1105197Ssam/* $FreeBSD$ */ 2105197Ssam/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3105197Ssam 4139823Simp/*- 5105197Ssam * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6105197Ssam * All rights reserved. 7105197Ssam * 8105197Ssam * Redistribution and use in source and binary forms, with or without 9105197Ssam * modification, are permitted provided that the following conditions 10105197Ssam * are met: 11105197Ssam * 1. Redistributions of source code must retain the above copyright 12105197Ssam * notice, this list of conditions and the following disclaimer. 13105197Ssam * 2. Redistributions in binary form must reproduce the above copyright 14105197Ssam * notice, this list of conditions and the following disclaimer in the 15105197Ssam * documentation and/or other materials provided with the distribution. 16105197Ssam * 3. Neither the name of the project nor the names of its contributors 17105197Ssam * may be used to endorse or promote products derived from this software 18105197Ssam * without specific prior written permission. 19105197Ssam * 20105197Ssam * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21105197Ssam * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22105197Ssam * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23105197Ssam * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24105197Ssam * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25105197Ssam * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26105197Ssam * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27105197Ssam * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28105197Ssam * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29105197Ssam * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30105197Ssam * SUCH DAMAGE. 31105197Ssam */ 32105197Ssam 33105197Ssam#ifdef _KERNEL 34105197Ssam#include "opt_inet.h" 35105197Ssam#include "opt_inet6.h" 36105197Ssam#include "opt_ipsec.h" 37105197Ssam#endif 38105197Ssam 39105197Ssam#include <sys/types.h> 40105197Ssam#include <sys/param.h> 41105197Ssam#ifdef _KERNEL 42105197Ssam#include <sys/systm.h> 43105197Ssam#include <sys/mbuf.h> 44105197Ssam#include <sys/queue.h> 45105197Ssam#endif 46105197Ssam#include <sys/socket.h> 47105197Ssam 48105197Ssam#include <net/route.h> 49195699Srwatson#include <net/vnet.h> 50105197Ssam 51105197Ssam#include <netipsec/key_var.h> 52105197Ssam#include <netipsec/key_debug.h> 53105197Ssam 54105197Ssam#include <netinet/in.h> 55105197Ssam#include <netipsec/ipsec.h> 56176743Sbz#ifdef _KERNEL 57176743Sbz#include <netipsec/keydb.h> 58176743Sbz#endif 59105197Ssam 60105197Ssam#ifndef _KERNEL 61105197Ssam#include <ctype.h> 62105197Ssam#include <stdio.h> 63105197Ssam#include <stdlib.h> 64105197Ssam#endif /* !_KERNEL */ 65105197Ssam 66105197Ssamstatic void kdebug_sadb_prop __P((struct sadb_ext *)); 67105197Ssamstatic void kdebug_sadb_identity __P((struct sadb_ext *)); 68105197Ssamstatic void kdebug_sadb_supported __P((struct sadb_ext *)); 69105197Ssamstatic void kdebug_sadb_lifetime __P((struct sadb_ext *)); 70105197Ssamstatic void kdebug_sadb_sa __P((struct sadb_ext *)); 71105197Ssamstatic void kdebug_sadb_address __P((struct sadb_ext *)); 72105197Ssamstatic void kdebug_sadb_key __P((struct sadb_ext *)); 73105197Ssamstatic void kdebug_sadb_x_sa2 __P((struct sadb_ext *)); 74105197Ssam 75105197Ssam#ifdef _KERNEL 76105197Ssamstatic void kdebug_secreplay __P((struct secreplay *)); 77105197Ssam#endif 78105197Ssam 79105197Ssam#ifndef _KERNEL 80171133Sgnn#define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 81105197Ssam#endif 82105197Ssam 83105197Ssam/* NOTE: host byte order */ 84105197Ssam 85105197Ssam/* %%%: about struct sadb_msg */ 86105197Ssamvoid 87105197Ssamkdebug_sadb(base) 88105197Ssam struct sadb_msg *base; 89105197Ssam{ 90105197Ssam struct sadb_ext *ext; 91105197Ssam int tlen, extlen; 92105197Ssam 93105197Ssam /* sanity check */ 94105197Ssam if (base == NULL) 95120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 96105197Ssam 97105197Ssam printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n", 98105197Ssam base->sadb_msg_version, base->sadb_msg_type, 99105197Ssam base->sadb_msg_errno, base->sadb_msg_satype); 100105197Ssam printf(" len=%u reserved=%u seq=%u pid=%u\n", 101105197Ssam base->sadb_msg_len, base->sadb_msg_reserved, 102105197Ssam base->sadb_msg_seq, base->sadb_msg_pid); 103105197Ssam 104105197Ssam tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 105105197Ssam ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 106105197Ssam 107105197Ssam while (tlen > 0) { 108105197Ssam printf("sadb_ext{ len=%u type=%u }\n", 109105197Ssam ext->sadb_ext_len, ext->sadb_ext_type); 110105197Ssam 111105197Ssam if (ext->sadb_ext_len == 0) { 112120585Ssam printf("%s: invalid ext_len=0 was passed.\n", __func__); 113105197Ssam return; 114105197Ssam } 115105197Ssam if (ext->sadb_ext_len > tlen) { 116120585Ssam printf("%s: ext_len too big (%u > %u).\n", 117120585Ssam __func__, ext->sadb_ext_len, tlen); 118105197Ssam return; 119105197Ssam } 120105197Ssam 121105197Ssam switch (ext->sadb_ext_type) { 122105197Ssam case SADB_EXT_SA: 123105197Ssam kdebug_sadb_sa(ext); 124105197Ssam break; 125105197Ssam case SADB_EXT_LIFETIME_CURRENT: 126105197Ssam case SADB_EXT_LIFETIME_HARD: 127105197Ssam case SADB_EXT_LIFETIME_SOFT: 128105197Ssam kdebug_sadb_lifetime(ext); 129105197Ssam break; 130105197Ssam case SADB_EXT_ADDRESS_SRC: 131105197Ssam case SADB_EXT_ADDRESS_DST: 132105197Ssam case SADB_EXT_ADDRESS_PROXY: 133105197Ssam kdebug_sadb_address(ext); 134105197Ssam break; 135105197Ssam case SADB_EXT_KEY_AUTH: 136105197Ssam case SADB_EXT_KEY_ENCRYPT: 137105197Ssam kdebug_sadb_key(ext); 138105197Ssam break; 139105197Ssam case SADB_EXT_IDENTITY_SRC: 140105197Ssam case SADB_EXT_IDENTITY_DST: 141105197Ssam kdebug_sadb_identity(ext); 142105197Ssam break; 143105197Ssam case SADB_EXT_SENSITIVITY: 144105197Ssam break; 145105197Ssam case SADB_EXT_PROPOSAL: 146105197Ssam kdebug_sadb_prop(ext); 147105197Ssam break; 148105197Ssam case SADB_EXT_SUPPORTED_AUTH: 149105197Ssam case SADB_EXT_SUPPORTED_ENCRYPT: 150105197Ssam kdebug_sadb_supported(ext); 151105197Ssam break; 152105197Ssam case SADB_EXT_SPIRANGE: 153105197Ssam case SADB_X_EXT_KMPRIVATE: 154105197Ssam break; 155105197Ssam case SADB_X_EXT_POLICY: 156105197Ssam kdebug_sadb_x_policy(ext); 157105197Ssam break; 158105197Ssam case SADB_X_EXT_SA2: 159105197Ssam kdebug_sadb_x_sa2(ext); 160105197Ssam break; 161105197Ssam default: 162120585Ssam printf("%s: invalid ext_type %u\n", __func__, 163105197Ssam ext->sadb_ext_type); 164105197Ssam return; 165105197Ssam } 166105197Ssam 167105197Ssam extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 168105197Ssam tlen -= extlen; 169105197Ssam ext = (struct sadb_ext *)((caddr_t)ext + extlen); 170105197Ssam } 171105197Ssam 172105197Ssam return; 173105197Ssam} 174105197Ssam 175105197Ssamstatic void 176105197Ssamkdebug_sadb_prop(ext) 177105197Ssam struct sadb_ext *ext; 178105197Ssam{ 179105197Ssam struct sadb_prop *prop = (struct sadb_prop *)ext; 180105197Ssam struct sadb_comb *comb; 181105197Ssam int len; 182105197Ssam 183105197Ssam /* sanity check */ 184105197Ssam if (ext == NULL) 185120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 186105197Ssam 187105197Ssam len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 188105197Ssam / sizeof(*comb); 189105197Ssam comb = (struct sadb_comb *)(prop + 1); 190105197Ssam printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 191105197Ssam 192105197Ssam while (len--) { 193105197Ssam printf("sadb_comb{ auth=%u encrypt=%u " 194105197Ssam "flags=0x%04x reserved=0x%08x\n", 195105197Ssam comb->sadb_comb_auth, comb->sadb_comb_encrypt, 196105197Ssam comb->sadb_comb_flags, comb->sadb_comb_reserved); 197105197Ssam 198105197Ssam printf(" auth_minbits=%u auth_maxbits=%u " 199105197Ssam "encrypt_minbits=%u encrypt_maxbits=%u\n", 200105197Ssam comb->sadb_comb_auth_minbits, 201105197Ssam comb->sadb_comb_auth_maxbits, 202105197Ssam comb->sadb_comb_encrypt_minbits, 203105197Ssam comb->sadb_comb_encrypt_maxbits); 204105197Ssam 205105197Ssam printf(" soft_alloc=%u hard_alloc=%u " 206105197Ssam "soft_bytes=%lu hard_bytes=%lu\n", 207105197Ssam comb->sadb_comb_soft_allocations, 208105197Ssam comb->sadb_comb_hard_allocations, 209105197Ssam (unsigned long)comb->sadb_comb_soft_bytes, 210105197Ssam (unsigned long)comb->sadb_comb_hard_bytes); 211105197Ssam 212105197Ssam printf(" soft_alloc=%lu hard_alloc=%lu " 213105197Ssam "soft_bytes=%lu hard_bytes=%lu }\n", 214105197Ssam (unsigned long)comb->sadb_comb_soft_addtime, 215105197Ssam (unsigned long)comb->sadb_comb_hard_addtime, 216105197Ssam (unsigned long)comb->sadb_comb_soft_usetime, 217105197Ssam (unsigned long)comb->sadb_comb_hard_usetime); 218105197Ssam comb++; 219105197Ssam } 220105197Ssam printf("}\n"); 221105197Ssam 222105197Ssam return; 223105197Ssam} 224105197Ssam 225105197Ssamstatic void 226105197Ssamkdebug_sadb_identity(ext) 227105197Ssam struct sadb_ext *ext; 228105197Ssam{ 229105197Ssam struct sadb_ident *id = (struct sadb_ident *)ext; 230105197Ssam int len; 231105197Ssam 232105197Ssam /* sanity check */ 233105197Ssam if (ext == NULL) 234120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 235105197Ssam 236105197Ssam len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 237105197Ssam printf("sadb_ident_%s{", 238105197Ssam id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 239105197Ssam switch (id->sadb_ident_type) { 240105197Ssam default: 241105197Ssam printf(" type=%d id=%lu", 242105197Ssam id->sadb_ident_type, (u_long)id->sadb_ident_id); 243105197Ssam if (len) { 244105197Ssam#ifdef _KERNEL 245105197Ssam ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 246105197Ssam#else 247105197Ssam char *p, *ep; 248105197Ssam printf("\n str=\""); 249105197Ssam p = (char *)(id + 1); 250105197Ssam ep = p + len; 251105197Ssam for (/*nothing*/; *p && p < ep; p++) { 252105197Ssam if (isprint(*p)) 253105197Ssam printf("%c", *p & 0xff); 254105197Ssam else 255105197Ssam printf("\\%03o", *p & 0xff); 256105197Ssam } 257105197Ssam#endif 258105197Ssam printf("\""); 259105197Ssam } 260105197Ssam break; 261105197Ssam } 262105197Ssam 263105197Ssam printf(" }\n"); 264105197Ssam 265105197Ssam return; 266105197Ssam} 267105197Ssam 268105197Ssamstatic void 269105197Ssamkdebug_sadb_supported(ext) 270105197Ssam struct sadb_ext *ext; 271105197Ssam{ 272105197Ssam struct sadb_supported *sup = (struct sadb_supported *)ext; 273105197Ssam struct sadb_alg *alg; 274105197Ssam int len; 275105197Ssam 276105197Ssam /* sanity check */ 277105197Ssam if (ext == NULL) 278120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 279105197Ssam 280105197Ssam len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 281105197Ssam / sizeof(*alg); 282105197Ssam alg = (struct sadb_alg *)(sup + 1); 283105197Ssam printf("sadb_sup{\n"); 284105197Ssam while (len--) { 285105197Ssam printf(" { id=%d ivlen=%d min=%d max=%d }\n", 286105197Ssam alg->sadb_alg_id, alg->sadb_alg_ivlen, 287105197Ssam alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 288105197Ssam alg++; 289105197Ssam } 290105197Ssam printf("}\n"); 291105197Ssam 292105197Ssam return; 293105197Ssam} 294105197Ssam 295105197Ssamstatic void 296105197Ssamkdebug_sadb_lifetime(ext) 297105197Ssam struct sadb_ext *ext; 298105197Ssam{ 299105197Ssam struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 300105197Ssam 301105197Ssam /* sanity check */ 302105197Ssam if (ext == NULL) 303176743Sbz panic("%s: NULL pointer was passed.\n", __func__); 304105197Ssam 305105197Ssam printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 306105197Ssam lft->sadb_lifetime_allocations, 307105197Ssam (u_int32_t)lft->sadb_lifetime_bytes); 308105197Ssam printf(" addtime=%u, usetime=%u }\n", 309105197Ssam (u_int32_t)lft->sadb_lifetime_addtime, 310105197Ssam (u_int32_t)lft->sadb_lifetime_usetime); 311105197Ssam 312105197Ssam return; 313105197Ssam} 314105197Ssam 315105197Ssamstatic void 316105197Ssamkdebug_sadb_sa(ext) 317105197Ssam struct sadb_ext *ext; 318105197Ssam{ 319105197Ssam struct sadb_sa *sa = (struct sadb_sa *)ext; 320105197Ssam 321105197Ssam /* sanity check */ 322105197Ssam if (ext == NULL) 323120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 324105197Ssam 325105197Ssam printf("sadb_sa{ spi=%u replay=%u state=%u\n", 326105197Ssam (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 327105197Ssam sa->sadb_sa_state); 328105197Ssam printf(" auth=%u encrypt=%u flags=0x%08x }\n", 329105197Ssam sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 330105197Ssam 331105197Ssam return; 332105197Ssam} 333105197Ssam 334105197Ssamstatic void 335105197Ssamkdebug_sadb_address(ext) 336105197Ssam struct sadb_ext *ext; 337105197Ssam{ 338105197Ssam struct sadb_address *addr = (struct sadb_address *)ext; 339105197Ssam 340105197Ssam /* sanity check */ 341105197Ssam if (ext == NULL) 342120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 343105197Ssam 344105197Ssam printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 345105197Ssam addr->sadb_address_proto, addr->sadb_address_prefixlen, 346105197Ssam ((u_char *)&addr->sadb_address_reserved)[0], 347105197Ssam ((u_char *)&addr->sadb_address_reserved)[1]); 348105197Ssam 349105197Ssam kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 350105197Ssam 351105197Ssam return; 352105197Ssam} 353105197Ssam 354105197Ssamstatic void 355105197Ssamkdebug_sadb_key(ext) 356105197Ssam struct sadb_ext *ext; 357105197Ssam{ 358105197Ssam struct sadb_key *key = (struct sadb_key *)ext; 359105197Ssam 360105197Ssam /* sanity check */ 361105197Ssam if (ext == NULL) 362120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 363105197Ssam 364105197Ssam printf("sadb_key{ bits=%u reserved=%u\n", 365105197Ssam key->sadb_key_bits, key->sadb_key_reserved); 366105197Ssam printf(" key="); 367105197Ssam 368105197Ssam /* sanity check 2 */ 369105197Ssam if ((key->sadb_key_bits >> 3) > 370105197Ssam (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 371120585Ssam printf("%s: key length mismatch, bit:%d len:%ld.\n", 372120585Ssam __func__, 373105197Ssam key->sadb_key_bits >> 3, 374105197Ssam (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 375105197Ssam } 376105197Ssam 377105197Ssam ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 378105197Ssam key->sadb_key_bits >> 3); 379105197Ssam printf(" }\n"); 380105197Ssam return; 381105197Ssam} 382105197Ssam 383105197Ssamstatic void 384105197Ssamkdebug_sadb_x_sa2(ext) 385105197Ssam struct sadb_ext *ext; 386105197Ssam{ 387105197Ssam struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 388105197Ssam 389105197Ssam /* sanity check */ 390105197Ssam if (ext == NULL) 391120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 392105197Ssam 393105197Ssam printf("sadb_x_sa2{ mode=%u reqid=%u\n", 394105197Ssam sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 395105197Ssam printf(" reserved1=%u reserved2=%u sequence=%u }\n", 396105197Ssam sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 397105197Ssam sa2->sadb_x_sa2_sequence); 398105197Ssam 399105197Ssam return; 400105197Ssam} 401105197Ssam 402105197Ssamvoid 403105197Ssamkdebug_sadb_x_policy(ext) 404105197Ssam struct sadb_ext *ext; 405105197Ssam{ 406105197Ssam struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 407105197Ssam struct sockaddr *addr; 408105197Ssam 409105197Ssam /* sanity check */ 410105197Ssam if (ext == NULL) 411120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 412105197Ssam 413105197Ssam printf("sadb_x_policy{ type=%u dir=%u id=%x }\n", 414105197Ssam xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 415105197Ssam xpl->sadb_x_policy_id); 416105197Ssam 417105197Ssam if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 418105197Ssam int tlen; 419105197Ssam struct sadb_x_ipsecrequest *xisr; 420105197Ssam 421105197Ssam tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 422105197Ssam xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 423105197Ssam 424105197Ssam while (tlen > 0) { 425105197Ssam printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 426105197Ssam xisr->sadb_x_ipsecrequest_len, 427105197Ssam xisr->sadb_x_ipsecrequest_proto, 428105197Ssam xisr->sadb_x_ipsecrequest_mode, 429105197Ssam xisr->sadb_x_ipsecrequest_level, 430105197Ssam xisr->sadb_x_ipsecrequest_reqid); 431105197Ssam 432105197Ssam if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 433105197Ssam addr = (struct sockaddr *)(xisr + 1); 434105197Ssam kdebug_sockaddr(addr); 435105197Ssam addr = (struct sockaddr *)((caddr_t)addr 436105197Ssam + addr->sa_len); 437105197Ssam kdebug_sockaddr(addr); 438105197Ssam } 439105197Ssam 440105197Ssam printf(" }\n"); 441105197Ssam 442105197Ssam /* prevent infinite loop */ 443105197Ssam if (xisr->sadb_x_ipsecrequest_len <= 0) { 444120585Ssam printf("%s: wrong policy struct.\n", __func__); 445105197Ssam return; 446105197Ssam } 447105197Ssam /* prevent overflow */ 448105197Ssam if (xisr->sadb_x_ipsecrequest_len > tlen) { 449120585Ssam printf("%s: invalid ipsec policy length " 450120585Ssam "(%u > %u)\n", __func__, 451120585Ssam xisr->sadb_x_ipsecrequest_len, tlen); 452105197Ssam return; 453105197Ssam } 454105197Ssam 455105197Ssam tlen -= xisr->sadb_x_ipsecrequest_len; 456105197Ssam 457105197Ssam xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 458105197Ssam + xisr->sadb_x_ipsecrequest_len); 459105197Ssam } 460105197Ssam 461105197Ssam if (tlen != 0) 462120585Ssam panic("%s: wrong policy struct.\n", __func__); 463105197Ssam } 464105197Ssam 465105197Ssam return; 466105197Ssam} 467105197Ssam 468105197Ssam#ifdef _KERNEL 469105197Ssam/* %%%: about SPD and SAD */ 470105197Ssamvoid 471105197Ssamkdebug_secpolicy(sp) 472105197Ssam struct secpolicy *sp; 473105197Ssam{ 474105197Ssam /* sanity check */ 475105197Ssam if (sp == NULL) 476120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 477105197Ssam 478105197Ssam printf("secpolicy{ refcnt=%u state=%u policy=%u\n", 479105197Ssam sp->refcnt, sp->state, sp->policy); 480105197Ssam 481105197Ssam kdebug_secpolicyindex(&sp->spidx); 482105197Ssam 483105197Ssam switch (sp->policy) { 484105197Ssam case IPSEC_POLICY_DISCARD: 485105197Ssam printf(" type=discard }\n"); 486105197Ssam break; 487105197Ssam case IPSEC_POLICY_NONE: 488105197Ssam printf(" type=none }\n"); 489105197Ssam break; 490105197Ssam case IPSEC_POLICY_IPSEC: 491105197Ssam { 492105197Ssam struct ipsecrequest *isr; 493105197Ssam for (isr = sp->req; isr != NULL; isr = isr->next) { 494105197Ssam 495105197Ssam printf(" level=%u\n", isr->level); 496105197Ssam kdebug_secasindex(&isr->saidx); 497105197Ssam 498105197Ssam if (isr->sav != NULL) 499105197Ssam kdebug_secasv(isr->sav); 500105197Ssam } 501105197Ssam printf(" }\n"); 502105197Ssam } 503105197Ssam break; 504105197Ssam case IPSEC_POLICY_BYPASS: 505105197Ssam printf(" type=bypass }\n"); 506105197Ssam break; 507105197Ssam case IPSEC_POLICY_ENTRUST: 508105197Ssam printf(" type=entrust }\n"); 509105197Ssam break; 510105197Ssam default: 511120585Ssam printf("%s: Invalid policy found. %d\n", __func__, sp->policy); 512105197Ssam break; 513105197Ssam } 514105197Ssam 515105197Ssam return; 516105197Ssam} 517105197Ssam 518105197Ssamvoid 519105197Ssamkdebug_secpolicyindex(spidx) 520105197Ssam struct secpolicyindex *spidx; 521105197Ssam{ 522105197Ssam /* sanity check */ 523105197Ssam if (spidx == NULL) 524120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 525105197Ssam 526105197Ssam printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n", 527105197Ssam spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto); 528105197Ssam 529105197Ssam ipsec_hexdump((caddr_t)&spidx->src, 530105197Ssam ((struct sockaddr *)&spidx->src)->sa_len); 531105197Ssam printf("\n"); 532105197Ssam ipsec_hexdump((caddr_t)&spidx->dst, 533105197Ssam ((struct sockaddr *)&spidx->dst)->sa_len); 534105197Ssam printf("}\n"); 535105197Ssam 536105197Ssam return; 537105197Ssam} 538105197Ssam 539105197Ssamvoid 540105197Ssamkdebug_secasindex(saidx) 541105197Ssam struct secasindex *saidx; 542105197Ssam{ 543105197Ssam /* sanity check */ 544105197Ssam if (saidx == NULL) 545120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 546105197Ssam 547105197Ssam printf("secasindex{ mode=%u proto=%u\n", 548105197Ssam saidx->mode, saidx->proto); 549105197Ssam 550105197Ssam ipsec_hexdump((caddr_t)&saidx->src, 551105197Ssam ((struct sockaddr *)&saidx->src)->sa_len); 552105197Ssam printf("\n"); 553105197Ssam ipsec_hexdump((caddr_t)&saidx->dst, 554105197Ssam ((struct sockaddr *)&saidx->dst)->sa_len); 555105197Ssam printf("\n"); 556105197Ssam 557105197Ssam return; 558105197Ssam} 559105197Ssam 560176743Sbzstatic void 561176743Sbzkdebug_sec_lifetime(struct seclifetime *lft) 562176743Sbz{ 563176743Sbz /* sanity check */ 564176743Sbz if (lft == NULL) 565176743Sbz panic("%s: NULL pointer was passed.\n", __func__); 566176743Sbz 567176743Sbz printf("sec_lifetime{ alloc=%u, bytes=%u\n", 568176743Sbz lft->allocations, (u_int32_t)lft->bytes); 569176743Sbz printf(" addtime=%u, usetime=%u }\n", 570176743Sbz (u_int32_t)lft->addtime, (u_int32_t)lft->usetime); 571176743Sbz 572176743Sbz return; 573176743Sbz} 574176743Sbz 575105197Ssamvoid 576105197Ssamkdebug_secasv(sav) 577105197Ssam struct secasvar *sav; 578105197Ssam{ 579105197Ssam /* sanity check */ 580105197Ssam if (sav == NULL) 581120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 582105197Ssam 583105197Ssam printf("secas{"); 584105197Ssam kdebug_secasindex(&sav->sah->saidx); 585105197Ssam 586105197Ssam printf(" refcnt=%u state=%u auth=%u enc=%u\n", 587105197Ssam sav->refcnt, sav->state, sav->alg_auth, sav->alg_enc); 588105197Ssam printf(" spi=%u flags=%u\n", 589105197Ssam (u_int32_t)ntohl(sav->spi), sav->flags); 590105197Ssam 591105197Ssam if (sav->key_auth != NULL) 592105197Ssam kdebug_sadb_key((struct sadb_ext *)sav->key_auth); 593105197Ssam if (sav->key_enc != NULL) 594105197Ssam kdebug_sadb_key((struct sadb_ext *)sav->key_enc); 595105197Ssam if (sav->iv != NULL) { 596105197Ssam printf(" iv="); 597105197Ssam ipsec_hexdump(sav->iv, sav->ivlen ? sav->ivlen : 8); 598105197Ssam printf("\n"); 599105197Ssam } 600105197Ssam 601105197Ssam if (sav->replay != NULL) 602105197Ssam kdebug_secreplay(sav->replay); 603105197Ssam if (sav->lft_c != NULL) 604176743Sbz kdebug_sec_lifetime(sav->lft_c); 605105197Ssam if (sav->lft_h != NULL) 606176743Sbz kdebug_sec_lifetime(sav->lft_h); 607105197Ssam if (sav->lft_s != NULL) 608176743Sbz kdebug_sec_lifetime(sav->lft_s); 609105197Ssam 610153110Sru#ifdef notyet 611105197Ssam /* XXX: misc[123] ? */ 612105197Ssam#endif 613105197Ssam 614105197Ssam return; 615105197Ssam} 616105197Ssam 617105197Ssamstatic void 618105197Ssamkdebug_secreplay(rpl) 619105197Ssam struct secreplay *rpl; 620105197Ssam{ 621105197Ssam int len, l; 622105197Ssam 623105197Ssam /* sanity check */ 624105197Ssam if (rpl == NULL) 625120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 626105197Ssam 627105197Ssam printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u", 628105197Ssam rpl->count, rpl->wsize, rpl->seq, rpl->lastseq); 629105197Ssam 630105197Ssam if (rpl->bitmap == NULL) { 631105197Ssam printf(" }\n"); 632105197Ssam return; 633105197Ssam } 634105197Ssam 635105197Ssam printf("\n bitmap { "); 636105197Ssam 637105197Ssam for (len = 0; len < rpl->wsize; len++) { 638105197Ssam for (l = 7; l >= 0; l--) 639105197Ssam printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 640105197Ssam } 641105197Ssam printf(" }\n"); 642105197Ssam 643105197Ssam return; 644105197Ssam} 645105197Ssam 646105197Ssamvoid 647105197Ssamkdebug_mbufhdr(m) 648105197Ssam struct mbuf *m; 649105197Ssam{ 650105197Ssam /* sanity check */ 651105197Ssam if (m == NULL) 652105197Ssam return; 653105197Ssam 654105197Ssam printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 655105197Ssam "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 656105197Ssam m, m->m_next, m->m_nextpkt, m->m_data, 657105197Ssam m->m_len, m->m_type, m->m_flags); 658105197Ssam 659105197Ssam if (m->m_flags & M_PKTHDR) { 660105197Ssam printf(" m_pkthdr{ len:%d rcvif:%p }\n", 661105197Ssam m->m_pkthdr.len, m->m_pkthdr.rcvif); 662105197Ssam } 663105197Ssam 664105197Ssam if (m->m_flags & M_EXT) { 665105197Ssam printf(" m_ext{ ext_buf:%p ext_free:%p " 666105197Ssam "ext_size:%u ref_cnt:%p }\n", 667105197Ssam m->m_ext.ext_buf, m->m_ext.ext_free, 668105197Ssam m->m_ext.ext_size, m->m_ext.ref_cnt); 669105197Ssam } 670105197Ssam 671105197Ssam return; 672105197Ssam} 673105197Ssam 674105197Ssamvoid 675105197Ssamkdebug_mbuf(m0) 676105197Ssam struct mbuf *m0; 677105197Ssam{ 678105197Ssam struct mbuf *m = m0; 679105197Ssam int i, j; 680105197Ssam 681105197Ssam for (j = 0; m; m = m->m_next) { 682105197Ssam kdebug_mbufhdr(m); 683105197Ssam printf(" m_data:\n"); 684105197Ssam for (i = 0; i < m->m_len; i++) { 685105197Ssam if (i && i % 32 == 0) 686105197Ssam printf("\n"); 687105197Ssam if (i % 4 == 0) 688105197Ssam printf(" "); 689105197Ssam printf("%02x", mtod(m, u_char *)[i]); 690105197Ssam j++; 691105197Ssam } 692105197Ssam printf("\n"); 693105197Ssam } 694105197Ssam 695105197Ssam return; 696105197Ssam} 697105197Ssam#endif /* _KERNEL */ 698105197Ssam 699105197Ssamvoid 700105197Ssamkdebug_sockaddr(addr) 701105197Ssam struct sockaddr *addr; 702105197Ssam{ 703105197Ssam struct sockaddr_in *sin4; 704105197Ssam#ifdef INET6 705105197Ssam struct sockaddr_in6 *sin6; 706105197Ssam#endif 707105197Ssam 708105197Ssam /* sanity check */ 709105197Ssam if (addr == NULL) 710120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 711105197Ssam 712105197Ssam /* NOTE: We deal with port number as host byte order. */ 713105197Ssam printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family); 714105197Ssam 715105197Ssam switch (addr->sa_family) { 716105197Ssam case AF_INET: 717105197Ssam sin4 = (struct sockaddr_in *)addr; 718105197Ssam printf(" port=%u\n", ntohs(sin4->sin_port)); 719105197Ssam ipsec_hexdump((caddr_t)&sin4->sin_addr, sizeof(sin4->sin_addr)); 720105197Ssam break; 721105197Ssam#ifdef INET6 722105197Ssam case AF_INET6: 723105197Ssam sin6 = (struct sockaddr_in6 *)addr; 724105197Ssam printf(" port=%u\n", ntohs(sin6->sin6_port)); 725105197Ssam printf(" flowinfo=0x%08x, scope_id=0x%08x\n", 726105197Ssam sin6->sin6_flowinfo, sin6->sin6_scope_id); 727105197Ssam ipsec_hexdump((caddr_t)&sin6->sin6_addr, 728105197Ssam sizeof(sin6->sin6_addr)); 729105197Ssam break; 730105197Ssam#endif 731105197Ssam } 732105197Ssam 733105197Ssam printf(" }\n"); 734105197Ssam 735105197Ssam return; 736105197Ssam} 737105197Ssam 738105197Ssamvoid 739105197Ssamipsec_bindump(buf, len) 740105197Ssam caddr_t buf; 741105197Ssam int len; 742105197Ssam{ 743105197Ssam int i; 744105197Ssam 745105197Ssam for (i = 0; i < len; i++) 746105197Ssam printf("%c", (unsigned char)buf[i]); 747105197Ssam 748105197Ssam return; 749105197Ssam} 750105197Ssam 751105197Ssam 752105197Ssamvoid 753105197Ssamipsec_hexdump(buf, len) 754105197Ssam caddr_t buf; 755105197Ssam int len; 756105197Ssam{ 757105197Ssam int i; 758105197Ssam 759105197Ssam for (i = 0; i < len; i++) { 760105197Ssam if (i != 0 && i % 32 == 0) printf("\n"); 761105197Ssam if (i % 4 == 0) printf(" "); 762105197Ssam printf("%02x", (unsigned char)buf[i]); 763105197Ssam } 764105197Ssam#if 0 765105197Ssam if (i % 32 != 0) printf("\n"); 766105197Ssam#endif 767105197Ssam 768105197Ssam return; 769105197Ssam} 770