📄 ipsec_radij.c
字号:
if (key == NULL || mask == NULL) { return 0; } buf_len = subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); if(key->sen_sport != 0) { sprintf(buf1+buf_len-1, ":%d", ntohs(key->sen_sport)); } buf_len = subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); if(key->sen_dport != 0) { sprintf(buf2+buf_len-1, ":%d", ntohs(key->sen_dport)); } buf3[0]='\0'; if(key->sen_proto != 0) { sprintf(buf3, ":%d", key->sen_proto); } sa_len = satot(&ro->er_said, 'x', sa, sizeof(sa)); w->len += ipsec_snprintf(w->buffer + w->len, w->length - w->len, "%-10d " "%-18s -> %-18s => %s%s\n", ro->er_count, buf1, buf2, sa_len ? sa : " (error)", buf3); { /* snprintf can only fill the last character with NUL * so the maximum useful character is w->length-1. * However, if w->length == 0, we cannot go back. * (w->length surely cannot be negative.) */ int max_content = w->length > 0? w->length-1 : 0; if (w->len >= max_content) { /* we've done all that can fit -- stop treewalking */ w->len = max_content; /* truncate crap */ return -ENOBUFS; } else { const off_t pos = w->begin + w->len; /* file position of end of what we've generated */ if (pos <= w->offset) { /* all is before first interesting character: * discard, but note where we are. */ w->len = 0; w->begin = pos; } return 0; } } }#endif /* CONFIG_PROC_FS */intipsec_rj_walker_delete(struct radij_node *rn, void *w0){ struct eroute *ro; struct rjtentry *rd = (struct rjtentry *)rn; struct radij_node *rn2; int error; struct sockaddr_encap *key, *mask; key = rd_key(rd); mask = rd_mask(rd); if(!key || !mask) { return -ENODATA; }#ifdef CONFIG_KLIPS_DEBUG if(debug_radij) { char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); KLIPS_PRINT(debug_radij, "klips_debug:ipsec_rj_walker_delete: " "deleting: %s -> %s\n", buf1, buf2); }#endif /* CONFIG_KLIPS_DEBUG */ if((error = rj_delete(key, mask, rnh, &rn2))) { KLIPS_PRINT(debug_radij, "klips_debug:ipsec_rj_walker_delete: " "rj_delete failed with error=%d.\n", error); return error; } if(rn2 != rn) { printk("klips_debug:ipsec_rj_walker_delete: " "tried to delete a different node?!? This should never happen!\n"); } ro = (struct eroute *)rn; if (ro->er_ident_s.data) kfree(ro->er_ident_s.data); if (ro->er_ident_d.data) kfree(ro->er_ident_d.data); memset((caddr_t)rn, 0, sizeof (struct eroute)); kfree(rn); return 0;}/* * $Log: ipsec_radij.c,v $ * Revision 1.72 2004/12/03 21:25:57 mcr * compile time fixes for running on 2.6. * still experimental. * * Revision 1.71 2004/07/10 19:11:18 mcr * CONFIG_IPSEC -> CONFIG_KLIPS. * * Revision 1.70 2004/04/25 21:10:52 ken * Pull in dhr's changes from FreeS/WAN 2.06 * * Revision 1.69 2004/04/06 02:49:26 mcr * pullup of algo code from alg-branch. * * Revision 1.68 2004/03/28 20:27:20 paul * Included tested and confirmed fixes mcr made and dhr verified for * snprint statements. Changed one other snprintf to use ipsec_snprintf * so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with * dhr. (thanks dhr!) * * Revision 1.67.4.1 2004/04/05 04:30:46 mcr * patches for alg-branch to compile/work with 2.x openswan * * Revision 1.67 2003/10/31 02:27:55 mcr * pulled up port-selector patches and sa_id elimination. * * Revision 1.66.24.2 2003/10/29 01:30:41 mcr * elimited "struct sa_id". * * Revision 1.66.24.1 2003/09/21 13:59:56 mcr * pre-liminary X.509 patch - does not yet pass tests. * * Revision 1.66 2002/10/12 23:11:53 dhr * * [KenB + DHR] more 64-bit cleanup * * Revision 1.65 2002/09/20 05:01:40 rgb * Added memory allocation debugging. * * Revision 1.64 2002/05/31 01:46:05 mcr * added && sysctl_ipsec_debug_verbose verbose to ipsec_findroute * as requested in PR#14. * * Revision 1.63 2002/05/23 07:14:11 rgb * Cleaned up %p variants to 0p%p for test suite cleanup. * * Revision 1.62 2002/04/24 07:55:32 mcr * #include patches and Makefiles for post-reorg compilation. * * Revision 1.61 2002/04/24 07:36:29 mcr * Moved from ./klips/net/ipsec/ipsec_radij.c,v * * Revision 1.60 2002/02/19 23:59:45 rgb * Removed redundant compiler directives. * * Revision 1.59 2002/02/06 04:13:47 mcr * missing #ifdef CONFIG_IPSEC_DEBUG. * * Revision 1.58 2002/01/29 17:17:56 mcr * moved include of ipsec_param.h to after include of linux/kernel.h * otherwise, it seems that some option that is set in ipsec_param.h * screws up something subtle in the include path to kernel.h, and * it complains on the snprintf() prototype. * * Revision 1.57 2002/01/29 04:00:52 mcr * more excise of kversions.h header. * * Revision 1.56 2002/01/29 02:13:17 mcr * introduction of ipsec_kversion.h means that include of * ipsec_param.h must preceed any decisions about what files to * include to deal with differences in kernel source. * * Revision 1.55 2001/11/26 09:23:48 rgb * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. * * Revision 1.53.2.1 2001/09/25 02:26:32 mcr * headers adjusted for new usage. * * Revision 1.54 2001/10/18 04:45:20 rgb * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, * lib/freeswan.h version macros moved to lib/kversions.h. * Other compiler directive cleanups. * * Revision 1.53 2001/09/19 17:19:40 rgb * Debug output bugfix for NetCelo's PF_KEY ident patch. * * Revision 1.52 2001/09/19 16:33:37 rgb * Temporarily disable ident fields to /proc/net/ipsec_eroute. * * Revision 1.51 2001/09/15 16:24:04 rgb * Re-inject first and last HOLD packet when an eroute REPLACE is done. * * Revision 1.50 2001/09/14 16:58:36 rgb * Added support for storing the first and last packets through a HOLD. * * Revision 1.49 2001/09/08 21:13:32 rgb * Added pfkey ident extension support for ISAKMPd. (NetCelo) * * Revision 1.48 2001/06/15 04:12:56 rgb * Fixed kernel memory allocation error return code polarity bug. * * Revision 1.47 2001/06/14 19:35:09 rgb * Update copyright date. * * Revision 1.46 2001/06/08 08:47:18 rgb * Fixed for debug disabled. * * Revision 1.45 2001/05/27 06:12:11 rgb * Added structures for pid, packet count and last access time to eroute. * Added packet count to beginning of /proc/net/ipsec_eroute. * * Revision 1.44 2001/05/03 19:41:01 rgb * Initialise error return variable. * Use more appropriate return value for ipsec_rj_walker_delete(). * * Revision 1.43 2001/02/27 22:24:54 rgb * Re-formatting debug output (line-splitting, joining, 1arg/line). * Check for satoa() return codes. * * Revision 1.42 2001/02/27 06:21:57 rgb * Added findroute success instrumentation. * * Revision 1.41 2000/11/06 04:32:08 rgb * Ditched spin_lock_irqsave in favour of spin_lock_bh. * * Revision 1.40 2000/09/08 19:12:56 rgb * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. * * Revision 1.39 2000/08/30 05:25:20 rgb * Correct debug text in ipsec_breakroute() from incorrect * "ipsec_callback". * * Revision 1.38 2000/07/28 14:58:31 rgb * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. * * Revision 1.37 2000/03/16 14:02:50 rgb * Fixed debug scope to enable compilation with debug off. * * Revision 1.36 2000/01/21 06:14:46 rgb * Added debugging text to ipsec_rj_walker_delete(). * Set return code to negative for consistency. * * Revision 1.35 1999/11/23 23:05:24 rgb * Use provided macro ADDRTOA_BUF instead of hardcoded value. * * Revision 1.34 1999/11/18 04:13:56 rgb * Replaced all kernel version macros to shorter, readable form. * Added CONFIG_PROC_FS compiler directives in case it is shut off. * * Revision 1.33 1999/11/17 15:53:39 rgb * Changed all occurrences of #include "../../../lib/freeswan.h" * to #include <freeswan.h> which works due to -Ilibfreeswan in the * klips/net/ipsec/Makefile. * * Revision 1.32 1999/10/26 13:58:33 rgb * Put spinlock flags variable declaration outside the debug compiler * directive to enable compilation with debug shut off. * * Revision 1.31 1999/10/15 22:13:29 rgb * Clean out cruft. * Align /proc/net/ipsec_eroute output for easier readability. * Fix double linefeed in radij debug output. * Fix double locking bug that locks up 2.0.36 but not 2.0.38. * * Revision 1.30 1999/10/08 18:37:33 rgb * Fix end-of-line spacing to sate whining PHMs. * * Revision 1.29 1999/10/03 18:52:45 rgb * Spinlock support for 2.0.xx. * Dumb return code spin_unlock fix. * * Revision 1.28 1999/10/01 16:22:24 rgb * Switch from assignment init. to functional init. of spinlocks. * * Revision 1.27 1999/10/01 15:44:53 rgb * Move spinlock header include to 2.1> scope. * * Revision 1.26 1999/10/01 00:01:23 rgb * Added eroute structure locking. * * Revision 1.25 1999/06/10 16:07:30 rgb * Silence delete eroute on no debug. * * Revision 1.24 1999/05/09 03:25:36 rgb * Fix bug introduced by 2.2 quick-and-dirty patch. * * Revision 1.23 1999/05/05 22:02:31 rgb * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. * * Revision 1.22 1999/04/29 15:17:23 rgb * Add return values to init and cleanup functions. * Add sanity checking for null pointer arguments. * * Revision 1.21 1999/04/11 00:28:58 henry * GPL boilerplate * * Revision 1.20 1999/04/06 04:54:26 rgb * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes * patch shell fixes. * * Revision 1.19 1999/02/17 16:50:35 rgb * Clean out unused cruft. * Consolidate for space and speed efficiency. * Convert DEBUG_IPSEC to KLIPS_PRINT * * Revision 1.18 1999/01/22 06:22:06 rgb * Cruft clean-out. * 64-bit clean-up. * * Revision 1.17 1998/12/02 03:09:39 rgb * Clean up debug printing conditionals to compile with debugging off. * * Revision 1.16 1998/12/01 13:49:39 rgb * Wrap version info printing in debug switches. * * Revision 1.15 1998/11/30 13:22:54 rgb * Rationalised all the klips kernel file headers. They are much shorter * now and won't conflict under RH5.2. * * Revision 1.14 1998/10/31 06:48:17 rgb * Fixed up comments in #endif directives. * * Revision 1.13 1998/10/27 13:48:09 rgb * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts. * Fixed less(1) truncated output bug. * Code clean-up. * * Revision 1.12 1998/10/25 02:41:36 rgb * Change return type on ipsec_breakroute and ipsec_makeroute and add an * argument to be able to transmit more infomation about errors. * Fix cut-and-paste debug statement identifier. * * Revision 1.11 1998/10/22 06:45:39 rgb * Cleaned up cruft. * Convert to use satoa for printk. * * Revision 1.10 1998/10/19 14:44:28 rgb * Added inclusion of freeswan.h. * sa_id structure implemented and used: now includes protocol. * * Revision 1.9 1998/10/09 04:30:52 rgb * Added 'klips_debug' prefix to all klips printk debug statements. * Deleted old commented out cruft. * * Revision 1.8 1998/08/06 17:24:23 rgb * Fix addrtoa return code bug from stale manpage advice preventing packets * from being erouted. * * Revision 1.7 1998/08/06 07:44:59 rgb * Fixed /proc/net/ipsec_eroute subnettoa and addrtoa return value bug that * ended up in nothing being printed. * * Revision 1.6 1998/08/05 22:16:41 rgb * Cleanup to prevent cosmetic errors (ie. debug output) from being fatal. * * Revision 1.5 1998/07/29 20:38:44 rgb * Debug and fix subnettoa and addrtoa output. * * Revision 1.4 1998/07/28 00:02:39 rgb * Converting to exclusive use of addrtoa. * Fix eroute delete. * * Revision 1.3 1998/07/14 18:21:26 rgb * Add function to clear the eroute table. * * Revision 1.2 1998/06/23 02:59:14 rgb * Added debugging output to eroute add/delete routines. * * Revision 1.9 1998/06/18 21:29:06 henry * move sources from klips/src to klips/net/ipsec, to keep stupid kernel * build scripts happier in presence of symbolic links * * Revision 1.8 1998/06/05 02:32:26 rgb * Fix spi ntoh kernel debug output. * * Revision 1.7 1998/05/25 20:30:37 rgb * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. * * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and * add ipsec_rj_walker_delete. * * Revision 1.6 1998/05/21 13:08:57 rgb * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of * information is available for printout. * * Revision 1.5 1998/05/18 21:35:55 rgb * Clean up output for numerical consistency and readability. Zero freed * eroute memory. * * Revision 1.4 1998/04/21 21:28:58 rgb * Rearrange debug switches to change on the fly debug output from user * space. Only kernel changes checked in at this time. radij.c was also * changed to temporarily remove buggy debugging code in rj_delete causing * an OOPS and hence, netlink device open errors. * * Revision 1.3 1998/04/14 17:30:39 rgb * Fix up compiling errors for radij tree memory reclamation. * * Revision 1.2 1998/04/12 22:03:23 rgb * Updated ESP-3DES-HMAC-MD5-96, * ESP-DES-HMAC-MD5-96, * AH-HMAC-MD5-96, * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository * from old standards (RFC182[5-9] to new (as of March 1998) drafts. * * Fixed eroute references in /proc/net/ipsec*. * * Started to patch module unloading memory leaks in ipsec_netlink and * radij tree unloading. * * Revision 1.1 1998/04/09 03:06:10 henry * sources moved up from linux/net/ipsec * * Revision 1.1.1.1 1998/04/08 05:35:03 henry * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 * * Revision 0.4 1997/01/15 01:28:15 ji * No changes. * * Revision 0.3 1996/11/20 14:39:04 ji * Minor cleanups. * Rationalized debugging code. * * Revision 0.2 1996/11/02 00:18:33 ji * First limited release. * * */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -