support DUMP by sysctl

2003-09-12 07:45:21 +00:00 · 2003-09-12 07:45:21 +00:00 · e1d953a832
commit e1d953a832
parent 7be275a0ed
4 changed files with 138 additions and 7 deletions
--- a/sbin/setkey/parse.y
+++ b/sbin/setkey/parse.y
@ -1,4 +1,4 @@
-/*	$NetBSD: parse.y,v 1.13 2003/09/07 22:20:05 itojun Exp $	*/
+/*	$NetBSD: parse.y,v 1.14 2003/09/12 07:45:21 itojun Exp $	*/
 /*	$KAME: parse.y,v 1.80 2003/06/27 07:15:45 itojun Exp $	*/

 /*
@ -72,6 +72,9 @@ void free_buffer __P((void));
 int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
 static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
 	struct addrinfo *, int, struct addrinfo *, int));
+#ifdef SADB_X_EXT_TAG
+static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *));
+#endif
 static int setkeymsg_addr __P((unsigned int, unsigned int,
 	struct addrinfo *, struct addrinfo *, int));
 static int setkeymsg_add __P((unsigned int, unsigned int,
@ -106,6 +109,7 @@ extern void yyerror __P((const char *));
 %token SPDADD SPDDELETE SPDDUMP SPDFLUSH
 %token F_POLICY PL_REQUESTS
 %token F_AIFLAGS
+%token TAGGED

 %type <num> prefix protocol_spec upper_spec
 %type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
@ -502,6 +506,19 @@ spdadd_command
 			if (status < 0)
 				return -1;
 		}
+	|	SPDADD TAGGED QUOTEDSTRING policy_spec EOT
+		{
+#ifdef SADB_X_EXT_TAG
+			int status;
+
+			status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
+			    $3.buf, &$4);
+			if (status < 0)
+				return -1;
+#else
+			return -1;
+#endif
+		}
 	;

 spddelete_command
@ -798,6 +815,48 @@ setkeymsg_spdaddr(type, upper, policy, srcs, splen, dsts, dplen)
 		return 0;
 }

+#ifdef SADB_X_EXT_TAG
+static int
+setkeymsg_spdaddr_tag(type, tag, policy)
+	unsigned int type;
+	char *tag;
+	vchar_t *policy;
+{
+	struct sadb_msg *msg;
+	char buf[BUFSIZ];
+	int l, l0;
+	struct sadb_x_tag m_tag;
+	int n;
+
+	msg = (struct sadb_msg *)buf;
+
+	/* fix up length afterwards */
+	setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
+	l = sizeof(struct sadb_msg);
+
+	memcpy(buf + l, policy->buf, policy->len);
+	l += policy->len;
+
+	l0 = l;
+	n = 0;
+
+	memset(&m_tag, 0, sizeof(m_tag));
+	m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
+	m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
+	if (strlcpy(m_tag.sadb_x_tag_name, tag,
+	    sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
+		return -1;
+	memcpy(buf + l, &m_tag, sizeof(m_tag));
+	l += sizeof(m_tag);
+
+	msg->sadb_msg_len = PFKEY_UNIT64(l);
+
+	sendkeymsg(buf, l);
+
+	return 0;
+}
+#endif
+
 /* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
 static int
 setkeymsg_addr(type, satype, srcs, dsts, no_spi)
--- a/sbin/setkey/setkey.8
+++ b/sbin/setkey/setkey.8
@ -1,4 +1,4 @@
-.\"	$NetBSD: setkey.8,v 1.25 2003/09/08 07:09:13 wiz Exp $
+.\"	$NetBSD: setkey.8,v 1.26 2003/09/12 07:45:21 itojun Exp $
 .\"	$KAME: setkey.8,v 1.90 2003/09/08 06:10:43 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -190,6 +190,15 @@ on the command line achieves the same functionality.
 .Xc
 Add an SPD entry.
 .\"
+.\".It Xo
+.\".Li spdadd tagged
+.\".Ar tag Ar policy
+.\".Li ;
+.\".Xc
+.\"Add an SPD entry based on PF tag.
+.\".Ar tag
+.\"must be a string surrounded by doublequote.
+.\"
 .It Xo
 .Li spddelete
 .Op Fl 46n
--- a/sbin/setkey/setkey.c
+++ b/sbin/setkey/setkey.c
@ -1,4 +1,4 @@
-/*	$NetBSD: setkey.c,v 1.10 2003/09/08 12:34:29 itojun Exp $	*/
+/*	$NetBSD: setkey.c,v 1.11 2003/09/12 07:45:21 itojun Exp $	*/
 /*	$KAME: setkey.c,v 1.31 2003/09/08 12:31:58 itojun Exp $	*/

 /*
@ -35,11 +35,13 @@
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/stat.h>
+#include <sys/sysctl.h>
 #include <err.h>
 #include <net/route.h>
 #include <netinet/in.h>
 #include <net/pfkeyv2.h>
 #include <netkey/keydb.h>
+#include <netkey/key_var.h>
 #include <netkey/key_debug.h>
 #include <netinet6/ipsec.h>

@ -65,6 +67,7 @@ int sendkeymsg __P((char *, size_t));
 int postproc __P((struct sadb_msg *, int));
 int fileproc __P((const char *));
 int dumpkernfs __P((const char *));
+int sysctldump __P((u_int, u_int8_t));
 const char *numstr __P((int));
 void shortdump_hdr __P((void));
 void shortdump __P((struct sadb_msg *));
@ -114,6 +117,7 @@ main(argc, argv)
 	FILE *fp = stdin;
 	int c;
 	struct stat sb;
+	int error;

 	if (argc == 1) {
 		usage();
@ -190,10 +194,25 @@ main(argc, argv)

 	switch (f_mode) {
 	case MODE_CMDDUMP:
-		if (kernfs)
+		if (kernfs) {
 			dumpkernfs(f_policy ? "/kern/ipsecsp" : "/kern/ipsecsa");
-		else
-			sendkeyshort(f_policy ? SADB_X_SPDDUMP: SADB_DUMP);
+			break;
+		}
+
+		error = sysctldump(f_policy ? SADB_X_SPDDUMP : SADB_DUMP,
+		    SADB_SATYPE_UNSPEC);
+		if (error == 0)
+			break;
+		if (error < 0) {
+			if (errno == ENOENT) {
+				printf("No S%cD entries.\n",
+				    f_policy ? 'P' : 'A');
+				break;
+			} else if (errno != 0)
+				err(1, "sysctl");
+		}
+
+		sendkeyshort(f_policy ? SADB_X_SPDDUMP : SADB_DUMP);
 		break;
 	case MODE_CMDFLUSH:
 		sendkeyshort(f_policy ? SADB_X_SPDFLUSH: SADB_FLUSH);
@ -544,6 +563,49 @@ dumpkernfs(dir)
 	return (0);
 }

+int
+sysctldump(type, satype)
+	u_int type;
+	u_int8_t satype;
+{
+	int mib[] = { CTL_NET, PF_KEY, KEYCTL_DUMPSA, 0 };
+	size_t len, l;
+	char *buf, *p, *ep;
+	struct sadb_msg *msg;
+
+	if (type == SADB_DUMP) {
+		mib[2] = KEYCTL_DUMPSA;
+		mib[3] = satype;
+		l = 4;
+	} else if (type == SADB_X_SPDDUMP) {
+		mib[2] = KEYCTL_DUMPSP;
+		l = 3;
+	} else
+		return (EINVAL);
+
+	if (sysctl(mib, l, NULL, &len, NULL, 0) < 0)
+		return (-1);
+	buf = malloc(len);
+	if (!buf)
+		return (ENOBUFS);
+	if (sysctl(mib, l, buf, &len, NULL, 0) < 0) {
+		free(buf);
+		return (-1);
+	}
+
+	p = buf;
+	ep = buf + len;
+	while (p < ep) {
+		msg = (struct sadb_msg *)p;
+		l = PFKEY_UNUNIT64(msg->sadb_msg_len);
+		postproc(msg, l);
+		p += l;
+	}
+
+	free(buf);
+	return (0);
+}
+
 /*------------------------------------------------------------*/
 static const char *satype[] = {
 	NULL, NULL, "ah", "esp"
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@ -1,4 +1,4 @@
-/*	$NetBSD: token.l,v 1.13 2003/09/07 22:20:05 itojun Exp $	*/
+/*	$NetBSD: token.l,v 1.14 2003/09/12 07:45:22 itojun Exp $	*/
 /*	$KAME: token.l,v 1.43 2003/07/25 09:35:28 itojun Exp $	*/

 /*
@ -106,6 +106,7 @@ spdadd		{ return(SPDADD); }
 spddelete	{ return(SPDDELETE); }
 spddump		{ return(SPDDUMP); }
 spdflush	{ return(SPDFLUSH); }
+tagged		{ return(TAGGED); }
 {hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-_/ \n\t]* {
 			yymore();