]> git.proxmox.com Git - mirror_edk2.git/blob - NetworkPkg/Application/IpsecConfig/Dump.c
projects / mirror_edk2.git / blob
? search:


f467f94afb68145e304365202f1df15f962dc3fc
[mirror_edk2.git] / NetworkPkg / Application / IpsecConfig / Dump.c
1 /** @file
2 The implementation of dump policy entry function in IpSecConfig application.
3
4 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
5
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include "IpSecConfig.h"
17 #include "Dump.h"
18 #include "ForEach.h"
19 #include "Helper.h"
20
21 /**
22 Private function called to get the version infomation from an EFI_IP_ADDRESS_INFO structure.
23
24 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
25
26 @return the value of version.
27 **/
28 UINTN
29 GetVerFromAddrInfo (
30 IN EFI_IP_ADDRESS_INFO *AddressInfo
31 )
32 {
33 if((AddressInfo->PrefixLength <= 32) && (AddressInfo->Address.Addr[1] == 0) &&
34 (AddressInfo->Address.Addr[2] == 0) && (AddressInfo->Address.Addr[3] == 0)) {
35 return IP_VERSION_4;
36 } else {
37 return IP_VERSION_6;
38 }
39 }
40
41 /**
42 Private function called to get the version information from a EFI_IP_ADDRESS structure.
43
44 @param[in] Address The pointer to the EFI_IP_ADDRESS structure.
45
46 @return The value of the version.
47 **/
48 UINTN
49 GetVerFromIpAddr (
50 IN EFI_IP_ADDRESS *Address
51 )
52 {
53 if ((Address->Addr[1] == 0) && (Address->Addr[2] == 0) && (Address->Addr[3] == 0)) {
54 return IP_VERSION_4;
55 } else {
56 return IP_VERSION_6;
57 }
58 }
59
60 /**
61 Private function called to print an ASCII string in unicode char format.
62
63 @param[in] Str The pointer to the ASCII string.
64 @param[in] Length The value of the ASCII string length.
65 **/
66 VOID
67 DumpAsciiString (
68 IN CHAR8 *Str,
69 IN UINTN Length
70 )
71 {
72 UINTN Index;
73 for (Index = 0; Index < Length; Index++) {
74 Print (L"%c", (CHAR16) Str[Index]);
75 }
76 }
77
78 /**
79 Private function called to print EFI_IP_ADDRESS_INFO content.
80
81 @param[in] AddressInfo The pointer to the EFI_IP_ADDRESS_INFO structure.
82 **/
83 VOID
84 DumpAddressInfo (
85 IN EFI_IP_ADDRESS_INFO *AddressInfo
86 )
87 {
88 if (IP_VERSION_4 == GetVerFromAddrInfo (AddressInfo)) {
89 Print (
90 L"%d.%d.%d.%d",
91 (UINTN) AddressInfo->Address.v4.Addr[0],
92 (UINTN) AddressInfo->Address.v4.Addr[1],
93 (UINTN) AddressInfo->Address.v4.Addr[2],
94 (UINTN) AddressInfo->Address.v4.Addr[3]
95 );
96 if (AddressInfo->PrefixLength != 32) {
97 Print (L"/%d", (UINTN) AddressInfo->PrefixLength);
98 }
99 }
100
101 if (IP_VERSION_6 == GetVerFromAddrInfo (AddressInfo)) {
102 Print (
103 L"%x:%x:%x:%x:%x:%x:%x:%x",
104 (((UINT16) AddressInfo->Address.v6.Addr[0]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[1]),
105 (((UINT16) AddressInfo->Address.v6.Addr[2]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[3]),
106 (((UINT16) AddressInfo->Address.v6.Addr[4]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[5]),
107 (((UINT16) AddressInfo->Address.v6.Addr[6]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[7]),
108 (((UINT16) AddressInfo->Address.v6.Addr[8]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[9]),
109 (((UINT16) AddressInfo->Address.v6.Addr[10]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[11]),
110 (((UINT16) AddressInfo->Address.v6.Addr[12]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[13]),
111 (((UINT16) AddressInfo->Address.v6.Addr[14]) << 8) | ((UINT16) AddressInfo->Address.v6.Addr[15])
112 );
113 if (AddressInfo->PrefixLength != 128) {
114 Print (L"/%d", AddressInfo->PrefixLength);
115 }
116 }
117 }
118
119 /**
120 Private function called to print EFI_IP_ADDRESS content.
121
122 @param[in] IpAddress The pointer to the EFI_IP_ADDRESS structure.
123 **/
124 VOID
125 DumpIpAddress (
126 IN EFI_IP_ADDRESS *IpAddress
127 )
128 {
129 if (IP_VERSION_4 == GetVerFromIpAddr (IpAddress)) {
130 Print (
131 L"%d.%d.%d.%d",
132 (UINTN) IpAddress->v4.Addr[0],
133 (UINTN) IpAddress->v4.Addr[1],
134 (UINTN) IpAddress->v4.Addr[2],
135 (UINTN) IpAddress->v4.Addr[3]
136 );
137 }
138
139 if (IP_VERSION_6 == GetVerFromIpAddr (IpAddress)) {
140 Print (
141 L"%x:%x:%x:%x:%x:%x:%x:%x",
142 (((UINT16) IpAddress->v6.Addr[0]) << 8) | ((UINT16) IpAddress->v6.Addr[1]),
143 (((UINT16) IpAddress->v6.Addr[2]) << 8) | ((UINT16) IpAddress->v6.Addr[3]),
144 (((UINT16) IpAddress->v6.Addr[4]) << 8) | ((UINT16) IpAddress->v6.Addr[5]),
145 (((UINT16) IpAddress->v6.Addr[6]) << 8) | ((UINT16) IpAddress->v6.Addr[7]),
146 (((UINT16) IpAddress->v6.Addr[8]) << 8) | ((UINT16) IpAddress->v6.Addr[9]),
147 (((UINT16) IpAddress->v6.Addr[10]) << 8) | ((UINT16) IpAddress->v6.Addr[11]),
148 (((UINT16) IpAddress->v6.Addr[12]) << 8) | ((UINT16) IpAddress->v6.Addr[13]),
149 (((UINT16) IpAddress->v6.Addr[14]) << 8) | ((UINT16) IpAddress->v6.Addr[15])
150 );
151 }
152
153 }
154
155 /**
156 Private function called to print EFI_IPSEC_SPD_SELECTOR content.
157
158 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
159 **/
160 VOID
161 DumpSpdSelector (
162 IN EFI_IPSEC_SPD_SELECTOR *Selector
163 )
164 {
165 UINT32 Index;
166 CHAR16 *Str;
167
168 for (Index = 0; Index < Selector->LocalAddressCount; Index++) {
169 if (Index > 0) {
170 Print (L",");
171 }
172
173 DumpAddressInfo (&Selector->LocalAddress[Index]);
174 }
175
176 if (Index == 0) {
177 Print (L"localhost");
178 }
179
180 Print (L" -> ");
181
182 for (Index = 0; Index < Selector->RemoteAddressCount; Index++) {
183 if (Index > 0) {
184 Print (L",");
185 }
186
187 DumpAddressInfo (&Selector->RemoteAddress[Index]);
188 }
189
190 Str = MapIntegerToString (Selector->NextLayerProtocol, mMapIpProtocol);
191 if (Str != NULL) {
192 Print (L" %s", Str);
193 } else {
194 Print (L" proto:%d", (UINTN) Selector->NextLayerProtocol);
195 }
196
197 if ((Selector->NextLayerProtocol == EFI_IP4_PROTO_TCP) || (Selector->NextLayerProtocol == EFI_IP4_PROTO_UDP)) {
198 Print (L" port:");
199 if (Selector->LocalPort != EFI_IPSEC_ANY_PORT) {
200 Print (L"%d", Selector->LocalPort);
201 if (Selector->LocalPortRange != 0) {
202 Print (L"~%d", (UINTN) Selector->LocalPort + Selector->LocalPortRange);
203 }
204 } else {
205 Print (L"any");
206 }
207
208 Print (L" -> ");
209 if (Selector->RemotePort != EFI_IPSEC_ANY_PORT) {
210 Print (L"%d", Selector->RemotePort);
211 if (Selector->RemotePortRange != 0) {
212 Print (L"~%d", (UINTN) Selector->RemotePort + Selector->RemotePortRange);
213 }
214 } else {
215 Print (L"any");
216 }
217 } else if (Selector->NextLayerProtocol == EFI_IP4_PROTO_ICMP) {
218 Print (L" class/code:");
219 if (Selector->LocalPort != 0) {
220 Print (L"%d", (UINTN) (UINT8) Selector->LocalPort);
221 } else {
222 Print (L"any");
223 }
224
225 Print (L"/");
226 if (Selector->RemotePort != 0) {
227 Print (L"%d", (UINTN) (UINT8) Selector->RemotePort);
228 } else {
229 Print (L"any");
230 }
231 }
232 }
233
234 /**
235 Print EFI_IPSEC_SPD_SELECTOR and EFI_IPSEC_SPD_DATA content.
236
237 @param[in] Selector The pointer to the EFI_IPSEC_SPD_SELECTOR structure.
238 @param[in] Data The pointer to the EFI_IPSEC_SPD_DATA structure.
239 @param[in] EntryIndex The pointer to the Index in SPD Database.
240
241 @retval EFI_SUCCESS Dump SPD information successfully.
242 **/
243 EFI_STATUS
244 DumpSpdEntry (
245 IN EFI_IPSEC_SPD_SELECTOR *Selector,
246 IN EFI_IPSEC_SPD_DATA *Data,
247 IN UINTN *EntryIndex
248 )
249 {
250 BOOLEAN HasPre;
251 CHAR16 DataName[128];
252 CHAR16 *String1;
253 CHAR16 *String2;
254 CHAR16 *String3;
255 UINT8 Index;
256
257 Print (L"%d.", (*EntryIndex)++);
258
259 //
260 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
261 // Protect PF:0x34323423 Name:First Entry
262 // ext-sequence sequence-overflow fragcheck life:[B0,S1024,H3600]
263 // ESP algo1 algo2 Tunnel [xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx set]
264 //
265
266 DumpSpdSelector (Selector);
267 Print (L"\n ");
268
269 Print (L"%s ", MapIntegerToString (Data->Action, mMapIpSecAction));
270 Print (L"PF:%08x ", Data->PackageFlag);
271
272 Index = 0;
273 while (Data->Name[Index] != 0) {
274 DataName[Index] = (CHAR16) Data->Name[Index];
275 Index++;
276 ASSERT (Index < 128);
277 }
278 DataName[Index] = L'\0';
279
280 Print (L"Name:%s", DataName);
281
282 if (Data->Action == EfiIPsecActionProtect) {
283 Print (L"\n ");
284 if (Data->ProcessingPolicy->ExtSeqNum) {
285 Print (L"ext-sequence ");
286 }
287
288 if (Data->ProcessingPolicy->SeqOverflow) {
289 Print (L"sequence-overflow ");
290 }
291
292 if (Data->ProcessingPolicy->FragCheck) {
293 Print (L"fragment-check ");
294 }
295
296 HasPre = FALSE;
297 if (Data->ProcessingPolicy->SaLifetime.ByteCount != 0) {
298 Print (HasPre ? L"," : L"life:[");
299 Print (L"%lxB", Data->ProcessingPolicy->SaLifetime.ByteCount);
300 HasPre = TRUE;
301 }
302
303 if (Data->ProcessingPolicy->SaLifetime.SoftLifetime != 0) {
304 Print (HasPre ? L"," : L"life:[");
305 Print (L"%lxs", Data->ProcessingPolicy->SaLifetime.SoftLifetime);
306 HasPre = TRUE;
307 }
308
309 if (Data->ProcessingPolicy->SaLifetime.HardLifetime != 0) {
310 Print (HasPre ? L"," : L"life:[");
311 Print (L"%lxS", Data->ProcessingPolicy->SaLifetime.HardLifetime);
312 HasPre = TRUE;
313 }
314
315 if (HasPre) {
316 Print (L"]");
317 }
318
319 if (HasPre || Data->ProcessingPolicy->ExtSeqNum ||
320 Data->ProcessingPolicy->SeqOverflow || Data->ProcessingPolicy->FragCheck) {
321 Print (L"\n ");
322 }
323
324 String1 = MapIntegerToString (Data->ProcessingPolicy->Proto, mMapIpSecProtocol);
325 String2 = MapIntegerToString (Data->ProcessingPolicy->AuthAlgoId, mMapAuthAlgo);
326 String3 = MapIntegerToString (Data->ProcessingPolicy->EncAlgoId, mMapEncAlgo);
327 Print (
328 L"%s Auth:%s Encrypt:%s ",
329 String1,
330 String2,
331 String3
332 );
333
334 Print (L"%s ", MapIntegerToString (Data->ProcessingPolicy->Mode, mMapIpSecMode));
335 if (Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {
336 Print (L"[");
337 DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->LocalTunnelAddress);
338 Print (L" -> ");
339 DumpIpAddress (&Data->ProcessingPolicy->TunnelOption->RemoteTunnelAddress);
340 Print (L" %s]", MapIntegerToString (Data->ProcessingPolicy->TunnelOption->DF, mMapDfOption));
341 }
342 }
343
344 Print (L"\n");
345
346 return EFI_SUCCESS;
347 }
348
349 /**
350 Print EFI_IPSEC_SA_ID and EFI_IPSEC_SA_DATA2 content.
351
352 @param[in] SaId The pointer to the EFI_IPSEC_SA_ID structure.
353 @param[in] Data The pointer to the EFI_IPSEC_SA_DATA2 structure.
354 @param[in] EntryIndex The pointer to the Index in the SAD Database.
355
356 @retval EFI_SUCCESS Dump SAD information successfully.
357 **/
358 EFI_STATUS
359 DumpSadEntry (
360 IN EFI_IPSEC_SA_ID *SaId,
361 IN EFI_IPSEC_SA_DATA2 *Data,
362 IN UINTN *EntryIndex
363 )
364 {
365 BOOLEAN HasPre;
366 CHAR16 *AuthAlgoStr;
367 CHAR16 *EncAlgoStr;
368 CHAR8 *AuthKeyAsciiStr;
369 CHAR8 *EncKeyAsciiStr;
370
371 AuthAlgoStr = NULL;
372 EncAlgoStr = NULL;
373 AuthKeyAsciiStr = NULL;
374 EncKeyAsciiStr = NULL;
375
376 //
377 // SPI:1234 ESP Destination:xxx.xxx.xxx.xxx
378 // Mode:Transport SeqNum:134 AntiReplayWin:64 life:[0B,1023s,3400S] PathMTU:34
379 // Auth:xxxx/password Encrypt:yyyy/password
380 // xxx.xxx.xxx.xxx/yy -> xxx.xxx.xxx.xx/yy proto:23 port:100~300 -> 300~400
381 //
382
383 Print (L"%d.", (*EntryIndex)++);
384 Print (L"0x%x %s ", (UINTN) SaId->Spi, MapIntegerToString (SaId->Proto, mMapIpSecProtocol));
385 if (Data->Mode == EfiIPsecTunnel) {
386 Print (L"TunnelSourceAddress:");
387 DumpIpAddress (&Data->TunnelSourceAddress);
388 Print (L"\n");
389 Print (L"TunnelDestination:");
390 DumpIpAddress (&Data->TunnelDestinationAddress);
391 Print (L"\n");
392 }
393
394 Print (
395 L" Mode:%s SeqNum:%lx AntiReplayWin:%d ",
396 MapIntegerToString (Data->Mode, mMapIpSecMode),
397 Data->SNCount,
398 (UINTN) Data->AntiReplayWindows
399 );
400
401 HasPre = FALSE;
402 if (Data->SaLifetime.ByteCount != 0) {
403 Print (HasPre ? L"," : L"life:[");
404 Print (L"%lxB", Data->SaLifetime.ByteCount);
405 HasPre = TRUE;
406 }
407
408 if (Data->SaLifetime.SoftLifetime != 0) {
409 Print (HasPre ? L"," : L"life:[");
410 Print (L"%lxs", Data->SaLifetime.SoftLifetime);
411 HasPre = TRUE;
412 }
413
414 if (Data->SaLifetime.HardLifetime != 0) {
415 Print (HasPre ? L"," : L"life:[");
416 Print (L"%lxS", Data->SaLifetime.HardLifetime);
417 HasPre = TRUE;
418 }
419
420 if (HasPre) {
421 Print (L"] ");
422 }
423
424 Print (L"PathMTU:%d\n", (UINTN) Data->PathMTU);
425
426 if (SaId->Proto == EfiIPsecAH) {
427 Print (
428 L" Auth:%s/%s\n",
429 MapIntegerToString (Data->AlgoInfo.AhAlgoInfo.AuthAlgoId, mMapAuthAlgo),
430 Data->AlgoInfo.AhAlgoInfo.AuthKey
431 );
432 } else {
433 AuthAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.AuthAlgoId, mMapAuthAlgo);
434 EncAlgoStr = MapIntegerToString (Data->AlgoInfo.EspAlgoInfo.EncAlgoId, mMapEncAlgo);
435
436 AuthKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.AuthKeyLength + 1);
437 ASSERT (AuthKeyAsciiStr != NULL);
438 CopyMem (AuthKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.AuthKey, Data->AlgoInfo.EspAlgoInfo.AuthKeyLength);
439 AuthKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.AuthKeyLength] = '\0';
440
441 EncKeyAsciiStr = AllocateZeroPool (Data->AlgoInfo.EspAlgoInfo.EncKeyLength + 1);
442 ASSERT (EncKeyAsciiStr != NULL) ;
443 CopyMem (EncKeyAsciiStr, Data->AlgoInfo.EspAlgoInfo.EncKey, Data->AlgoInfo.EspAlgoInfo.EncKeyLength);
444 EncKeyAsciiStr[Data->AlgoInfo.EspAlgoInfo.EncKeyLength] = '\0';
445
446 Print (
447 L" Auth:%s/%a Encrypt:%s/%a\n",
448 AuthAlgoStr,
449 AuthKeyAsciiStr,
450 EncAlgoStr,
451 EncKeyAsciiStr
452 );
453
454 FreePool (AuthKeyAsciiStr);
455 FreePool (EncKeyAsciiStr);
456 }
457
458 if (Data->SpdSelector != NULL) {
459 Print (L" ");
460 DumpSpdSelector (Data->SpdSelector);
461 Print (L"\n");
462 }
463
464 return EFI_SUCCESS;
465 }
466
467 /**
468 Print EFI_IPSEC_PAD_ID and EFI_IPSEC_PAD_DATA content.
469
470 @param[in] PadId The pointer to the EFI_IPSEC_PAD_ID structure.
471 @param[in] Data The pointer to the EFI_IPSEC_PAD_DATA structure.
472 @param[in] EntryIndex The pointer to the Index in the PAD Database.
473
474 @retval EFI_SUCCESS Dump PAD information successfully.
475 **/
476 EFI_STATUS
477 DumpPadEntry (
478 IN EFI_IPSEC_PAD_ID *PadId,
479 IN EFI_IPSEC_PAD_DATA *Data,
480 IN UINTN *EntryIndex
481 )
482 {
483 CHAR16 *String1;
484 CHAR16 *String2;
485
486 //
487 // ADDR:10.23.17.34/15
488 // IDEv1 PreSharedSecret IKE-ID
489 // password
490 //
491
492 Print (L"%d.", (*EntryIndex)++);
493
494 if (PadId->PeerIdValid) {
495 Print (L"ID:%s", PadId->Id.PeerId);
496 } else {
497 Print (L"ADDR:");
498 DumpAddressInfo (&PadId->Id.IpAddress);
499 }
500
501 Print (L"\n");
502
503 String1 = MapIntegerToString (Data->AuthProtocol, mMapAuthProto);
504 String2 = MapIntegerToString (Data->AuthMethod, mMapAuthMethod);
505 Print (
506 L" %s %s",
507 String1,
508 String2
509 );
510
511 if (Data->IkeIdFlag) {
512 Print (L"IKE-ID");
513 }
514
515 Print (L"\n");
516
517 if (Data->AuthData != NULL) {
518 DumpAsciiString (Data->AuthData, Data->AuthDataSize);
519 Print (L"\n");
520 }
521
522 if (Data->RevocationData != NULL) {
523 Print (L" %s\n", Data->RevocationData);
524 }
525
526 return EFI_SUCCESS;
527
528 }
529
530 VISIT_POLICY_ENTRY mDumpPolicyEntry[] = {
531 (VISIT_POLICY_ENTRY) DumpSpdEntry,
532 (VISIT_POLICY_ENTRY) DumpSadEntry,
533 (VISIT_POLICY_ENTRY) DumpPadEntry
534 };
535
536 /**
537 Print all entry information in the database according to datatype.
538
539 @param[in] DataType The value of EFI_IPSEC_CONFIG_DATA_TYPE.
540 @param[in] ParamPackage The pointer to the ParamPackage list.
541
542 @retval EFI_SUCCESS Dump all information successfully.
543 @retval Others Some mistaken case.
544 **/
545 EFI_STATUS
546 ListPolicyEntry (
547 IN EFI_IPSEC_CONFIG_DATA_TYPE DataType,
548 IN LIST_ENTRY *ParamPackage
549 )
550 {
551 UINTN EntryIndex;
552
553 EntryIndex = 0;
554 return ForeachPolicyEntry (DataType, mDumpPolicyEntry[DataType], &EntryIndex);
555 }
556
EFI Development Kit II mirror for PVE