]>
git.proxmox.com Git - mirror_iproute2.git/blob - ip/xfrm_monitor.c
4 * Copyright (C)2005 USAGI/WIDE Project
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses>.
20 * based on ipmonitor.c
24 * Masahide NAKAMURA @USAGI
30 #include <netinet/in.h>
34 #include "ip_common.h"
36 static void usage(void) __attribute__((noreturn
));
37 static int listen_all_nsid
;
40 static void usage(void)
43 "Usage: ip xfrm monitor [ nokeys ] [ all-nsid ] [ all | OBJECTS | help ]\n"
44 "OBJECTS := { acquire | expire | SA | aevent | policy | report }\n");
48 static int xfrm_acquire_print(struct nlmsghdr
*n
, void *arg
)
50 FILE *fp
= (FILE *)arg
;
51 struct xfrm_user_acquire
*xacq
= NLMSG_DATA(n
);
52 int len
= n
->nlmsg_len
;
53 struct rtattr
*tb
[XFRMA_MAX
+1];
56 len
-= NLMSG_LENGTH(sizeof(*xacq
));
58 fprintf(stderr
, "BUG: wrong nlmsg len %d\n", len
);
62 parse_rtattr(tb
, XFRMA_MAX
, XFRMACQ_RTA(xacq
), len
);
64 family
= xacq
->sel
.family
;
65 if (family
== AF_UNSPEC
)
66 family
= xacq
->policy
.sel
.family
;
67 if (family
== AF_UNSPEC
)
68 family
= preferred_family
;
70 fprintf(fp
, "acquire ");
72 fprintf(fp
, "proto %s ", strxf_xfrmproto(xacq
->id
.proto
));
73 if (show_stats
> 0 || xacq
->id
.spi
) {
74 __u32 spi
= ntohl(xacq
->id
.spi
);
76 fprintf(fp
, "spi 0x%08x", spi
);
78 fprintf(fp
, "(%u)", spi
);
81 fprintf(fp
, "%s", _SL_
);
83 xfrm_selector_print(&xacq
->sel
, family
, fp
, " sel ");
85 xfrm_policy_info_print(&xacq
->policy
, tb
, fp
, " ", " policy ");
88 fprintf(fp
, " seq 0x%08u ", xacq
->seq
);
90 fprintf(fp
, "%s-mask %s ",
91 strxf_algotype(XFRMA_ALG_CRYPT
),
92 strxf_mask32(xacq
->ealgos
));
93 fprintf(fp
, "%s-mask %s ",
94 strxf_algotype(XFRMA_ALG_AUTH
),
95 strxf_mask32(xacq
->aalgos
));
96 fprintf(fp
, "%s-mask %s",
97 strxf_algotype(XFRMA_ALG_COMP
),
98 strxf_mask32(xacq
->calgos
));
100 fprintf(fp
, "%s", _SL_
);
109 static int xfrm_state_flush_print(struct nlmsghdr
*n
, void *arg
)
111 FILE *fp
= (FILE *)arg
;
112 struct xfrm_usersa_flush
*xsf
= NLMSG_DATA(n
);
113 int len
= n
->nlmsg_len
;
116 len
-= NLMSG_SPACE(sizeof(*xsf
));
118 fprintf(stderr
, "BUG: wrong nlmsg len %d\n", len
);
122 fprintf(fp
, "Flushed state ");
124 str
= strxf_xfrmproto(xsf
->proto
);
126 fprintf(fp
, "proto %s", str
);
128 fprintf(fp
, "proto %u", xsf
->proto
);
129 fprintf(fp
, "%s", _SL_
);
138 static int xfrm_policy_flush_print(struct nlmsghdr
*n
, void *arg
)
140 struct rtattr
*tb
[XFRMA_MAX
+1];
141 FILE *fp
= (FILE *)arg
;
142 int len
= n
->nlmsg_len
;
144 len
-= NLMSG_SPACE(0);
146 fprintf(stderr
, "BUG: wrong nlmsg len %d\n", len
);
150 fprintf(fp
, "Flushed policy ");
152 parse_rtattr(tb
, XFRMA_MAX
, NLMSG_DATA(n
), len
);
154 if (tb
[XFRMA_POLICY_TYPE
]) {
155 struct xfrm_userpolicy_type
*upt
;
157 fprintf(fp
, "ptype ");
159 if (RTA_PAYLOAD(tb
[XFRMA_POLICY_TYPE
]) < sizeof(*upt
))
160 fprintf(fp
, "(ERROR truncated)");
162 upt
= RTA_DATA(tb
[XFRMA_POLICY_TYPE
]);
163 fprintf(fp
, "%s ", strxf_ptype(upt
->type
));
166 fprintf(fp
, "%s", _SL_
);
175 static int xfrm_report_print(struct nlmsghdr
*n
, void *arg
)
177 FILE *fp
= (FILE *)arg
;
178 struct xfrm_user_report
*xrep
= NLMSG_DATA(n
);
179 int len
= n
->nlmsg_len
;
180 struct rtattr
*tb
[XFRMA_MAX
+1];
183 len
-= NLMSG_LENGTH(sizeof(*xrep
));
185 fprintf(stderr
, "BUG: wrong nlmsg len %d\n", len
);
189 family
= xrep
->sel
.family
;
190 if (family
== AF_UNSPEC
)
191 family
= preferred_family
;
193 fprintf(fp
, "report ");
195 fprintf(fp
, "proto %s ", strxf_xfrmproto(xrep
->proto
));
196 fprintf(fp
, "%s", _SL_
);
198 xfrm_selector_print(&xrep
->sel
, family
, fp
, " sel ");
200 parse_rtattr(tb
, XFRMA_MAX
, XFRMREP_RTA(xrep
), len
);
202 xfrm_xfrma_print(tb
, family
, fp
, " ", nokeys
);
210 static void xfrm_ae_flags_print(__u32 flags
, void *arg
)
212 FILE *fp
= (FILE *)arg
;
214 fprintf(fp
, " (0x%x) ", flags
);
217 if (flags
& XFRM_AE_CR
)
218 fprintf(fp
, " replay update ");
219 if (flags
& XFRM_AE_CE
)
220 fprintf(fp
, " timer expired ");
221 if (flags
& XFRM_AE_CU
)
222 fprintf(fp
, " policy updated ");
226 static void xfrm_usersa_print(const struct xfrm_usersa_id
*sa_id
, __u32 reqid
, FILE *fp
)
228 fprintf(fp
, "dst %s ",
229 rt_addr_n2a(sa_id
->family
, sizeof(sa_id
->daddr
), &sa_id
->daddr
));
231 fprintf(fp
, " reqid 0x%x", reqid
);
233 fprintf(fp
, " protocol %s ", strxf_proto(sa_id
->proto
));
234 fprintf(fp
, " SPI 0x%x", ntohl(sa_id
->spi
));
237 static int xfrm_ae_print(struct nlmsghdr
*n
, void *arg
)
239 FILE *fp
= (FILE *)arg
;
240 struct xfrm_aevent_id
*id
= NLMSG_DATA(n
);
242 fprintf(fp
, "Async event ");
243 xfrm_ae_flags_print(id
->flags
, arg
);
245 fprintf(fp
, "src %s ", rt_addr_n2a(id
->sa_id
.family
,
246 sizeof(id
->saddr
), &id
->saddr
));
248 xfrm_usersa_print(&id
->sa_id
, id
->reqid
, fp
);
256 static void xfrm_print_addr(FILE *fp
, int family
, xfrm_address_t
*a
)
258 fprintf(fp
, "%s", rt_addr_n2a(family
, sizeof(*a
), a
));
261 static int xfrm_mapping_print(struct nlmsghdr
*n
, void *arg
)
263 FILE *fp
= (FILE *)arg
;
264 struct xfrm_user_mapping
*map
= NLMSG_DATA(n
);
266 fprintf(fp
, "Mapping change ");
267 xfrm_print_addr(fp
, map
->id
.family
, &map
->old_saddr
);
269 fprintf(fp
, ":%d -> ", ntohs(map
->old_sport
));
270 xfrm_print_addr(fp
, map
->id
.family
, &map
->new_saddr
);
271 fprintf(fp
, ":%d\n\t", ntohs(map
->new_sport
));
273 xfrm_usersa_print(&map
->id
, map
->reqid
, fp
);
280 static int xfrm_accept_msg(struct rtnl_ctrl_data
*ctrl
,
281 struct nlmsghdr
*n
, void *arg
)
283 FILE *fp
= (FILE *)arg
;
288 if (listen_all_nsid
) {
289 if (ctrl
== NULL
|| ctrl
->nsid
< 0)
290 fprintf(fp
, "[nsid current]");
292 fprintf(fp
, "[nsid %d]", ctrl
->nsid
);
295 switch (n
->nlmsg_type
) {
299 case XFRM_MSG_EXPIRE
:
300 xfrm_state_print(n
, arg
);
302 case XFRM_MSG_NEWPOLICY
:
303 case XFRM_MSG_DELPOLICY
:
304 case XFRM_MSG_UPDPOLICY
:
305 case XFRM_MSG_POLEXPIRE
:
306 xfrm_policy_print(n
, arg
);
308 case XFRM_MSG_ACQUIRE
:
309 xfrm_acquire_print(n
, arg
);
311 case XFRM_MSG_FLUSHSA
:
312 xfrm_state_flush_print(n
, arg
);
314 case XFRM_MSG_FLUSHPOLICY
:
315 xfrm_policy_flush_print(n
, arg
);
317 case XFRM_MSG_REPORT
:
318 xfrm_report_print(n
, arg
);
321 xfrm_ae_print(n
, arg
);
323 case XFRM_MSG_MAPPING
:
324 xfrm_mapping_print(n
, arg
);
330 if (n
->nlmsg_type
!= NLMSG_ERROR
&& n
->nlmsg_type
!= NLMSG_NOOP
&&
331 n
->nlmsg_type
!= NLMSG_DONE
) {
332 fprintf(fp
, "Unknown message: %08d 0x%08x 0x%08x\n",
333 n
->nlmsg_len
, n
->nlmsg_type
, n
->nlmsg_flags
);
338 extern struct rtnl_handle rth
;
340 int do_xfrm_monitor(int argc
, char **argv
)
343 unsigned int groups
= ~((unsigned)0); /* XXX */
354 if (matches(*argv
, "file") == 0) {
357 } else if (strcmp(*argv
, "nokeys") == 0) {
359 } else if (strcmp(*argv
, "all") == 0) {
361 } else if (matches(*argv
, "all-nsid") == 0) {
363 } else if (matches(*argv
, "acquire") == 0) {
366 } else if (matches(*argv
, "expire") == 0) {
369 } else if (matches(*argv
, "SA") == 0) {
372 } else if (matches(*argv
, "aevent") == 0) {
375 } else if (matches(*argv
, "policy") == 0) {
378 } else if (matches(*argv
, "report") == 0) {
381 } else if (matches(*argv
, "help") == 0) {
384 fprintf(stderr
, "Argument \"%s\" is unknown, try \"ip xfrm monitor help\".\n", *argv
);
391 groups
|= nl_mgrp(XFRMNLGRP_ACQUIRE
);
393 groups
|= nl_mgrp(XFRMNLGRP_EXPIRE
);
395 groups
|= nl_mgrp(XFRMNLGRP_SA
);
397 groups
|= nl_mgrp(XFRMNLGRP_POLICY
);
399 groups
|= nl_mgrp(XFRMNLGRP_AEVENTS
);
401 groups
|= nl_mgrp(XFRMNLGRP_REPORT
);
407 fp
= fopen(file
, "r");
409 perror("Cannot fopen");
412 err
= rtnl_from_file(fp
, xfrm_accept_msg
, stdout
);
417 if (rtnl_open_byproto(&rth
, groups
, NETLINK_XFRM
) < 0)
419 if (listen_all_nsid
&& rtnl_listen_all_nsid(&rth
) < 0)
422 if (rtnl_listen(&rth
, xfrm_accept_msg
, (void *)stdout
) < 0)