diff options
-rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 43 | ||||
-rw-r--r-- | sbin/ipsecctl/pfkdump.c | 15 | ||||
-rw-r--r-- | sbin/ipsecctl/pfkey.h | 3 |
3 files changed, 53 insertions, 8 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index e89ecafa3b6..db681e09b7e 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.59 2006/08/31 19:01:16 ho Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.60 2006/09/19 21:29:47 markus Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -60,6 +60,7 @@ int ipsecctl_monitor(int); void usage(void); const char *ipsecctl_lookup_option(char *, const char **); static int unmask(struct ipsec_addr *, sa_family_t); +int sacompare(const void *, const void *); const char *infile; /* Used by parse.y */ const char *showopt; @@ -77,6 +78,23 @@ static const char *satype[] = {"?", "esp", "ah", "ipcomp", "tcpmd5", "ipip"}; static const char *tmode[] = {"?", "transport", "tunnel"}; static const char *auth[] = {"?", "psk", "rsa"}; +struct sad { + struct sadb_msg *sad_msg; + u_int32_t sad_spi; +}; + +int +sacompare(const void *va, const void *vb) +{ + const struct sad *a = va, *b = vb; + + if (a->sad_spi < b->sad_spi) + return (-1); + if (a->sad_spi > b->sad_spi) + return (1); + return (0); +} + int ipsecctl_rules(char *filename, int opts) { @@ -515,7 +533,8 @@ void ipsecctl_show_sas(int opts) { struct sadb_msg *msg; - int mib[5]; + struct sad *sad; + int mib[5], sacount, i; size_t need = 0; char *buf, *lim, *next; @@ -540,15 +559,31 @@ ipsecctl_show_sas(int opts) err(1, "ipsecctl_show_sas: malloc"); if (sysctl(mib, 5, buf, &need, NULL, 0) == -1) err(1, "ipsecctl_show_sas: sysctl"); + sacount = 0; lim = buf + need; for (next = buf; next < lim; next += msg->sadb_msg_len * PFKEYV2_CHUNK) { msg = (struct sadb_msg *)next; if (msg->sadb_msg_len == 0) break; - pfkey_print_sa(msg, opts); + sacount++; } - + if ((sad = calloc(sacount, sizeof(*sad))) == NULL) + err(1, "ipsecctl_show_sas: calloc"); + i = 0; + for (next = buf; next < lim; + next += msg->sadb_msg_len * PFKEYV2_CHUNK) { + msg = (struct sadb_msg *)next; + if (msg->sadb_msg_len == 0) + break; + sad[i].sad_spi = pfkey_get_spi(msg); + sad[i].sad_msg = msg; + i++; + } + qsort(sad, sacount, sizeof(*sad), sacompare); + for (i = 0; i < sacount; i++) + pfkey_print_sa(sad[i].sad_msg, opts); + free(sad); free(buf); } diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c index 1ff0d8e73a3..18c04750031 100644 --- a/sbin/ipsecctl/pfkdump.c +++ b/sbin/ipsecctl/pfkdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkdump.c,v 1.21 2006/08/30 15:49:32 markus Exp $ */ +/* $OpenBSD: pfkdump.c,v 1.22 2006/09/19 21:29:47 markus Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -60,7 +60,6 @@ static struct idname *lookup(struct idname [], u_int8_t); static char *lookup_name(struct idname [], u_int8_t); static void print_ext(struct sadb_ext *, struct sadb_msg *); -void pfkey_print_sa(struct sadb_msg *, int); void pfkey_print_raw(u_int8_t *, ssize_t); struct sadb_ext *extensions[SADB_EXT_MAX + 1]; @@ -584,6 +583,16 @@ parse_key(struct sadb_ext *ext, struct ipsec_key *ikey) ikey->len = key->sadb_key_bits / 8; } +u_int32_t +pfkey_get_spi(struct sadb_msg *msg) +{ + struct sadb_sa *sa; + + setup_extensions(msg); + sa = (struct sadb_sa *)extensions[SADB_EXT_SA]; + return (ntohl(sa->sadb_sa_spi)); +} + /* opposite of pfkey_sa() */ void pfkey_print_sa(struct sadb_msg *msg, int opts) @@ -747,7 +756,7 @@ pfkey_print_raw(u_int8_t *data, ssize_t len) const u_int8_t *sp = (const u_int8_t *)data; printf("RAW PFKEYV2 MESSAGE:\n"); - for(i = 0; i < len; i++) { + for (i = 0; i < len; i++) { if ((i % 8 == 0) && (i != 0)) printf("\n"); printf("%02x ", *sp); diff --git a/sbin/ipsecctl/pfkey.h b/sbin/ipsecctl/pfkey.h index 9ae2bd0d925..5b4ea081c1d 100644 --- a/sbin/ipsecctl/pfkey.h +++ b/sbin/ipsecctl/pfkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.h,v 1.6 2006/06/01 06:50:58 deraadt Exp $ */ +/* $OpenBSD: pfkey.h,v 1.7 2006/09/19 21:29:47 markus Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -28,5 +28,6 @@ int pfkey_ipsec_establish(int, struct ipsec_rule *); int pfkey_ipsec_flush(void); int pfkey_init(void); int pfkey_monitor(int); +u_int32_t pfkey_get_spi(struct sadb_msg *); #endif /* _PFKEY_H_ */ |