diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-04-04 22:18:48 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-04-04 22:18:48 +0000 |
| commit | 7bc1c4c87aa82ab5c718ae2d2489d6779d3865c3 (patch) | |
| tree | c11d06b16245055b77c8d93811dd1219cc8c496f | |
| parent | 4316ef933ace8063b3d57f710726e2c93a585d48 (diff) | |
Add sysctl for dumping the SPD
ok deraadt, ok markus some time ago
| -rw-r--r-- | sys/net/pfkeyv2.c | 46 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.h | 3 | ||||
| -rw-r--r-- | sys/sys/socket.h | 6 |
3 files changed, 48 insertions, 7 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index d705d1af22b..1a67f9e25f2 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.100 2005/01/13 10:08:14 hshoexer Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.101 2005/04/04 22:18:47 hshoexer Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -2210,6 +2210,32 @@ done: } int +pfkeyv2_sysctl_dump(void *arg) +{ + struct pfkeyv2_sysctl_walk *w = (struct pfkeyv2_sysctl_walk *)arg; + struct ipsec_policy *ipo; + int error = 0; + + TAILQ_FOREACH(ipo, &ipsec_policy_head, ipo_list) { + if (w->w_where) { + if (w->w_len < sizeof(struct ipsec_policy)) { + error = ENOMEM; + goto done; + } + if ((error = copyout(ipo, w->w_where, + sizeof(struct ipsec_policy))) != 0) + goto done; + w->w_where += sizeof(struct ipsec_policy); + w->w_len -= sizeof(struct ipsec_policy); + } else + w->w_len += sizeof(struct ipsec_policy); + } + +done: + return (error); +} + +int pfkeyv2_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *new, size_t newlen) { @@ -2225,18 +2251,30 @@ pfkeyv2_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, w.w_where = oldp; w.w_len = oldp ? *oldlenp : 0; + s = spltdb(); switch(w.w_op) { case NET_KEY_SADB_DUMP: - if ((error = suser(curproc, 0)) != 0) + if ((error = suser(curproc, 0)) != 0) { + splx(s); return (error); - s = spltdb(); + } error = tdb_walk(pfkeyv2_sysctl_walker, &w); - splx(s); if (oldp) *oldlenp = w.w_where - oldp; else *oldlenp = w.w_len; + break; + + case NET_KEY_SPD_DUMP: + error = pfkeyv2_sysctl_dump(&w); + if (oldp) + *oldlenp = w.w_where - oldp; + else + *oldlenp = w.w_len; + break; } + splx(s); + return (error); } diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index f7d3c7fd99a..1ad5702a79a 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.h,v 1.52 2004/11/26 18:02:22 markus Exp $ */ +/* $OpenBSD: pfkeyv2.h,v 1.53 2005/04/04 22:18:47 hshoexer Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) January 1998 * @@ -426,6 +426,7 @@ int pfkeyv2_flush_walker(struct tdb *, void *, int); int pfkeyv2_get_proto_alg(u_int8_t, u_int8_t *, int *); int pfkeyv2_sysctl(int *, u_int, void *, size_t *, void *, size_t); int pfkeyv2_sysctl_walker(struct tdb *, void *, int); +int pfkeyv2_sysctl_dump(void *); int pfdatatopacket(void *, int, struct mbuf **); diff --git a/sys/sys/socket.h b/sys/sys/socket.h index e087c086785..a429a775b41 100644 --- a/sys/sys/socket.h +++ b/sys/sys/socket.h @@ -1,4 +1,4 @@ -/* $OpenBSD: socket.h,v 1.50 2005/03/22 12:22:00 henning Exp $ */ +/* $OpenBSD: socket.h,v 1.51 2005/04/04 22:18:47 hshoexer Exp $ */ /* $NetBSD: socket.h,v 1.14 1996/02/09 18:25:36 christos Exp $ */ /* @@ -309,11 +309,13 @@ struct sockcred { * PF_KEY - Key Management */ #define NET_KEY_SADB_DUMP 1 /* return SADB */ -#define NET_KEY_MAXID 2 +#define NET_KEY_SPD_DUMP 2 /* return SPD */ +#define NET_KEY_MAXID 3 #define CTL_NET_KEY_NAMES { \ { 0, 0 }, \ { "sadb_dump", CTLTYPE_STRUCT }, \ + { "spd_dump", CTLTYPE_STRUCT }, \ } /* |