print(struct xfrm_algo_aead *algo, int len,
- FILE *fp, const char *prefix)
+ FILE *fp, const char *prefix, bool nokeys)
{
struct xfrm_algo *base_algo = alloca(sizeof(*base_algo) + algo->alg_key_len / 8);
base_algo->alg_key_len = algo->alg_key_len;
memcpy(base_algo->alg_key, algo->alg_key, algo->alg_key_len / 8);
- __xfrm_algo_print(base_algo, XFRMA_ALG_AEAD, len, fp, prefix, 0);
+ __xfrm_algo_print(base_algo, XFRMA_ALG_AEAD, len, fp, prefix, 0,
+ nokeys);
fprintf(fp, " %d", algo->alg_icv_len);
}
static void xfrm_auth_trunc_print(struct xfrm_algo_auth *algo, int len,
- FILE *fp, const char *prefix)
+ FILE *fp, const char *prefix, bool nokeys)
{
struct xfrm_algo *base_algo = alloca(sizeof(*base_algo) + algo->alg_key_len / 8);
base_algo->alg_key_len = algo->alg_key_len;
memcpy(base_algo->alg_key, algo->alg_key, algo->alg_key_len / 8);
- __xfrm_algo_print(base_algo, XFRMA_ALG_AUTH_TRUNC, len, fp, prefix, 0);
+ __xfrm_algo_print(base_algo, XFRMA_ALG_AUTH_TRUNC, len, fp, prefix, 0,
+ nokeys);
fprintf(fp, " %d", algo->alg_trunc_len);
}
void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
- FILE *fp, const char *prefix)
+ FILE *fp, const char *prefix, bool nokeys)
{
if (tb[XFRMA_MARK]) {
struct rtattr *rta = tb[XFRMA_MARK];
if (tb[XFRMA_ALG_AUTH] && !tb[XFRMA_ALG_AUTH_TRUNC]) {
struct rtattr *rta = tb[XFRMA_ALG_AUTH];
- xfrm_algo_print(RTA_DATA(rta),
- XFRMA_ALG_AUTH, RTA_PAYLOAD(rta), fp, prefix);
+ xfrm_algo_print(RTA_DATA(rta), XFRMA_ALG_AUTH, RTA_PAYLOAD(rta),
+ fp, prefix, nokeys);
}
if (tb[XFRMA_ALG_AUTH_TRUNC]) {
struct rtattr *rta = tb[XFRMA_ALG_AUTH_TRUNC];
- xfrm_auth_trunc_print(RTA_DATA(rta),
- RTA_PAYLOAD(rta), fp, prefix);
+ xfrm_auth_trunc_print(RTA_DATA(rta), RTA_PAYLOAD(rta), fp,
+ prefix, nokeys);
}
if (tb[XFRMA_ALG_AEAD]) {
struct rtattr *rta = tb[XFRMA_ALG_AEAD];
- xfrm_aead_print(RTA_DATA(rta),
- RTA_PAYLOAD(rta), fp, prefix);
+ xfrm_aead_print(RTA_DATA(rta), RTA_PAYLOAD(rta), fp, prefix,
+ nokeys);
}
if (tb[XFRMA_ALG_CRYPT]) {
struct rtattr *rta = tb[XFRMA_ALG_CRYPT];
- xfrm_algo_print(RTA_DATA(rta),
- XFRMA_ALG_CRYPT, RTA_PAYLOAD(rta), fp, prefix);
+ xfrm_algo_print(RTA_DATA(rta), XFRMA_ALG_CRYPT,
+ RTA_PAYLOAD(rta), fp, prefix, nokeys);
}
if (tb[XFRMA_ALG_COMP]) {
struct rtattr *rta = tb[XFRMA_ALG_COMP];
- xfrm_algo_print(RTA_DATA(rta),
- XFRMA_ALG_COMP, RTA_PAYLOAD(rta), fp, prefix);
+ xfrm_algo_print(RTA_DATA(rta), XFRMA_ALG_COMP, RTA_PAYLOAD(rta),
+ fp, prefix, nokeys);
}
if (tb[XFRMA_ENCAP]) {
fprintf(fp, "type ");
switch (e->encap_type) {
- case 1:
+ case UDP_ENCAP_ESPINUDP_NON_IKE:
fprintf(fp, "espinudp-nonike ");
break;
- case 2:
+ case UDP_ENCAP_ESPINUDP:
fprintf(fp, "espinudp ");
break;
+ case TCP_ENCAP_ESPINTCP:
+ fprintf(fp, "espintcp ");
+ break;
default:
fprintf(fp, "%u ", e->encap_type);
break;
(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
fprintf(fp, "%s", _SL_);
}
+ if (tb[XFRMA_IF_ID]) {
+ __u32 if_id = rta_getattr_u32(tb[XFRMA_IF_ID]);
+
+ if (prefix)
+ fputs(prefix, fp);
+ fprintf(fp, "if_id %#x", if_id);
+ fprintf(fp, "%s", _SL_);
+ }
}
static int xfrm_selector_iszero(struct xfrm_selector *s)
void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
struct rtattr *tb[], FILE *fp, const char *prefix,
- const char *title)
+ const char *title, bool nokeys)
{
char buf[STRBUF_SIZE] = {};
int force_spi = xfrm_xfrmproto_is_ipsec(xsinfo->id.proto);
XFRM_FLAG_PRINT(fp, extra_flags,
XFRM_SA_XFLAG_DONT_ENCAP_DSCP,
"dont-encap-dscp");
+ XFRM_FLAG_PRINT(fp, extra_flags,
+ XFRM_SA_XFLAG_OSEQ_MAY_WRAP,
+ "oseq-may-wrap");
if (extra_flags)
fprintf(fp, "%x", extra_flags);
}
fprintf(fp, " (0x%s)", strxf_mask8(xsinfo->flags));
fprintf(fp, "%s", _SL_);
- xfrm_xfrma_print(tb, xsinfo->family, fp, buf);
+ xfrm_xfrma_print(tb, xsinfo->family, fp, buf, nokeys);
if (!xfrm_selector_iszero(&xsinfo->sel)) {
char sbuf[STRBUF_SIZE];
if (show_stats > 0)
xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf);
- xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf);
+ xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf, false);
}
int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
char **argv = *argvp;
if (strcmp(*argv, "espinudp-nonike") == 0)
- *type = 1;
+ *type = UDP_ENCAP_ESPINUDP_NON_IKE;
else if (strcmp(*argv, "espinudp") == 0)
- *type = 2;
+ *type = UDP_ENCAP_ESPINUDP;
+ else if (strcmp(*argv, "espintcp") == 0)
+ *type = TCP_ENCAP_ESPINTCP;
else
invarg("ENCAP-TYPE value is invalid", *argv);