4 * Copyright (C)2004 USAGI/WIDE Project
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 * based on ip.c, iproute.c
25 * Masahide NAKAMURA @USAGI
31 #include <sys/types.h>
32 #include <sys/socket.h>
36 #include <linux/netlink.h>
37 #include <linux/rtnetlink.h>
38 #include <linux/xfrm.h>
43 #define STRBUF_SIZE (128)
44 #define STRBUF_CAT(buf, str) \
46 int rest = sizeof(buf) - 1 - strlen(buf); \
48 int len = strlen(str); \
51 strncat(buf, str, len); \
52 buf[sizeof(buf) - 1] = '\0'; \
56 struct xfrm_filter filter;
58 static void usage(void) __attribute__((noreturn));
60 static void usage(void)
63 "Usage: ip xfrm XFRM_OBJECT { COMMAND | help }\n"
64 "where XFRM_OBJECT := { state | policy | monitor }\n");
68 /* This is based on utils.c(inet_addr_match) */
69 int xfrm_addr_match(xfrm_address_t *x1, xfrm_address_t *x2, int bits)
71 __u32 *a1 = (__u32 *)x1;
72 __u32 *a2 = (__u32 *)x2;
73 int words = bits >> 0x05;
78 if (memcmp(a1, a2, words << 2))
88 mask = htonl((0xffffffff) << (0x20 - bits));
102 static const struct typeent xfrmproto_types[]= {
103 { "esp", IPPROTO_ESP }, { "ah", IPPROTO_AH }, { "comp", IPPROTO_COMP },
107 int xfrm_xfrmproto_getbyname(char *name)
112 const struct typeent *t = &xfrmproto_types[i];
113 if (!t->t_name || t->t_type == -1)
116 if (strcmp(t->t_name, name) == 0)
123 const char *strxf_xfrmproto(__u8 proto)
128 const struct typeent *t = &xfrmproto_types[i];
129 if (!t->t_name || t->t_type == -1)
132 if (t->t_type == proto)
139 static const struct typeent algo_types[]= {
140 { "enc", XFRMA_ALG_CRYPT }, { "auth", XFRMA_ALG_AUTH },
141 { "comp", XFRMA_ALG_COMP }, { NULL, -1 }
144 int xfrm_algotype_getbyname(char *name)
149 const struct typeent *t = &algo_types[i];
150 if (!t->t_name || t->t_type == -1)
153 if (strcmp(t->t_name, name) == 0)
160 const char *strxf_algotype(int type)
165 const struct typeent *t = &algo_types[i];
166 if (!t->t_name || t->t_type == -1)
169 if (t->t_type == type)
176 const char *strxf_mask8(__u8 mask)
179 const int sn = sizeof(mask) * 8 - 1;
183 for (b = (1 << sn); b > 0; b >>= 1)
184 str[i++] = ((b & mask) ? '1' : '0');
190 const char *strxf_mask32(__u32 mask)
194 sprintf(str, "%.8x", mask);
199 const char *strxf_share(__u8 share)
207 case XFRM_SHARE_SESSION:
208 strcpy(str, "session");
210 case XFRM_SHARE_USER:
213 case XFRM_SHARE_UNIQUE:
214 strcpy(str, "unique");
217 sprintf(str, "%u", share);
224 const char *strxf_proto(__u8 proto)
230 pp = getprotobynumber(proto);
234 sprintf(buf, "%u", proto);
241 void xfrm_id_info_print(xfrm_address_t *saddr, struct xfrm_id *id,
242 __u8 mode, __u32 reqid, __u16 family, int force_spi,
243 FILE *fp, const char *prefix, const char *title)
250 memset(abuf, '\0', sizeof(abuf));
251 fprintf(fp, "src %s ", rt_addr_n2a(family, sizeof(*saddr),
252 saddr, abuf, sizeof(abuf)));
253 memset(abuf, '\0', sizeof(abuf));
254 fprintf(fp, "dst %s", rt_addr_n2a(family, sizeof(id->daddr),
255 &id->daddr, abuf, sizeof(abuf)));
256 fprintf(fp, "%s", _SL_);
262 fprintf(fp, "proto %s ", strxf_xfrmproto(id->proto));
264 if (show_stats > 0 || force_spi || id->spi) {
265 __u32 spi = ntohl(id->spi);
266 fprintf(fp, "spi 0x%08x", spi);
268 fprintf(fp, "(%u)", spi);
272 fprintf(fp, "reqid %u", reqid);
274 fprintf(fp, "(0x%08x)", reqid);
277 fprintf(fp, "mode ");
280 fprintf(fp, "transport");
283 fprintf(fp, "tunnel");
286 fprintf(fp, "%u", mode);
289 fprintf(fp, "%s", _SL_);
292 static const char *strxf_limit(__u64 limit)
295 if (limit == XFRM_INF)
296 strcpy(str, "(INF)");
298 sprintf(str, "%llu", (unsigned long long) limit);
303 void xfrm_stats_print(struct xfrm_stats *s, FILE *fp, const char *prefix)
307 fprintf(fp, "stats:");
308 fprintf(fp, "%s", _SL_);
313 fprintf(fp, "replay-window %u ", s->replay_window);
314 fprintf(fp, "replay %u ", s->replay);
315 fprintf(fp, "failed %u", s->integrity_failed);
316 fprintf(fp, "%s", _SL_);
319 static const char *strxf_time(__u64 time)
329 /* XXX: treat time in the same manner of kernel's
330 * net/xfrm/xfrm_{user,state}.c
335 strftime(str, sizeof(str), "%Y-%m-%d %T", tp);
341 void xfrm_lifetime_print(struct xfrm_lifetime_cfg *cfg,
342 struct xfrm_lifetime_cur *cur,
343 FILE *fp, const char *prefix)
348 fprintf(fp, "lifetime config:");
349 fprintf(fp, "%s", _SL_);
354 fprintf(fp, "limit: ");
355 fprintf(fp, "soft ");
356 fprintf(fp, strxf_limit(cfg->soft_byte_limit));
357 fprintf(fp, "(bytes), hard ");
358 fprintf(fp, strxf_limit(cfg->hard_byte_limit));
359 fprintf(fp, "(bytes)");
360 fprintf(fp, "%s", _SL_);
365 fprintf(fp, "limit: ");
366 fprintf(fp, "soft ");
367 fprintf(fp, strxf_limit(cfg->soft_packet_limit));
368 fprintf(fp, "(packets), hard ");
369 fprintf(fp, strxf_limit(cfg->hard_packet_limit));
370 fprintf(fp, "(packets)");
371 fprintf(fp, "%s", _SL_);
376 fprintf(fp, "expire add: ");
377 fprintf(fp, "soft ");
378 fprintf(fp, "%llu", (unsigned long long) cfg->soft_add_expires_seconds);
379 fprintf(fp, "(sec), hard ");
380 fprintf(fp, "%llu", (unsigned long long) cfg->hard_add_expires_seconds);
381 fprintf(fp, "(sec)");
382 fprintf(fp, "%s", _SL_);
387 fprintf(fp, "expire use: ");
388 fprintf(fp, "soft ");
389 fprintf(fp, "%llu", (unsigned long long) cfg->soft_use_expires_seconds);
390 fprintf(fp, "(sec), hard ");
391 fprintf(fp, "%llu", (unsigned long long) cfg->hard_use_expires_seconds);
392 fprintf(fp, "(sec)");
393 fprintf(fp, "%s", _SL_);
398 fprintf(fp, "lifetime current:");
399 fprintf(fp, "%s", _SL_);
404 fprintf(fp, "%llu(bytes), ", (unsigned long long) cur->bytes);
405 fprintf(fp, "%llu(packets)", (unsigned long long) cur->packets);
406 fprintf(fp, "%s", _SL_);
411 fprintf(fp, "add %s ", strxf_time(cur->add_time));
412 fprintf(fp, "use %s", strxf_time(cur->use_time));
413 fprintf(fp, "%s", _SL_);
417 void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
418 FILE *fp, const char *prefix)
427 f = preferred_family;
432 memset(abuf, '\0', sizeof(abuf));
433 fprintf(fp, "src %s/%u ", rt_addr_n2a(f, sizeof(sel->saddr),
434 &sel->saddr, abuf, sizeof(abuf)),
437 memset(abuf, '\0', sizeof(abuf));
438 fprintf(fp, "dst %s/%u ", rt_addr_n2a(f, sizeof(sel->daddr),
439 &sel->daddr, abuf, sizeof(abuf)),
443 fprintf(fp, "proto %s ", strxf_proto(sel->proto));
444 switch (sel->proto) {
451 fprintf(fp, "sport %u ", ntohs(sel->sport));
453 fprintf(fp, "dport %u ", ntohs(sel->dport));
457 /* type/code is stored at sport/dport in selector */
459 fprintf(fp, "type %u ", ntohs(sel->sport));
461 fprintf(fp, "code %u ", ntohs(sel->dport));
465 if (sel->ifindex > 0) {
468 memset(buf, '\0', sizeof(buf));
469 if_indextoname(sel->ifindex, buf);
470 fprintf(fp, "dev %s ", buf);
474 fprintf(fp, "uid %u", sel->user);
476 fprintf(fp, "%s", _SL_);
479 static void xfrm_algo_print(struct xfrm_algo *algo, int type, int len,
480 FILE *fp, const char *prefix)
488 fprintf(fp, "%s ", strxf_algotype(type));
490 if (len < sizeof(*algo)) {
491 fprintf(fp, "(ERROR truncated)");
494 len -= sizeof(*algo);
496 fprintf(fp, "%s ", algo->alg_name);
498 keylen = algo->alg_key_len / 8;
500 fprintf(fp, "(ERROR truncated)");
505 for (i = 0; i < keylen; i ++)
506 fprintf(fp, "%.2x", (unsigned char)algo->alg_key[i]);
509 fprintf(fp, " (%d bits)", algo->alg_key_len);
512 fprintf(fp, "%s", _SL_);
515 static void xfrm_tmpl_print(struct xfrm_user_tmpl *tmpls, int len,
516 __u16 family, FILE *fp, const char *prefix)
518 int ntmpls = len / sizeof(struct xfrm_user_tmpl);
524 fprintf(fp, "(ERROR \"tmpl\" truncated)");
525 fprintf(fp, "%s", _SL_);
529 for (i = 0; i < ntmpls; i++) {
530 struct xfrm_user_tmpl *tmpl = &tmpls[i];
535 xfrm_id_info_print(&tmpl->saddr, &tmpl->id, tmpl->mode,
536 tmpl->reqid, family, 0, fp, prefix, "tmpl ");
538 if (show_stats > 0 || tmpl->optional) {
542 switch (tmpl->optional) {
545 fprintf(fp, "level required ");
548 fprintf(fp, "level use ");
551 fprintf(fp, "level %u ", tmpl->optional);
556 fprintf(fp, "share %s ", strxf_share(tmpl->share));
558 fprintf(fp, "%s", _SL_);
561 if (show_stats > 0) {
565 fprintf(fp, "%s-mask %s ",
566 strxf_algotype(XFRMA_ALG_CRYPT),
567 strxf_mask32(tmpl->ealgos));
568 fprintf(fp, "%s-mask %s ",
569 strxf_algotype(XFRMA_ALG_AUTH),
570 strxf_mask32(tmpl->aalgos));
571 fprintf(fp, "%s-mask %s",
572 strxf_algotype(XFRMA_ALG_COMP),
573 strxf_mask32(tmpl->calgos));
575 fprintf(fp, "%s", _SL_);
580 void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
581 FILE *fp, const char *prefix)
583 if (tb[XFRMA_ALG_AUTH]) {
584 struct rtattr *rta = tb[XFRMA_ALG_AUTH];
585 xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta),
586 XFRMA_ALG_AUTH, RTA_PAYLOAD(rta), fp, prefix);
589 if (tb[XFRMA_ALG_CRYPT]) {
590 struct rtattr *rta = tb[XFRMA_ALG_CRYPT];
591 xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta),
592 XFRMA_ALG_CRYPT, RTA_PAYLOAD(rta), fp, prefix);
595 if (tb[XFRMA_ALG_COMP]) {
596 struct rtattr *rta = tb[XFRMA_ALG_COMP];
597 xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta),
598 XFRMA_ALG_COMP, RTA_PAYLOAD(rta), fp, prefix);
601 if (tb[XFRMA_ENCAP]) {
602 struct xfrm_encap_tmpl *e;
607 fprintf(fp, "encap ");
609 if (RTA_PAYLOAD(tb[XFRMA_ENCAP]) < sizeof(*e)) {
610 fprintf(fp, "(ERROR truncated)");
611 fprintf(fp, "%s", _SL_);
614 e = (struct xfrm_encap_tmpl *) RTA_DATA(tb[XFRMA_ENCAP]);
616 fprintf(fp, "type ");
617 switch (e->encap_type) {
619 fprintf(fp, "espinudp-nonike ");
622 fprintf(fp, "espinudp ");
625 fprintf(fp, "%u ", e->encap_type);
628 fprintf(fp, "sport %u ", ntohs(e->encap_sport));
629 fprintf(fp, "dport %u ", ntohs(e->encap_dport));
631 memset(abuf, '\0', sizeof(abuf));
632 fprintf(fp, "addr %s",
633 rt_addr_n2a(family, sizeof(e->encap_oa),
634 &e->encap_oa, abuf, sizeof(abuf)));
635 fprintf(fp, "%s", _SL_);
638 if (tb[XFRMA_TMPL]) {
639 struct rtattr *rta = tb[XFRMA_TMPL];
640 xfrm_tmpl_print((struct xfrm_user_tmpl *) RTA_DATA(rta),
641 RTA_PAYLOAD(rta), family, fp, prefix);
645 static int xfrm_selector_iszero(struct xfrm_selector *s)
647 struct xfrm_selector s0;
649 memset(&s0, 0, sizeof(s0));
651 return (memcmp(&s0, s, sizeof(s0)) == 0);
654 void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
655 struct rtattr *tb[], FILE *fp, const char *prefix,
658 char buf[STRBUF_SIZE];
660 memset(buf, '\0', sizeof(buf));
662 xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
663 xsinfo->reqid, xsinfo->family, 1, fp, prefix,
667 STRBUF_CAT(buf, prefix);
668 STRBUF_CAT(buf, "\t");
671 fprintf(fp, "replay-window %u ", xsinfo->replay_window);
673 fprintf(fp, "seq 0x%08u ", xsinfo->seq);
674 if (show_stats > 0 || xsinfo->flags) {
675 __u8 flags = xsinfo->flags;
677 fprintf(fp, "flag ");
678 XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_NOECN, "noecn");
679 XFRM_FLAG_PRINT(fp, flags, XFRM_STATE_DECAP_DSCP, "decap-dscp");
681 fprintf(fp, "%x", flags);
683 fprintf(fp, " (0x%s)", strxf_mask8(flags));
685 fprintf(fp, "%s", _SL_);
687 xfrm_xfrma_print(tb, xsinfo->family, fp, buf);
689 if (!xfrm_selector_iszero(&xsinfo->sel)) {
690 char sbuf[STRBUF_SIZE];
692 memcpy(sbuf, buf, sizeof(sbuf));
693 STRBUF_CAT(sbuf, "sel ");
695 xfrm_selector_print(&xsinfo->sel, xsinfo->family, fp, sbuf);
698 if (show_stats > 0) {
699 xfrm_lifetime_print(&xsinfo->lft, &xsinfo->curlft, fp, buf);
700 xfrm_stats_print(&xsinfo->stats, fp, buf);
704 void xfrm_policy_info_print(struct xfrm_userpolicy_info *xpinfo,
705 struct rtattr *tb[], FILE *fp, const char *prefix,
708 char buf[STRBUF_SIZE];
710 memset(buf, '\0', sizeof(buf));
712 xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
715 STRBUF_CAT(buf, prefix);
716 STRBUF_CAT(buf, "\t");
720 switch (xpinfo->dir) {
724 case XFRM_POLICY_OUT:
727 case XFRM_POLICY_FWD:
731 fprintf(fp, "%u", xpinfo->dir);
736 switch (xpinfo->action) {
737 case XFRM_POLICY_ALLOW:
739 fprintf(fp, "action allow ");
741 case XFRM_POLICY_BLOCK:
742 fprintf(fp, "action block ");
745 fprintf(fp, "action %u ", xpinfo->action);
750 fprintf(fp, "index %u ", xpinfo->index);
751 fprintf(fp, "priority %u ", xpinfo->priority);
752 if (show_stats > 0) {
753 fprintf(fp, "share %s ", strxf_share(xpinfo->share));
754 fprintf(fp, "flag 0x%s", strxf_mask8(xpinfo->flags));
756 fprintf(fp, "%s", _SL_);
759 xfrm_lifetime_print(&xpinfo->lft, &xpinfo->curlft, fp, buf);
761 xfrm_xfrma_print(tb, xpinfo->sel.family, fp, buf);
764 int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
765 int loose, int *argcp, char ***argvp)
768 char **argv = *argvp;
772 memset(&dst, 0, sizeof(dst));
773 memset(&src, 0, sizeof(src));
776 if (strcmp(*argv, "src") == 0) {
779 get_prefix(&src, *argv, preferred_family);
780 if (src.family == AF_UNSPEC)
781 invarg("\"src\" address family is AF_UNSPEC", *argv);
783 *family = src.family;
785 memcpy(saddr, &src.data, sizeof(*saddr));
787 filter.id_src_mask = src.bitlen;
789 } else if (strcmp(*argv, "dst") == 0) {
792 get_prefix(&dst, *argv, preferred_family);
793 if (dst.family == AF_UNSPEC)
794 invarg("\"dst\" address family is AF_UNSPEC", *argv);
796 *family = dst.family;
798 memcpy(&id->daddr, &dst.data, sizeof(id->daddr));
800 filter.id_dst_mask = dst.bitlen;
802 } else if (strcmp(*argv, "proto") == 0) {
807 ret = xfrm_xfrmproto_getbyname(*argv);
809 invarg("\"XFRM_PROTO\" is invalid", *argv);
811 id->proto = (__u8)ret;
813 filter.id_proto_mask = XFRM_FILTER_MASK_FULL;
815 } else if (strcmp(*argv, "spi") == 0) {
819 if (get_u32(&spi, *argv, 0))
820 invarg("\"SPI\" is invalid", *argv);
825 filter.id_spi_mask = XFRM_FILTER_MASK_FULL;
828 PREV_ARG(); /* back track */
837 if (src.family && dst.family && (src.family != dst.family))
838 invarg("the same address family is required between \"src\" and \"dst\"", *argv);
840 if (loose == 0 && id->proto == 0)
841 missarg("XFRM_PROTO");
851 int xfrm_mode_parse(__u8 *mode, int *argcp, char ***argvp)
854 char **argv = *argvp;
856 if (matches(*argv, "transport") == 0)
858 else if (matches(*argv, "tunnel") == 0)
861 invarg("\"MODE\" is invalid", *argv);
869 int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)
872 char **argv = *argvp;
874 if (strcmp(*argv, "espinudp-nonike") == 0)
876 else if (strcmp(*argv, "espinudp") == 0)
879 invarg("\"ENCAP-TYPE\" is invalid", *argv);
887 /* NOTE: reqid is used by host-byte order */
888 int xfrm_reqid_parse(__u32 *reqid, int *argcp, char ***argvp)
891 char **argv = *argvp;
893 if (get_u32(reqid, *argv, 0))
894 invarg("\"REQID\" is invalid", *argv);
902 static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
903 int *argcp, char ***argvp)
906 char **argv = *argvp;
913 if (strcmp(*argv, "proto") == 0) {
918 if (strcmp(*argv, "any") == 0)
922 pp = getprotobyname(*argv);
924 upspec = pp->p_proto;
926 if (get_u8(&upspec, *argv, 0))
927 invarg("\"PROTO\" is invalid", *argv);
932 filter.upspec_proto_mask = XFRM_FILTER_MASK_FULL;
934 } else if (strcmp(*argv, "sport") == 0) {
939 if (get_u16(&sel->sport, *argv, 0))
940 invarg("\"PORT\" is invalid", *argv);
941 sel->sport = htons(sel->sport);
943 sel->sport_mask = ~((__u16)0);
945 filter.upspec_sport_mask = XFRM_FILTER_MASK_FULL;
947 } else if (strcmp(*argv, "dport") == 0) {
952 if (get_u16(&sel->dport, *argv, 0))
953 invarg("\"PORT\" is invalid", *argv);
954 sel->dport = htons(sel->dport);
956 sel->dport_mask = ~((__u16)0);
958 filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
960 } else if (strcmp(*argv, "type") == 0) {
965 if (get_u16(&sel->sport, *argv, 0) ||
966 (sel->sport & ~((__u16)0xff)))
967 invarg("\"type\" value is invalid", *argv);
968 sel->sport = htons(sel->sport);
969 sel->sport_mask = ~((__u16)0);
971 filter.upspec_sport_mask = XFRM_FILTER_MASK_FULL;
974 } else if (strcmp(*argv, "code") == 0) {
979 if (get_u16(&sel->dport, *argv, 0) ||
980 (sel->dport & ~((__u16)0xff)))
981 invarg("\"code\" value is invalid", *argv);
982 sel->dport = htons(sel->dport);
983 sel->dport_mask = ~((__u16)0);
985 filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
988 PREV_ARG(); /* back track */
998 if (sportp || dportp) {
999 switch (sel->proto) {
1006 fprintf(stderr, "\"sport\" and \"dport\" are invalid with proto=%s\n", strxf_proto(sel->proto));
1010 if (typep || codep) {
1011 switch (sel->proto) {
1013 case IPPROTO_ICMPV6:
1016 fprintf(stderr, "\"type\" and \"code\" are invalid with proto=%s\n", strxf_proto(sel->proto));
1027 int xfrm_selector_parse(struct xfrm_selector *sel, int *argcp, char ***argvp)
1030 char **argv = *argvp;
1033 char *upspecp = NULL;
1035 memset(&dst, 0, sizeof(dst));
1036 memset(&src, 0, sizeof(src));
1039 if (strcmp(*argv, "src") == 0) {
1042 get_prefix(&src, *argv, preferred_family);
1043 if (src.family == AF_UNSPEC)
1044 invarg("\"src\" address family is AF_UNSPEC", *argv);
1045 sel->family = src.family;
1047 memcpy(&sel->saddr, &src.data, sizeof(sel->saddr));
1048 sel->prefixlen_s = src.bitlen;
1050 filter.sel_src_mask = src.bitlen;
1052 } else if (strcmp(*argv, "dst") == 0) {
1055 get_prefix(&dst, *argv, preferred_family);
1056 if (dst.family == AF_UNSPEC)
1057 invarg("\"dst\" address family is AF_UNSPEC", *argv);
1058 sel->family = dst.family;
1060 memcpy(&sel->daddr, &dst.data, sizeof(sel->daddr));
1061 sel->prefixlen_d = dst.bitlen;
1063 filter.sel_dst_mask = dst.bitlen;
1065 } else if (strcmp(*argv, "dev") == 0) {
1070 if (strcmp(*argv, "none") == 0)
1073 ifindex = if_nametoindex(*argv);
1075 invarg("\"DEV\" is invalid", *argv);
1077 sel->ifindex = ifindex;
1079 filter.sel_dev_mask = XFRM_FILTER_MASK_FULL;
1083 PREV_ARG(); /* back track */
1087 xfrm_selector_upspec_parse(sel, &argc, &argv);
1097 if (src.family && dst.family && (src.family != dst.family))
1098 invarg("the same address family is required between \"src\" and \"dst\"", *argv);
1101 missarg("SELECTOR");
1109 int xfrm_lifetime_cfg_parse(struct xfrm_lifetime_cfg *lft,
1110 int *argcp, char ***argvp)
1113 char **argv = *argvp;
1116 if (strcmp(*argv, "time-soft") == 0) {
1118 ret = get_u64(&lft->soft_add_expires_seconds, *argv, 0);
1120 invarg("\"time-soft\" value is invalid", *argv);
1121 } else if (strcmp(*argv, "time-hard") == 0) {
1123 ret = get_u64(&lft->hard_add_expires_seconds, *argv, 0);
1125 invarg("\"time-hard\" value is invalid", *argv);
1126 } else if (strcmp(*argv, "time-use-soft") == 0) {
1128 ret = get_u64(&lft->soft_use_expires_seconds, *argv, 0);
1130 invarg("\"time-use-soft\" value is invalid", *argv);
1131 } else if (strcmp(*argv, "time-use-hard") == 0) {
1133 ret = get_u64(&lft->hard_use_expires_seconds, *argv, 0);
1135 invarg("\"time-use-hard\" value is invalid", *argv);
1136 } else if (strcmp(*argv, "byte-soft") == 0) {
1138 ret = get_u64(&lft->soft_byte_limit, *argv, 0);
1140 invarg("\"byte-soft\" value is invalid", *argv);
1141 } else if (strcmp(*argv, "byte-hard") == 0) {
1143 ret = get_u64(&lft->hard_byte_limit, *argv, 0);
1145 invarg("\"byte-hard\" value is invalid", *argv);
1146 } else if (strcmp(*argv, "packet-soft") == 0) {
1148 ret = get_u64(&lft->soft_packet_limit, *argv, 0);
1150 invarg("\"packet-soft\" value is invalid", *argv);
1151 } else if (strcmp(*argv, "packet-hard") == 0) {
1153 ret = get_u64(&lft->hard_packet_limit, *argv, 0);
1155 invarg("\"packet-hard\" value is invalid", *argv);
1157 invarg("\"LIMIT\" is invalid", *argv);
1165 int do_xfrm(int argc, char **argv)
1167 memset(&filter, 0, sizeof(filter));
1172 if (matches(*argv, "state") == 0 ||
1173 matches(*argv, "sa") == 0)
1174 return do_xfrm_state(argc-1, argv+1);
1175 else if (matches(*argv, "policy") == 0)
1176 return do_xfrm_policy(argc-1, argv+1);
1177 else if (matches(*argv, "monitor") == 0)
1178 return do_xfrm_monitor(argc-1, argv+1);
1179 else if (matches(*argv, "help") == 0) {
1181 fprintf(stderr, "xfrm Object \"%s\" is unknown.\n", *argv);
git://git.onelab.eu / iproute2.git / blob