1122107Sume/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */ 262583Sitojun 355505Sshin/* 455505Sshin * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 555505Sshin * All rights reserved. 655505Sshin * 755505Sshin * Redistribution and use in source and binary forms, with or without 855505Sshin * modification, are permitted provided that the following conditions 955505Sshin * are met: 1055505Sshin * 1. Redistributions of source code must retain the above copyright 1155505Sshin * notice, this list of conditions and the following disclaimer. 1255505Sshin * 2. Redistributions in binary form must reproduce the above copyright 1355505Sshin * notice, this list of conditions and the following disclaimer in the 1455505Sshin * documentation and/or other materials provided with the distribution. 1555505Sshin * 3. Neither the name of the project nor the names of its contributors 1655505Sshin * may be used to endorse or promote products derived from this software 1755505Sshin * without specific prior written permission. 1855505Sshin * 1955505Sshin * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2055505Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2155505Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2255505Sshin * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2355505Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2455505Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2555505Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2655505Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2755505Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2855505Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2955505Sshin * SUCH DAMAGE. 3055505Sshin */ 3155505Sshin 3284208Sdillon#include <sys/cdefs.h> 3384208Sdillon__FBSDID("$FreeBSD$"); 3484208Sdillon 3555505Sshin#include <sys/types.h> 3655505Sshin#include <sys/param.h> 3755505Sshin#include <sys/socket.h> 38171135Sgnn#include <netipsec/ipsec.h> 3955505Sshin#include <net/pfkeyv2.h> 40171135Sgnn#include <netipsec/key_var.h> 41171135Sgnn#include <netipsec/key_debug.h> 4255505Sshin 4355505Sshin#include <netinet/in.h> 4455505Sshin#include <arpa/inet.h> 4555505Sshin 4655505Sshin#include <stdlib.h> 4755505Sshin#include <unistd.h> 4855505Sshin#include <stdio.h> 4955505Sshin#include <string.h> 5055505Sshin#include <time.h> 5162583Sitojun#include <netdb.h> 5255505Sshin 5355505Sshin#include "ipsec_strerror.h" 5462583Sitojun#include "libpfkey.h" 5555505Sshin 5678064Sume/* cope with old kame headers - ugly */ 5778064Sume#ifndef SADB_X_AALG_MD5 5878064Sume#define SADB_X_AALG_MD5 SADB_AALG_MD5 5978064Sume#endif 6078064Sume#ifndef SADB_X_AALG_SHA 6178064Sume#define SADB_X_AALG_SHA SADB_AALG_SHA 6278064Sume#endif 6378064Sume#ifndef SADB_X_AALG_NULL 6478064Sume#define SADB_X_AALG_NULL SADB_AALG_NULL 6578064Sume#endif 6678064Sume 6778064Sume#ifndef SADB_X_EALG_BLOWFISHCBC 6878064Sume#define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC 6978064Sume#endif 7078064Sume#ifndef SADB_X_EALG_CAST128CBC 7178064Sume#define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC 7278064Sume#endif 7378064Sume#ifndef SADB_X_EALG_RC5CBC 7478064Sume#ifdef SADB_EALG_RC5CBC 7578064Sume#define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC 7678064Sume#endif 7778064Sume#endif 7878064Sume 7962583Sitojun#define GETMSGSTR(str, num) \ 8062583Sitojundo { \ 8155505Sshin if (sizeof((str)[0]) == 0 \ 8255505Sshin || num >= sizeof(str)/sizeof((str)[0])) \ 83121572Sume printf("%u ", (num)); \ 8455505Sshin else if (strlen((str)[(num)]) == 0) \ 85121572Sume printf("%u ", (num)); \ 8655505Sshin else \ 8755505Sshin printf("%s ", (str)[(num)]); \ 8862583Sitojun} while (0) 8955505Sshin 9078064Sume#define GETMSGV2S(v2s, num) \ 9178064Sumedo { \ 9278064Sume struct val2str *p; \ 9378064Sume for (p = (v2s); p && p->str; p++) { \ 9478064Sume if (p->val == (num)) \ 9578064Sume break; \ 9678064Sume } \ 9778064Sume if (p && p->str) \ 9878064Sume printf("%s ", p->str); \ 9978064Sume else \ 100121572Sume printf("%u ", (num)); \ 10178064Sume} while (0) 10278064Sume 10392917Sobrienstatic char *str_ipaddr(struct sockaddr *); 104122107Sumestatic char *str_prefport(u_int, u_int, u_int, u_int); 105122107Sumestatic void str_upperspec(u_int, u_int, u_int); 10692917Sobrienstatic char *str_time(time_t); 10792917Sobrienstatic void str_lifetime_byte(struct sadb_lifetime *, char *); 10855505Sshin 10978064Sumestruct val2str { 11078064Sume int val; 11178064Sume const char *str; 11278064Sume}; 11378064Sume 11455505Sshin/* 11555505Sshin * Must to be re-written about following strings. 11655505Sshin */ 11778064Sumestatic char *str_satype[] = { 11855505Sshin "unspec", 11955505Sshin "unknown", 12055505Sshin "ah", 12155505Sshin "esp", 12255505Sshin "unknown", 12355505Sshin "rsvp", 12455505Sshin "ospfv2", 12555505Sshin "ripv2", 12655505Sshin "mip", 12755505Sshin "ipcomp", 128125681Sbms "policy", 129125681Sbms "tcp" 13055505Sshin}; 13155505Sshin 13278064Sumestatic char *str_mode[] = { 13355505Sshin "any", 13455505Sshin "transport", 13555505Sshin "tunnel", 13655505Sshin}; 13755505Sshin 13878064Sumestatic char *str_state[] = { 13955505Sshin "larval", 14055505Sshin "mature", 14155505Sshin "dying", 14255505Sshin "dead", 14355505Sshin}; 14455505Sshin 14578064Sumestatic struct val2str str_alg_auth[] = { 14678064Sume { SADB_AALG_NONE, "none", }, 14778064Sume { SADB_AALG_MD5HMAC, "hmac-md5", }, 14878064Sume { SADB_AALG_SHA1HMAC, "hmac-sha1", }, 14978064Sume { SADB_X_AALG_MD5, "md5", }, 15078064Sume { SADB_X_AALG_SHA, "sha", }, 15178064Sume { SADB_X_AALG_NULL, "null", }, 152125681Sbms { SADB_X_AALG_TCP_MD5, "tcp-md5", }, 15378064Sume#ifdef SADB_X_AALG_SHA2_256 15478064Sume { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, 15578064Sume#endif 15678064Sume#ifdef SADB_X_AALG_SHA2_384 15778064Sume { SADB_X_AALG_SHA2_384, "hmac-sha2-384", }, 15878064Sume#endif 15978064Sume#ifdef SADB_X_AALG_SHA2_512 16078064Sume { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, 16178064Sume#endif 162121021Sume#ifdef SADB_X_AALG_RIPEMD160HMAC 163121021Sume { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, 164121021Sume#endif 165121061Sume#ifdef SADB_X_AALG_AES_XCBC_MAC 166121061Sume { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, 167121061Sume#endif 16878064Sume { -1, NULL, }, 16955505Sshin}; 17055505Sshin 17178064Sumestatic struct val2str str_alg_enc[] = { 17278064Sume { SADB_EALG_NONE, "none", }, 17378064Sume { SADB_EALG_DESCBC, "des-cbc", }, 17478064Sume { SADB_EALG_3DESCBC, "3des-cbc", }, 17578064Sume { SADB_EALG_NULL, "null", }, 17678064Sume#ifdef SADB_X_EALG_RC5CBC 17778064Sume { SADB_X_EALG_RC5CBC, "rc5-cbc", }, 17878064Sume#endif 17978064Sume { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, 18078064Sume { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, 18178064Sume#ifdef SADB_X_EALG_RIJNDAELCBC 18278064Sume { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, 18378064Sume#endif 18478064Sume#ifdef SADB_X_EALG_TWOFISHCBC 18578064Sume { SADB_X_EALG_TWOFISHCBC, "twofish-cbc", }, 18678064Sume#endif 187121071Sume#ifdef SADB_X_EALG_AESCTR 188121071Sume { SADB_X_EALG_AESCTR, "aes-ctr", }, 189121071Sume#endif 190169425Sgnn#ifdef SADB_X_EALG_CAMELLIACBC 191169425Sgnn { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, 192169425Sgnn#endif 19378064Sume { -1, NULL, }, 19455505Sshin}; 19555505Sshin 19678064Sumestatic struct val2str str_alg_comp[] = { 19778064Sume { SADB_X_CALG_NONE, "none", }, 19878064Sume { SADB_X_CALG_OUI, "oui", }, 19978064Sume { SADB_X_CALG_DEFLATE, "deflate", }, 20078064Sume { SADB_X_CALG_LZS, "lzs", }, 20178064Sume { -1, NULL, }, 20255505Sshin}; 20355505Sshin 20455505Sshin/* 20555505Sshin * dump SADB_MSG formated. For debugging, you should use kdebug_sadb(). 20655505Sshin */ 20755505Sshinvoid 20855505Sshinpfkey_sadump(m) 20955505Sshin struct sadb_msg *m; 21055505Sshin{ 21155505Sshin caddr_t mhp[SADB_EXT_MAX + 1]; 21255505Sshin struct sadb_sa *m_sa; 21362583Sitojun struct sadb_x_sa2 *m_sa2; 21455505Sshin struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts; 21555505Sshin struct sadb_address *m_saddr, *m_daddr, *m_paddr; 21655505Sshin struct sadb_key *m_auth, *m_enc; 21755505Sshin struct sadb_ident *m_sid, *m_did; 21855505Sshin struct sadb_sens *m_sens; 21955505Sshin 22055505Sshin /* check pfkey message. */ 22155505Sshin if (pfkey_align(m, mhp)) { 22255505Sshin printf("%s\n", ipsec_strerror()); 22355505Sshin return; 22455505Sshin } 22555505Sshin if (pfkey_check(mhp)) { 22655505Sshin printf("%s\n", ipsec_strerror()); 22755505Sshin return; 22855505Sshin } 22955505Sshin 23055505Sshin m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA]; 23162583Sitojun m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2]; 23255505Sshin m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; 23355505Sshin m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; 23455505Sshin m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT]; 23555505Sshin m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; 23655505Sshin m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; 23755505Sshin m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY]; 23855505Sshin m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH]; 23955505Sshin m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT]; 24055505Sshin m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC]; 24162583Sitojun m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST]; 24255505Sshin m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY]; 24355505Sshin 24455505Sshin /* source address */ 24555505Sshin if (m_saddr == NULL) { 24655505Sshin printf("no ADDRESS_SRC extension.\n"); 24755505Sshin return; 24855505Sshin } 24962583Sitojun printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1))); 25055505Sshin 25155505Sshin /* destination address */ 25255505Sshin if (m_daddr == NULL) { 25355505Sshin printf("no ADDRESS_DST extension.\n"); 25455505Sshin return; 25555505Sshin } 25662583Sitojun printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1))); 25755505Sshin 25855505Sshin /* SA type */ 25955505Sshin if (m_sa == NULL) { 26055505Sshin printf("no SA extension.\n"); 26155505Sshin return; 26255505Sshin } 26362583Sitojun if (m_sa2 == NULL) { 26462583Sitojun printf("no SA2 extension.\n"); 26562583Sitojun return; 26662583Sitojun } 26755505Sshin printf("\n\t"); 26855505Sshin 26978064Sume GETMSGSTR(str_satype, m->sadb_msg_satype); 27055505Sshin 27155505Sshin printf("mode="); 27278064Sume GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode); 27355505Sshin 27462583Sitojun printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n", 27555505Sshin (u_int32_t)ntohl(m_sa->sadb_sa_spi), 27655505Sshin (u_int32_t)ntohl(m_sa->sadb_sa_spi), 27762583Sitojun (u_int32_t)m_sa2->sadb_x_sa2_reqid, 27862583Sitojun (u_int32_t)m_sa2->sadb_x_sa2_reqid); 27955505Sshin 28055505Sshin /* encryption key */ 28155505Sshin if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) { 28255505Sshin printf("\tC: "); 28378064Sume GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt); 28455505Sshin } else if (m->sadb_msg_satype == SADB_SATYPE_ESP) { 28555505Sshin if (m_enc != NULL) { 28655505Sshin printf("\tE: "); 28778064Sume GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt); 28855505Sshin ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc), 28955505Sshin m_enc->sadb_key_bits / 8); 29055505Sshin printf("\n"); 29155505Sshin } 29255505Sshin } 29355505Sshin 29455505Sshin /* authentication key */ 29555505Sshin if (m_auth != NULL) { 29655505Sshin printf("\tA: "); 29778064Sume GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth); 29855505Sshin ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth), 29955505Sshin m_auth->sadb_key_bits / 8); 30055505Sshin printf("\n"); 30155505Sshin } 30255505Sshin 30362583Sitojun /* replay windoe size & flags */ 30481215Sume printf("\tseq=0x%08x replay=%u flags=0x%08x ", 30581215Sume m_sa2->sadb_x_sa2_sequence, 30662583Sitojun m_sa->sadb_sa_replay, 30762583Sitojun m_sa->sadb_sa_flags); 30862583Sitojun 30955505Sshin /* state */ 31062583Sitojun printf("state="); 31178064Sume GETMSGSTR(str_state, m_sa->sadb_sa_state); 31281215Sume printf("\n"); 31355505Sshin 31455505Sshin /* lifetime */ 31555505Sshin if (m_lftc != NULL) { 31655505Sshin time_t tmp_time = time(0); 31755505Sshin 31855505Sshin printf("\tcreated: %s", 31962583Sitojun str_time(m_lftc->sadb_lifetime_addtime)); 32062583Sitojun printf("\tcurrent: %s\n", str_time(tmp_time)); 32155505Sshin printf("\tdiff: %lu(s)", 32255505Sshin (u_long)(m_lftc->sadb_lifetime_addtime == 0 ? 32355505Sshin 0 : (tmp_time - m_lftc->sadb_lifetime_addtime))); 32455505Sshin 32555505Sshin printf("\thard: %lu(s)", 32655505Sshin (u_long)(m_lfth == NULL ? 32755505Sshin 0 : m_lfth->sadb_lifetime_addtime)); 32855505Sshin printf("\tsoft: %lu(s)\n", 32955505Sshin (u_long)(m_lfts == NULL ? 33055505Sshin 0 : m_lfts->sadb_lifetime_addtime)); 33155505Sshin 33255505Sshin printf("\tlast: %s", 33362583Sitojun str_time(m_lftc->sadb_lifetime_usetime)); 33455505Sshin printf("\thard: %lu(s)", 33555505Sshin (u_long)(m_lfth == NULL ? 33655505Sshin 0 : m_lfth->sadb_lifetime_usetime)); 33755505Sshin printf("\tsoft: %lu(s)\n", 33855505Sshin (u_long)(m_lfts == NULL ? 33955505Sshin 0 : m_lfts->sadb_lifetime_usetime)); 34055505Sshin 34162583Sitojun str_lifetime_byte(m_lftc, "current"); 34262583Sitojun str_lifetime_byte(m_lfth, "hard"); 34362583Sitojun str_lifetime_byte(m_lfts, "soft"); 34455505Sshin printf("\n"); 34555505Sshin 34655505Sshin printf("\tallocated: %lu", 34755505Sshin (unsigned long)m_lftc->sadb_lifetime_allocations); 34855505Sshin printf("\thard: %lu", 34955505Sshin (u_long)(m_lfth == NULL ? 35055505Sshin 0 : m_lfth->sadb_lifetime_allocations)); 35155505Sshin printf("\tsoft: %lu\n", 35255505Sshin (u_long)(m_lfts == NULL ? 35355505Sshin 0 : m_lfts->sadb_lifetime_allocations)); 35455505Sshin } 35555505Sshin 35681215Sume printf("\tsadb_seq=%lu pid=%lu ", 35781215Sume (u_long)m->sadb_msg_seq, 35881215Sume (u_long)m->sadb_msg_pid); 35981215Sume 36055505Sshin /* XXX DEBUG */ 36181215Sume printf("refcnt=%u\n", m->sadb_msg_reserved); 36255505Sshin 36355505Sshin return; 36455505Sshin} 36555505Sshin 36655505Sshinvoid 36755505Sshinpfkey_spdump(m) 36855505Sshin struct sadb_msg *m; 36955505Sshin{ 37062583Sitojun char pbuf[NI_MAXSERV]; 37155505Sshin caddr_t mhp[SADB_EXT_MAX + 1]; 37255505Sshin struct sadb_address *m_saddr, *m_daddr; 37355505Sshin struct sadb_x_policy *m_xpl; 374122107Sume struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL; 37562583Sitojun struct sockaddr *sa; 376122107Sume u_int16_t sport = 0, dport = 0; 37755505Sshin 37855505Sshin /* check pfkey message. */ 37955505Sshin if (pfkey_align(m, mhp)) { 38055505Sshin printf("%s\n", ipsec_strerror()); 38155505Sshin return; 38255505Sshin } 38355505Sshin if (pfkey_check(mhp)) { 38455505Sshin printf("%s\n", ipsec_strerror()); 38555505Sshin return; 38655505Sshin } 38755505Sshin 38855505Sshin m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC]; 38955505Sshin m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST]; 39055505Sshin m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY]; 391122107Sume m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT]; 392122107Sume m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD]; 39355505Sshin 394122107Sume if (m_saddr && m_daddr) { 395122107Sume /* source address */ 396122107Sume sa = (struct sockaddr *)(m_saddr + 1); 397122107Sume switch (sa->sa_family) { 398122107Sume case AF_INET: 399122107Sume case AF_INET6: 400122107Sume if (getnameinfo(sa, sa->sa_len, NULL, 0, 401122107Sume pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) 402122107Sume sport = 0; /*XXX*/ 403122107Sume else 404122107Sume sport = atoi(pbuf); 405122107Sume printf("%s%s ", str_ipaddr(sa), 406122107Sume str_prefport(sa->sa_family, 407122107Sume m_saddr->sadb_address_prefixlen, sport, 408122107Sume m_saddr->sadb_address_proto)); 409122107Sume break; 410122107Sume default: 411122107Sume printf("unknown-af "); 412122107Sume break; 413122107Sume } 41455505Sshin 415122107Sume /* destination address */ 416122107Sume sa = (struct sockaddr *)(m_daddr + 1); 417122107Sume switch (sa->sa_family) { 418122107Sume case AF_INET: 419122107Sume case AF_INET6: 420122107Sume if (getnameinfo(sa, sa->sa_len, NULL, 0, 421122107Sume pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) 422122107Sume dport = 0; /*XXX*/ 423122107Sume else 424122107Sume dport = atoi(pbuf); 425122107Sume printf("%s%s ", str_ipaddr(sa), 426122107Sume str_prefport(sa->sa_family, 427122107Sume m_daddr->sadb_address_prefixlen, dport, 428122107Sume m_saddr->sadb_address_proto)); 429122107Sume break; 430122107Sume default: 431122107Sume printf("unknown-af "); 432122107Sume break; 433122107Sume } 43455505Sshin 435122107Sume /* upper layer protocol */ 436122107Sume if (m_saddr->sadb_address_proto != 437122107Sume m_daddr->sadb_address_proto) { 438122107Sume printf("upper layer protocol mismatched.\n"); 439122107Sume return; 440122107Sume } 441122107Sume str_upperspec(m_saddr->sadb_address_proto, sport, dport); 44255505Sshin } 44355505Sshin else 444122107Sume printf("(no selector, probably per-socket policy) "); 44555505Sshin 44655505Sshin /* policy */ 44755505Sshin { 44855505Sshin char *d_xpl; 44955505Sshin 45055505Sshin if (m_xpl == NULL) { 45155505Sshin printf("no X_POLICY extension.\n"); 45255505Sshin return; 45355505Sshin } 45455505Sshin d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t"); 45555505Sshin 45655505Sshin /* dump SPD */ 45755505Sshin printf("\n\t%s\n", d_xpl); 45855505Sshin free(d_xpl); 45955505Sshin } 46055505Sshin 46178064Sume /* lifetime */ 462122107Sume if (m_lftc) { 463122107Sume printf("\tcreated: %s ", 464122107Sume str_time(m_lftc->sadb_lifetime_addtime)); 465122107Sume printf("lastused: %s\n", 466122107Sume str_time(m_lftc->sadb_lifetime_usetime)); 46778064Sume } 468122107Sume if (m_lfth) { 469122107Sume printf("\tlifetime: %lu(s) ", 470122107Sume (u_long)m_lfth->sadb_lifetime_addtime); 471122107Sume printf("validtime: %lu(s)\n", 472122107Sume (u_long)m_lfth->sadb_lifetime_usetime); 473122107Sume } 47478064Sume 475122107Sume 47662583Sitojun printf("\tspid=%ld seq=%ld pid=%ld\n", 47762583Sitojun (u_long)m_xpl->sadb_x_policy_id, 47855505Sshin (u_long)m->sadb_msg_seq, 47955505Sshin (u_long)m->sadb_msg_pid); 48055505Sshin 48155505Sshin /* XXX TEST */ 48262583Sitojun printf("\trefcnt=%u\n", m->sadb_msg_reserved); 48355505Sshin 48455505Sshin return; 48555505Sshin} 48655505Sshin 48755505Sshin/* 48855505Sshin * set "ipaddress" to buffer. 48955505Sshin */ 49055505Sshinstatic char * 49162583Sitojunstr_ipaddr(sa) 49262583Sitojun struct sockaddr *sa; 49355505Sshin{ 49462583Sitojun static char buf[NI_MAXHOST]; 49562583Sitojun const int niflag = NI_NUMERICHOST; 49655505Sshin 49762583Sitojun if (sa == NULL) 49855505Sshin return ""; 49955505Sshin 50062583Sitojun if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0) 50162583Sitojun return buf; 50262583Sitojun return NULL; 50355505Sshin} 50455505Sshin 50555505Sshin/* 50655505Sshin * set "/prefix[port number]" to buffer. 50755505Sshin */ 50855505Sshinstatic char * 509122107Sumestr_prefport(family, pref, port, ulp) 510122107Sume u_int family, pref, port, ulp; 51155505Sshin{ 51255505Sshin static char buf[128]; 513113590Ssumikawa char prefbuf[128]; 514113590Ssumikawa char portbuf[128]; 51562583Sitojun int plen; 51655505Sshin 51762583Sitojun switch (family) { 51862583Sitojun case AF_INET: 51962583Sitojun plen = sizeof(struct in_addr) << 3; 52062583Sitojun break; 52162583Sitojun case AF_INET6: 52262583Sitojun plen = sizeof(struct in6_addr) << 3; 52362583Sitojun break; 52462583Sitojun default: 52562583Sitojun return "?"; 52662583Sitojun } 52762583Sitojun 52862583Sitojun if (pref == plen) 52955505Sshin prefbuf[0] = '\0'; 53055505Sshin else 53155505Sshin snprintf(prefbuf, sizeof(prefbuf), "/%u", pref); 53255505Sshin 533122107Sume if (ulp == IPPROTO_ICMPV6) 534122107Sume memset(portbuf, 0, sizeof(portbuf)); 535122107Sume else { 536122107Sume if (port == IPSEC_PORT_ANY) 537122107Sume snprintf(portbuf, sizeof(portbuf), "[%s]", "any"); 538122107Sume else 539122107Sume snprintf(portbuf, sizeof(portbuf), "[%u]", port); 540122107Sume } 54155505Sshin 54255505Sshin snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf); 54355505Sshin 54455505Sshin return buf; 54555505Sshin} 54655505Sshin 547122107Sumestatic void 548122107Sumestr_upperspec(ulp, p1, p2) 549122107Sume u_int ulp, p1, p2; 550122107Sume{ 551122107Sume if (ulp == IPSEC_ULPROTO_ANY) 552122107Sume printf("any"); 553122107Sume else if (ulp == IPPROTO_ICMPV6) { 554122107Sume printf("icmp6"); 555122107Sume if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY)) 556122107Sume printf(" %u,%u", p1, p2); 557122107Sume } else { 558122107Sume struct protoent *ent; 559122107Sume 560122107Sume switch (ulp) { 561122107Sume case IPPROTO_IPV4: 562122107Sume printf("ip4"); 563122107Sume break; 564122107Sume default: 565122107Sume ent = getprotobynumber(ulp); 566122107Sume if (ent) 567122107Sume printf("%s", ent->p_name); 568122107Sume else 569122107Sume printf("%u", ulp); 570122107Sume 571122107Sume endprotoent(); 572122107Sume break; 573122107Sume } 574122107Sume } 575122107Sume} 576122107Sume 57755505Sshin/* 57855505Sshin * set "Mon Day Time Year" to buffer 57955505Sshin */ 58055505Sshinstatic char * 58162583Sitojunstr_time(t) 58255505Sshin time_t t; 58355505Sshin{ 58455505Sshin static char buf[128]; 58555505Sshin 58655505Sshin if (t == 0) { 58755505Sshin int i = 0; 58855505Sshin for (;i < 20;) buf[i++] = ' '; 58955505Sshin } else { 59055505Sshin char *t0; 59155505Sshin t0 = ctime(&t); 59255505Sshin memcpy(buf, t0 + 4, 20); 59355505Sshin } 59455505Sshin 59555505Sshin buf[20] = '\0'; 59655505Sshin 59755505Sshin return(buf); 59855505Sshin} 59955505Sshin 60055505Sshinstatic void 60162583Sitojunstr_lifetime_byte(x, str) 60255505Sshin struct sadb_lifetime *x; 60355505Sshin char *str; 60455505Sshin{ 60555505Sshin double y; 60655505Sshin char *unit; 60755505Sshin int w; 60855505Sshin 60955505Sshin if (x == NULL) { 61055505Sshin printf("\t%s: 0(bytes)", str); 61155505Sshin return; 61255505Sshin } 61355505Sshin 61462583Sitojun#if 0 61562583Sitojun if ((x->sadb_lifetime_bytes) / 1024 / 1024) { 61662583Sitojun y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024; 61762583Sitojun unit = "M"; 61862583Sitojun w = 1; 61962583Sitojun } else if ((x->sadb_lifetime_bytes) / 1024) { 62062583Sitojun y = (x->sadb_lifetime_bytes) * 1.0 / 1024; 62162583Sitojun unit = "K"; 62262583Sitojun w = 1; 62362583Sitojun } else { 62462583Sitojun y = (x->sadb_lifetime_bytes) * 1.0; 62562583Sitojun unit = ""; 62662583Sitojun w = 0; 62762583Sitojun } 62862583Sitojun#else 62955505Sshin y = (x->sadb_lifetime_bytes) * 1.0; 63055505Sshin unit = ""; 63155505Sshin w = 0; 63262583Sitojun#endif 63355505Sshin printf("\t%s: %.*f(%sbytes)", str, w, y, unit); 63455505Sshin} 635