diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2004-11-26 18:02:23 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-11-26 18:02:23 +0000 |
commit | 8f40035a88fee575709a5aa28fed7b098e3854ad (patch) | |
tree | 816dfaca9c54081f903259c49e6e334e226fb001 /sbin/ipsecadm/pfkdump.c | |
parent | db3cb2196dc4401149258da8e6829cd3dad178e7 (diff) |
implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtree
and use sysctl for 'ipsecadm show'; ok deraadt
Diffstat (limited to 'sbin/ipsecadm/pfkdump.c')
-rw-r--r-- | sbin/ipsecadm/pfkdump.c | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/sbin/ipsecadm/pfkdump.c b/sbin/ipsecadm/pfkdump.c index 7222fa39491..8b74062fd8b 100644 --- a/sbin/ipsecadm/pfkdump.c +++ b/sbin/ipsecadm/pfkdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkdump.c,v 1.14 2004/10/08 05:59:55 ho Exp $ */ +/* $OpenBSD: pfkdump.c,v 1.15 2004/11/26 18:02:22 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -23,10 +23,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/socket.h> #include <sys/errno.h> #include <sys/time.h> +#include <sys/sysctl.h> #include <net/pfkeyv2.h> #include <netinet/ip_ipsp.h> #include <netdb.h> @@ -635,5 +636,35 @@ ipsecadm_monitor(void) void ipsecadm_show(u_int8_t satype) { - do_pfkey(0, satype); + struct sadb_msg *msg; + int mib[5]; + size_t need; + char *buf, *lim, *next; + + mib[0] = CTL_NET; + mib[1] = PF_KEY; + mib[2] = PF_KEY_V2; + mib[3] = NET_KEY_SADB_DUMP; + mib[4] = satype; + + /* + * Dump the SADB using sysctl(3), but fall back to the pfkey + * socket if sysctl fails. + */ + if (sysctl(mib, 5, NULL, &need, NULL, 0) == -1) + do_pfkey(0, satype); + if (need == 0) + return; + if ((buf = malloc(need)) == NULL) + err(1, "malloc"); + if (sysctl(mib, 5, buf, &need, NULL, 0) == -1) + err(1, "sysctl"); + lim = buf + need; + for (next = buf; next < lim; + next += msg->sadb_msg_len * PFKEY2_CHUNK) { + msg = (struct sadb_msg *)next; + if (msg->sadb_msg_len == 0) + break; + print_msg(msg, 0); + } } |