]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/Application/IpsecConfig/Dump.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NetworkPkg: Replace BSD License with BSD+Patent License
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / Dump.c
1 /** @file
2 The implementation of dump policy entry function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9
10 #include "IpSecConfig.h"
11 #include "Dump.h"
12 #include "ForEach.h"
13 #include "Helper.h"
14
15 /**
16 Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.
17
18 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
19
20 @return the value of version.
21 **/
22 UINTN
23 GetVerFromAddrInfo (
24 IN EFI_IP_ADDRESS_INFO *AddressInfo
25 )
26 {
27 if((AddressInfo->PrefixLength <= 32) && (AddressInfo->Address.Addr[1] == 0) &&
28 (AddressInfo->Address.Addr[2] == 0) && (AddressInfo->Address.Addr[3] == 0)) {
29 return IP_VERSION_4;
30 } else {
31 return IP_VERSION_6;
32 }
33 }
34
35 /**
36 Private function called to get the version information from a EFI_IP_ADDRESS structure.
37
38 @param[in] Address The pointer to the EFI_IP_ADDRESS structure.
39
40 @return The value of the version.
41 **/
42 UINTN
43 GetVerFromIpAddr (
44 IN EFI_IP_ADDRESS *Address
45 )
46 {
47 if ((Address->Addr[1] == 0) && (Address->Addr[2] == 0) && (Address->Addr[3] == 0)) {
48 return IP_VERSION_4;
49 } else {
50 return IP_VERSION_6;
51 }
52 }
53
54 /**
55 Private function called to print an ASCII string in unicode char format.
56
57 @param[in] Str The pointer to the ASCII string.
58 @param[in] Length The value of the ASCII string length.
59 **/
60 VOID
61 DumpAsciiString (
62 IN CHAR8 *Str,
63 IN UINTN Length
64 )
65 {
66 UINTN Index;
67 Print (L"\"");
68 for (Index = 0; Index < Length; Index++) {
69 Print (L"%c", (CHAR16) Str[Index]);
70 }
71 Print (L"\"");
72 }
73
74 /**
75 Private function called to print a buffer in Hex format.
76
77 @param[in] Data The pointer to the buffer.
78 @param[in] Length The size of the buffer.
79
80 **/
81 VOID
82 DumpBuf (
83 IN UINT8 *Data,
84 IN UINTN Length
85 )
86 {
87 UINTN Index;
88 for (Index = 0; Index < Length; Index++) {
89 Print (L"%02x ", Data[Index]);
90 }
91 }
92
93 /**
94 Private function called to print EFI_IP_ADDRESS_INFO content.
95
96 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
97 **/
98 VOID
99 DumpAddressInfo (
100 IN EFI_IP_ADDRESS_INFO *AddressInfo
101 )
102 {
103 if (IP_VERSION_4 == GetVerFromAddrInfo (AddressInfo)) {
104 Print (
105 L"%d.%d.%d.%d",
106 (UINTN) AddressInfo->Address.v4.Addr[0],
107 (UINTN) AddressInfo->Address.v4.Addr[1],
108 (UINTN) AddressInfo->Address.v4.Addr[2],
109 (UINTN) AddressInfo->Address.v4.Addr[3]
110 );
111 if (AddressInfo->PrefixLength != 32) {
112 Print (L"/%d", (UINTN) AddressInfo->PrefixLength);
113 }
114 }
115
116 if (IP_VERSION_6 == GetVerFromAddrInfo (AddressInfo)) {
117 Print (
118 L"%x:%x:%x:%x:%x:%x:%x:%x",
119 (((UINT16) AddressInfo->Address.v6.Addr[0]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[1]),
120 (((UINT16) AddressInfo->Address.v6.Addr[2]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[3]),
121 (((UINT16) AddressInfo->Address.v6.Addr[4]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[5]),
122 (((UINT16) AddressInfo->Address.v6.Addr[6]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[7]),
123 (((UINT16) AddressInfo->Address.v6.Addr[8]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[9]),
124 (((UINT16) AddressInfo->Address.v6.Addr[10]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[11]),
125 (((UINT16) AddressInfo->Address.v6.Addr[12]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[13]),
126 (((UINT16) AddressInfo->Address.v6.Addr[14]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[15])
127 );
128 if (AddressInfo->PrefixLength != 128) {
129 Print (L"/%d", AddressInfo->PrefixLength);
130 }
131 }
132 }
133
134 /**
135 Private function called to print EFI_IP_ADDRESS content.
136
137 @param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.
138 **/
139 VOID
140 DumpIpAddress (
141 IN EFI_IP_ADDRESS *IpAddress
142 )
143 {
144 if (IP_VERSION_4 == GetVerFromIpAddr (IpAddress)) {
145 Print (
146 L"%d.%d.%d.%d",
147 (UINTN) IpAddress->v4.Addr[0],
148 (UINTN) IpAddress->v4.Addr[1],
149 (UINTN) IpAddress->v4.Addr[2],
150 (UINTN) IpAddress->v4.Addr[3]
151 );
152 }
153
154 if (IP_VERSION_6 == GetVerFromIpAddr (IpAddress)) {
155 Print (
156 L"%x:%x:%x:%x:%x:%x:%x:%x",
157 (((UINT16) IpAddress->v6.Addr[0]) << 8) | ((UINT16) IpAddress->v6.Addr[1]),
158 (((UINT16) IpAddress->v6.Addr[2]) << 8) | ((UINT16) IpAddress->v6.Addr[3]),
159 (((UINT16) IpAddress->v6.Addr[4]) << 8) | ((UINT16) IpAddress->v6.Addr[5]),
160 (((UINT16) IpAddress->v6.Addr[6]) << 8) | ((UINT16) IpAddress->v6.Addr[7]),
161 (((UINT16) IpAddress->v6.Addr[8]) << 8) | ((UINT16) IpAddress->v6.Addr[9]),
162 (((UINT16) IpAddress->v6.Addr[10]) << 8) | ((UINT16) IpAddress->v6.Addr[11]),
163 (((UINT16) IpAddress->v6.Addr[12]) << 8) | ((UINT16) IpAddress->v6.Addr[13]),
164 (((UINT16) IpAddress->v6.Addr[14]) << 8) | ((UINT16) IpAddress->v6.Addr[15])
165 );
166 }
167
168 }
169
170 /**
171 Private function called to print EFI_IPSEC_SPD_SELECTOR content.
172
173 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
174 **/
175 VOID
176 DumpSpdSelector (
177 IN EFI_IPSEC_SPD_SELECTOR *Selector
178 )
179 {
180 UINT32 Index;
181 CHAR16 *Str;
182
183 for (Index = 0; Index < Selector->LocalAddressCount; Index++) {
184 if (Index > 0) {
185 Print (L",");
186 }
187
188 DumpAddressInfo (&Selector->LocalAddress[Index]);
189 }
190
191 if (Index == 0) {
192 Print (L"localhost");
193 }
194
195 Print (L" -> ");
196
197 for (Index = 0; Index < Selector->RemoteAddressCount; Index++) {
198 if (Index > 0) {
199 Print (L",");
200 }
201
202 DumpAddressInfo (&Selector->RemoteAddress[Index]);
203 }
204
205 Str = MapIntegerToString (Selector->NextLayerProtocol, mMapIpProtocol);
206 if (Str != NULL) {
207 Print (L" %s", Str);
208 } else {
209 Print (L" proto:%d", (UINTN) Selector->NextLayerProtocol);
210 }
211
212 if ((Selector->NextLayerProtocol == EFI_IP4_PROTO_TCP) || (Selector->NextLayerProtocol == EFI_IP4_PROTO_UDP)) {
213 Print (L" port:");
214 if (Selector->LocalPort != EFI_IPSEC_ANY_PORT) {
215 Print (L"%d", Selector->LocalPort);
216 if (Selector->LocalPortRange != 0) {
217 Print (L"~%d", (UINTN) Selector->LocalPort + Selector->LocalPortRange);
218 }
219 } else {
220 Print (L"any");
221 }
222
223 Print (L" -> ");
224 if (Selector->RemotePort != EFI_IPSEC_ANY_PORT) {
225 Print (L"%d", Selector->RemotePort);
226 if (Selector->RemotePortRange != 0) {
227 Print (L"~%d", (UINTN) Selector->RemotePort + Selector->RemotePortRange);
228 }
229 } else {
230 Print (L"any");
231 }
232 } else if (Selector->NextLayerProtocol == EFI_IP4_PROTO_ICMP) {
233 Print (L" class/code:");
234 if (Selector->LocalPort != 0) {
235 Print (L"%d", (UINTN) (UINT8) Selector->LocalPort);
236 } else {
237 Print (L"any");
238 }
239
240 Print (L"/");
241 if (Selector->RemotePort != 0) {
242 Print (L"%d", (UINTN) (UINT8) Selector->RemotePort);
243 } else {
244 Print (L"any");
245 }
246 }
247 }
248
249 /**
250 Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.
251
252 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
253 @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
254 @param[in] EntryIndex The pointer to the Index in SPD Database.
255
256 @retval EFI_SUCCESS Dump SPD information successfully.
257 **/
258 EFI_STATUS
259 DumpSpdEntry (
260 IN EFI_IPSEC_SPD_SELECTOR *Selector,
261 IN EFI_IPSEC_SPD_DATA *Data,
262 IN UINTN *EntryIndex
263 )
264 {
265 BOOLEAN HasPre;
266 CHAR16 DataName[128];
267 CHAR16 *String1;
268 CHAR16 *String2;
269 CHAR16 *String3;
270 UINT8 Index;
271
272 Print (L"%d.", (*EntryIndex)++);
273
274 //
275 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
276 // Protect PF:0x34323423 Name:First Entry
277 // ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]
278 // ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]
279 //
280
281 DumpSpdSelector (Selector);
282 Print (L"\n ");
283
284 Print (L"%s ", MapIntegerToString (Data->Action, mMapIpSecAction));
285 Print (L"PF:%08x ", Data->PackageFlag);
286
287 Index = 0;
288 while (Data->Name[Index] != 0) {
289 DataName[Index] = (CHAR16) Data->Name[Index];
290 Index++;
291 ASSERT (Index < 128);
292 }
293 DataName[Index] = L'\0';
294
295 Print (L"Name:%s", DataName);
296
297 if (Data->Action == EfiIPsecActionProtect) {
298 Print (L"\n ");
299 if (Data->ProcessingPolicy->ExtSeqNum) {
300 Print (L"ext-sequence ");
301 }
302
303 if (Data->ProcessingPolicy->SeqOverflow) {
304 Print (L"sequence-overflow ");
305 }
306
307 if (Data->ProcessingPolicy->FragCheck) {
308 Print (L"fragment-check ");
309 }
310
311 HasPre = FALSE;
312 if (Data->ProcessingPolicy->SaLifetime.ByteCount != 0) {
313 Print (HasPre ? L"," : L"life:[");
314 Print (L"%lxB", Data->ProcessingPolicy->SaLifetime.ByteCount);
315 HasPre = TRUE;
316 }
317
318 if (Data->ProcessingPolicy->SaLifetime.SoftLifetime != 0) {
319 Print (HasPre ? L"," : L"life:[");
320 Print (L"%lxs", Data->ProcessingPolicy->SaLifetime.SoftLifetime);
321 HasPre = TRUE;
322 }
323
324 if (Data->ProcessingPolicy->SaLifetime.HardLifetime != 0) {
325 Print (HasPre ? L"," : L"life:[");
326 Print (L"%lxS", Data->ProcessingPolicy->SaLifetime.HardLifetime);
327 HasPre = TRUE;
328 }
329
330 if (HasPre) {
331 Print (L"]");
332 }
333
334 if (HasPre || Data->ProcessingPolicy->ExtSeqNum ||
335 Data->ProcessingPolicy->SeqOverflow || Data->ProcessingPolicy->FragCheck) {
336 Print (L"\n ");
337 }
338
339 String1 = MapIntegerToString (Data->ProcessingPolicy->Proto, mMapIpSecProtocol);
340 String2 = MapIntegerToString (Data->ProcessingPolicy->AuthAlgoId, mMapAuthAlgo);
341 String3 = MapIntegerToString (Data->ProcessingPolicy->EncAlgoId, mMapEncAlgo);
342 Print (
343 L"%s Auth:%s Encrypt:%s ",
344 String1,
345 String2,
346 String3
347 );
348
349 Print (L"%s ", MapIntegerToString (Data->ProcessingPolicy->Mode, mMapIpSecMode));
350 if (Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {
351 Print (L"[");
352 DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
353 Print (L" -> ");
354 DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
355 Print (L" %s]", MapIntegerToString (Data->ProcessingPolicy->TunnelOption->DF, mMapDfOption));
356 }
357 }
358
359 Print (L"\n");
360
361 return EFI_SUCCESS;
362 }
363
364 /**
365 Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
366
367 @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
368 @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
369 @param[in] EntryIndex The pointer to the Index in the SAD Database.
370
371 @retval EFI_SUCCESS Dump SAD information successfully.
372 **/
373 EFI_STATUS
374 DumpSadEntry (
375 IN EFI_IPSEC_SA_ID *SaId,
376 IN EFI_IPSEC_SA_DATA2 *Data,
377 IN UINTN *EntryIndex
378 )
379 {
380 BOOLEAN HasPre;
381 CHAR16 *AuthAlgoStr;
382 CHAR16 *EncAlgoStr;
383
384 AuthAlgoStr = NULL;
385 EncAlgoStr = NULL;
386
387 //
388 // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
389 // Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34
390 // Auth:xxxx/password Encrypt:yyyy/password
391 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
392 //
393
394 Print (L"%d.", (*EntryIndex)++);
395 Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
396 if (Data->Mode == EfiIPsecTunnel) {
397 Print (L"TunnelSourceAddress:");
398 DumpIpAddress (&Data->TunnelSourceAddress);
399 Print (L"\n");
400 Print (L" TunnelDestination:");
401 DumpIpAddress (&Data->TunnelDestinationAddress);
402 Print (L"\n");
403 }
404
405 Print (
406 L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
407 MapIntegerToString (Data->Mode, mMapIpSecMode),
408 Data->SNCount,
409 (UINTN) Data->AntiReplayWindows
410 );
411
412 HasPre = FALSE;
413 if (Data->SaLifetime.ByteCount != 0) {
414 Print (HasPre ? L"," : L"life:[");
415 Print (L"%lxB", Data->SaLifetime.ByteCount);
416 HasPre = TRUE;
417 }
418
419 if (Data->SaLifetime.SoftLifetime != 0) {
420 Print (HasPre ? L"," : L"life:[");
421 Print (L"%lxs", Data->SaLifetime.SoftLifetime);
422 HasPre = TRUE;
423 }
424
425 if (Data->SaLifetime.HardLifetime != 0) {
426 Print (HasPre ? L"," : L"life:[");
427 Print (L"%lxS", Data->SaLifetime.HardLifetime);
428 HasPre = TRUE;
429 }
430
431 if (HasPre) {
432 Print (L"] ");
433 }
434
435 Print (L"PathMTU:%d\n", (UINTN) Data->PathMTU);
436
437 if (SaId->Proto == EfiIPsecAH) {
438 Print (
439 L" Auth:%s/%s\n",
440 MapIntegerToString (Data->AlgoInfo.AhAlgoInfo.AuthAlgoId, mMapAuthAlgo),
441 Data->AlgoInfo.AhAlgoInfo.AuthKey
442 );
443 } else {
444 AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
445 EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
446
447 if (Data->ManualSet) {
448 //
449 // if the SAD is set manually the key is a Ascii string in most of time.
450 // Print the Key in Ascii string format.
451 //
452 Print (L" Auth:%s/",AuthAlgoStr);
453 DumpAsciiString (
454 Data->AlgoInfo.EspAlgoInfo.AuthKey,
455 Data->AlgoInfo.EspAlgoInfo.AuthKeyLength
456 );
457 Print (L"\n Encrypt:%s/",EncAlgoStr);
458 DumpAsciiString (
459 Data->AlgoInfo.EspAlgoInfo.EncKey,
460 Data->AlgoInfo.EspAlgoInfo.EncKeyLength
461 );
462 } else {
463 //
464 // if the SAD is created by IKE, the key is a set of hex value in buffer.
465 // Print the Key in Hex format.
466 //
467 Print (L" Auth:%s/",AuthAlgoStr);
468 DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.AuthKey), Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
469
470 Print (L"\n Encrypt:%s/",EncAlgoStr);
471 DumpBuf ((UINT8 *)(Data->AlgoInfo.EspAlgoInfo.EncKey), Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
472 }
473 }
474 Print (L"\n");
475 if (Data->SpdSelector != NULL) {
476 Print (L" ");
477 DumpSpdSelector (Data->SpdSelector);
478 Print (L"\n");
479 }
480
481 return EFI_SUCCESS;
482 }
483
484 /**
485 Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.
486
487 @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
488 @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
489 @param[in] EntryIndex The pointer to the Index in the PAD Database.
490
491 @retval EFI_SUCCESS Dump PAD information successfully.
492 **/
493 EFI_STATUS
494 DumpPadEntry (
495 IN EFI_IPSEC_PAD_ID *PadId,
496 IN EFI_IPSEC_PAD_DATA *Data,
497 IN UINTN *EntryIndex
498 )
499 {
500 CHAR16 *String1;
501 CHAR16 *String2;
502
503 //
504 // ADDR:10.23.17.34/15
505 // IDEv1 PreSharedSecret IKE-ID
506 // password
507 //
508
509 Print (L"%d.", (*EntryIndex)++);
510
511 if (PadId->PeerIdValid) {
512 Print (L"ID:%s", PadId->Id.PeerId);
513 } else {
514 Print (L"ADDR:");
515 DumpAddressInfo (&PadId->Id.IpAddress);
516 }
517
518 Print (L"\n");
519
520 String1 = MapIntegerToString (Data->AuthProtocol, mMapAuthProto);
521 String2 = MapIntegerToString (Data->AuthMethod, mMapAuthMethod);
522 Print (
523 L" %s %s",
524 String1,
525 String2
526 );
527
528 if (Data->IkeIdFlag) {
529 Print (L"IKE-ID");
530 }
531
532 Print (L"\n");
533
534 if (Data->AuthData != NULL) {
535 DumpAsciiString (Data->AuthData, Data->AuthDataSize);
536 Print (L"\n");
537 }
538
539 if (Data->RevocationData != NULL) {
540 Print (L" %s\n", Data->RevocationData);
541 }
542
543 return EFI_SUCCESS;
544
545 }
546
547 VISIT_POLICY_ENTRY mDumpPolicyEntry[] = {
548 (VISIT_POLICY_ENTRY) DumpSpdEntry,
549 (VISIT_POLICY_ENTRY) DumpSadEntry,
550 (VISIT_POLICY_ENTRY) DumpPadEntry
551 };
552
553 /**
554 Print all entry information in the database according to datatype.
555
556 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
557 @param[in] ParamPackage The pointer to the ParamPackage list.
558
559 @retval EFI_SUCCESS Dump all information successfully.
560 @retval Others Some mistaken case.
561 **/
562 EFI_STATUS
563 ListPolicyEntry (
564 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
565 IN LIST_ENTRY *ParamPackage
566 )
567 {
568 UINTN EntryIndex;
569
570 EntryIndex = 0;
571 return ForeachPolicyEntry (DataType, mDumpPolicyEntry[DataType], &EntryIndex);
572 }
573
EFI Development Kit II mirror for PVE