summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2004-11-26 18:02:23 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2004-11-26 18:02:23 +0000
commit8f40035a88fee575709a5aa28fed7b098e3854ad (patch)
tree816dfaca9c54081f903259c49e6e334e226fb001 /sbin
parentdb3cb2196dc4401149258da8e6829cd3dad178e7 (diff)
implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtree
and use sysctl for 'ipsecadm show'; ok deraadt
Diffstat (limited to 'sbin')
-rw-r--r--sbin/ipsecadm/pfkdump.c37
1 files changed, 34 insertions, 3 deletions
diff --git a/sbin/ipsecadm/pfkdump.c b/sbin/ipsecadm/pfkdump.c
index 7222fa39491..8b74062fd8b 100644
--- a/sbin/ipsecadm/pfkdump.c
+++ b/sbin/ipsecadm/pfkdump.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkdump.c,v 1.14 2004/10/08 05:59:55 ho Exp $ */
+/* $OpenBSD: pfkdump.c,v 1.15 2004/11/26 18:02:22 markus Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
@@ -23,10 +23,11 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/socket.h>
#include <sys/errno.h>
#include <sys/time.h>
+#include <sys/sysctl.h>
#include <net/pfkeyv2.h>
#include <netinet/ip_ipsp.h>
#include <netdb.h>
@@ -635,5 +636,35 @@ ipsecadm_monitor(void)
void
ipsecadm_show(u_int8_t satype)
{
- do_pfkey(0, satype);
+ struct sadb_msg *msg;
+ int mib[5];
+ size_t need;
+ char *buf, *lim, *next;
+
+ mib[0] = CTL_NET;
+ mib[1] = PF_KEY;
+ mib[2] = PF_KEY_V2;
+ mib[3] = NET_KEY_SADB_DUMP;
+ mib[4] = satype;
+
+ /*
+ * Dump the SADB using sysctl(3), but fall back to the pfkey
+ * socket if sysctl fails.
+ */
+ if (sysctl(mib, 5, NULL, &need, NULL, 0) == -1)
+ do_pfkey(0, satype);
+ if (need == 0)
+ return;
+ if ((buf = malloc(need)) == NULL)
+ err(1, "malloc");
+ if (sysctl(mib, 5, buf, &need, NULL, 0) == -1)
+ err(1, "sysctl");
+ lim = buf + need;
+ for (next = buf; next < lim;
+ next += msg->sadb_msg_len * PFKEY2_CHUNK) {
+ msg = (struct sadb_msg *)next;
+ if (msg->sadb_msg_len == 0)
+ break;
+ print_msg(msg, 0);
+ }
}