key_debug.c revision 105197
1105197Ssam/*	$FreeBSD: head/sys/netipsec/key_debug.c 105197 2002-10-16 02:10:08Z sam $	*/
2105197Ssam/*	$KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $	*/
3105197Ssam
4105197Ssam/*
5105197Ssam * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6105197Ssam * All rights reserved.
7105197Ssam *
8105197Ssam * Redistribution and use in source and binary forms, with or without
9105197Ssam * modification, are permitted provided that the following conditions
10105197Ssam * are met:
11105197Ssam * 1. Redistributions of source code must retain the above copyright
12105197Ssam *    notice, this list of conditions and the following disclaimer.
13105197Ssam * 2. Redistributions in binary form must reproduce the above copyright
14105197Ssam *    notice, this list of conditions and the following disclaimer in the
15105197Ssam *    documentation and/or other materials provided with the distribution.
16105197Ssam * 3. Neither the name of the project nor the names of its contributors
17105197Ssam *    may be used to endorse or promote products derived from this software
18105197Ssam *    without specific prior written permission.
19105197Ssam *
20105197Ssam * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21105197Ssam * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22105197Ssam * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23105197Ssam * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24105197Ssam * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25105197Ssam * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26105197Ssam * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27105197Ssam * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28105197Ssam * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29105197Ssam * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30105197Ssam * SUCH DAMAGE.
31105197Ssam */
32105197Ssam
33105197Ssam#ifdef _KERNEL
34105197Ssam#include "opt_inet.h"
35105197Ssam#include "opt_inet6.h"
36105197Ssam#include "opt_ipsec.h"
37105197Ssam#endif
38105197Ssam
39105197Ssam#include <sys/types.h>
40105197Ssam#include <sys/param.h>
41105197Ssam#ifdef _KERNEL
42105197Ssam#include <sys/systm.h>
43105197Ssam#include <sys/mbuf.h>
44105197Ssam#include <sys/queue.h>
45105197Ssam#endif
46105197Ssam#include <sys/socket.h>
47105197Ssam
48105197Ssam#include <net/route.h>
49105197Ssam
50105197Ssam#include <netipsec/key_var.h>
51105197Ssam#include <netipsec/key_debug.h>
52105197Ssam
53105197Ssam#include <netinet/in.h>
54105197Ssam#include <netipsec/ipsec.h>
55105197Ssam
56105197Ssam#ifndef _KERNEL
57105197Ssam#include <ctype.h>
58105197Ssam#include <stdio.h>
59105197Ssam#include <stdlib.h>
60105197Ssam#endif /* !_KERNEL */
61105197Ssam
62105197Ssamstatic void kdebug_sadb_prop __P((struct sadb_ext *));
63105197Ssamstatic void kdebug_sadb_identity __P((struct sadb_ext *));
64105197Ssamstatic void kdebug_sadb_supported __P((struct sadb_ext *));
65105197Ssamstatic void kdebug_sadb_lifetime __P((struct sadb_ext *));
66105197Ssamstatic void kdebug_sadb_sa __P((struct sadb_ext *));
67105197Ssamstatic void kdebug_sadb_address __P((struct sadb_ext *));
68105197Ssamstatic void kdebug_sadb_key __P((struct sadb_ext *));
69105197Ssamstatic void kdebug_sadb_x_sa2 __P((struct sadb_ext *));
70105197Ssam
71105197Ssam#ifdef _KERNEL
72105197Ssamstatic void kdebug_secreplay __P((struct secreplay *));
73105197Ssam#endif
74105197Ssam
75105197Ssam#ifndef _KERNEL
76105197Ssam#define panic(param)	{ printf(param); exit(-1); }
77105197Ssam#endif
78105197Ssam
79105197Ssam/* NOTE: host byte order */
80105197Ssam
81105197Ssam/* %%%: about struct sadb_msg */
82105197Ssamvoid
83105197Ssamkdebug_sadb(base)
84105197Ssam	struct sadb_msg *base;
85105197Ssam{
86105197Ssam	struct sadb_ext *ext;
87105197Ssam	int tlen, extlen;
88105197Ssam
89105197Ssam	/* sanity check */
90105197Ssam	if (base == NULL)
91105197Ssam		panic("kdebug_sadb: NULL pointer was passed.\n");
92105197Ssam
93105197Ssam	printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n",
94105197Ssam	    base->sadb_msg_version, base->sadb_msg_type,
95105197Ssam	    base->sadb_msg_errno, base->sadb_msg_satype);
96105197Ssam	printf("  len=%u reserved=%u seq=%u pid=%u\n",
97105197Ssam	    base->sadb_msg_len, base->sadb_msg_reserved,
98105197Ssam	    base->sadb_msg_seq, base->sadb_msg_pid);
99105197Ssam
100105197Ssam	tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
101105197Ssam	ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg));
102105197Ssam
103105197Ssam	while (tlen > 0) {
104105197Ssam		printf("sadb_ext{ len=%u type=%u }\n",
105105197Ssam		    ext->sadb_ext_len, ext->sadb_ext_type);
106105197Ssam
107105197Ssam		if (ext->sadb_ext_len == 0) {
108105197Ssam			printf("kdebug_sadb: invalid ext_len=0 was passed.\n");
109105197Ssam			return;
110105197Ssam		}
111105197Ssam		if (ext->sadb_ext_len > tlen) {
112105197Ssam			printf("kdebug_sadb: ext_len exceeds end of buffer.\n");
113105197Ssam			return;
114105197Ssam		}
115105197Ssam
116105197Ssam		switch (ext->sadb_ext_type) {
117105197Ssam		case SADB_EXT_SA:
118105197Ssam			kdebug_sadb_sa(ext);
119105197Ssam			break;
120105197Ssam		case SADB_EXT_LIFETIME_CURRENT:
121105197Ssam		case SADB_EXT_LIFETIME_HARD:
122105197Ssam		case SADB_EXT_LIFETIME_SOFT:
123105197Ssam			kdebug_sadb_lifetime(ext);
124105197Ssam			break;
125105197Ssam		case SADB_EXT_ADDRESS_SRC:
126105197Ssam		case SADB_EXT_ADDRESS_DST:
127105197Ssam		case SADB_EXT_ADDRESS_PROXY:
128105197Ssam			kdebug_sadb_address(ext);
129105197Ssam			break;
130105197Ssam		case SADB_EXT_KEY_AUTH:
131105197Ssam		case SADB_EXT_KEY_ENCRYPT:
132105197Ssam			kdebug_sadb_key(ext);
133105197Ssam			break;
134105197Ssam		case SADB_EXT_IDENTITY_SRC:
135105197Ssam		case SADB_EXT_IDENTITY_DST:
136105197Ssam			kdebug_sadb_identity(ext);
137105197Ssam			break;
138105197Ssam		case SADB_EXT_SENSITIVITY:
139105197Ssam			break;
140105197Ssam		case SADB_EXT_PROPOSAL:
141105197Ssam			kdebug_sadb_prop(ext);
142105197Ssam			break;
143105197Ssam		case SADB_EXT_SUPPORTED_AUTH:
144105197Ssam		case SADB_EXT_SUPPORTED_ENCRYPT:
145105197Ssam			kdebug_sadb_supported(ext);
146105197Ssam			break;
147105197Ssam		case SADB_EXT_SPIRANGE:
148105197Ssam		case SADB_X_EXT_KMPRIVATE:
149105197Ssam			break;
150105197Ssam		case SADB_X_EXT_POLICY:
151105197Ssam			kdebug_sadb_x_policy(ext);
152105197Ssam			break;
153105197Ssam		case SADB_X_EXT_SA2:
154105197Ssam			kdebug_sadb_x_sa2(ext);
155105197Ssam			break;
156105197Ssam		default:
157105197Ssam			printf("kdebug_sadb: invalid ext_type %u was passed.\n",
158105197Ssam			    ext->sadb_ext_type);
159105197Ssam			return;
160105197Ssam		}
161105197Ssam
162105197Ssam		extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
163105197Ssam		tlen -= extlen;
164105197Ssam		ext = (struct sadb_ext *)((caddr_t)ext + extlen);
165105197Ssam	}
166105197Ssam
167105197Ssam	return;
168105197Ssam}
169105197Ssam
170105197Ssamstatic void
171105197Ssamkdebug_sadb_prop(ext)
172105197Ssam	struct sadb_ext *ext;
173105197Ssam{
174105197Ssam	struct sadb_prop *prop = (struct sadb_prop *)ext;
175105197Ssam	struct sadb_comb *comb;
176105197Ssam	int len;
177105197Ssam
178105197Ssam	/* sanity check */
179105197Ssam	if (ext == NULL)
180105197Ssam		panic("kdebug_sadb_prop: NULL pointer was passed.\n");
181105197Ssam
182105197Ssam	len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop))
183105197Ssam		/ sizeof(*comb);
184105197Ssam	comb = (struct sadb_comb *)(prop + 1);
185105197Ssam	printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay);
186105197Ssam
187105197Ssam	while (len--) {
188105197Ssam		printf("sadb_comb{ auth=%u encrypt=%u "
189105197Ssam			"flags=0x%04x reserved=0x%08x\n",
190105197Ssam			comb->sadb_comb_auth, comb->sadb_comb_encrypt,
191105197Ssam			comb->sadb_comb_flags, comb->sadb_comb_reserved);
192105197Ssam
193105197Ssam		printf("  auth_minbits=%u auth_maxbits=%u "
194105197Ssam			"encrypt_minbits=%u encrypt_maxbits=%u\n",
195105197Ssam			comb->sadb_comb_auth_minbits,
196105197Ssam			comb->sadb_comb_auth_maxbits,
197105197Ssam			comb->sadb_comb_encrypt_minbits,
198105197Ssam			comb->sadb_comb_encrypt_maxbits);
199105197Ssam
200105197Ssam		printf("  soft_alloc=%u hard_alloc=%u "
201105197Ssam			"soft_bytes=%lu hard_bytes=%lu\n",
202105197Ssam			comb->sadb_comb_soft_allocations,
203105197Ssam			comb->sadb_comb_hard_allocations,
204105197Ssam			(unsigned long)comb->sadb_comb_soft_bytes,
205105197Ssam			(unsigned long)comb->sadb_comb_hard_bytes);
206105197Ssam
207105197Ssam		printf("  soft_alloc=%lu hard_alloc=%lu "
208105197Ssam			"soft_bytes=%lu hard_bytes=%lu }\n",
209105197Ssam			(unsigned long)comb->sadb_comb_soft_addtime,
210105197Ssam			(unsigned long)comb->sadb_comb_hard_addtime,
211105197Ssam			(unsigned long)comb->sadb_comb_soft_usetime,
212105197Ssam			(unsigned long)comb->sadb_comb_hard_usetime);
213105197Ssam		comb++;
214105197Ssam	}
215105197Ssam	printf("}\n");
216105197Ssam
217105197Ssam	return;
218105197Ssam}
219105197Ssam
220105197Ssamstatic void
221105197Ssamkdebug_sadb_identity(ext)
222105197Ssam	struct sadb_ext *ext;
223105197Ssam{
224105197Ssam	struct sadb_ident *id = (struct sadb_ident *)ext;
225105197Ssam	int len;
226105197Ssam
227105197Ssam	/* sanity check */
228105197Ssam	if (ext == NULL)
229105197Ssam		panic("kdebug_sadb_identity: NULL pointer was passed.\n");
230105197Ssam
231105197Ssam	len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id);
232105197Ssam	printf("sadb_ident_%s{",
233105197Ssam	    id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst");
234105197Ssam	switch (id->sadb_ident_type) {
235105197Ssam	default:
236105197Ssam		printf(" type=%d id=%lu",
237105197Ssam			id->sadb_ident_type, (u_long)id->sadb_ident_id);
238105197Ssam		if (len) {
239105197Ssam#ifdef _KERNEL
240105197Ssam			ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
241105197Ssam#else
242105197Ssam			char *p, *ep;
243105197Ssam			printf("\n  str=\"");
244105197Ssam			p = (char *)(id + 1);
245105197Ssam			ep = p + len;
246105197Ssam			for (/*nothing*/; *p && p < ep; p++) {
247105197Ssam				if (isprint(*p))
248105197Ssam					printf("%c", *p & 0xff);
249105197Ssam				else
250105197Ssam					printf("\\%03o", *p & 0xff);
251105197Ssam			}
252105197Ssam#endif
253105197Ssam			printf("\"");
254105197Ssam		}
255105197Ssam		break;
256105197Ssam	}
257105197Ssam
258105197Ssam	printf(" }\n");
259105197Ssam
260105197Ssam	return;
261105197Ssam}
262105197Ssam
263105197Ssamstatic void
264105197Ssamkdebug_sadb_supported(ext)
265105197Ssam	struct sadb_ext *ext;
266105197Ssam{
267105197Ssam	struct sadb_supported *sup = (struct sadb_supported *)ext;
268105197Ssam	struct sadb_alg *alg;
269105197Ssam	int len;
270105197Ssam
271105197Ssam	/* sanity check */
272105197Ssam	if (ext == NULL)
273105197Ssam		panic("kdebug_sadb_supported: NULL pointer was passed.\n");
274105197Ssam
275105197Ssam	len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup))
276105197Ssam		/ sizeof(*alg);
277105197Ssam	alg = (struct sadb_alg *)(sup + 1);
278105197Ssam	printf("sadb_sup{\n");
279105197Ssam	while (len--) {
280105197Ssam		printf("  { id=%d ivlen=%d min=%d max=%d }\n",
281105197Ssam			alg->sadb_alg_id, alg->sadb_alg_ivlen,
282105197Ssam			alg->sadb_alg_minbits, alg->sadb_alg_maxbits);
283105197Ssam		alg++;
284105197Ssam	}
285105197Ssam	printf("}\n");
286105197Ssam
287105197Ssam	return;
288105197Ssam}
289105197Ssam
290105197Ssamstatic void
291105197Ssamkdebug_sadb_lifetime(ext)
292105197Ssam	struct sadb_ext *ext;
293105197Ssam{
294105197Ssam	struct sadb_lifetime *lft = (struct sadb_lifetime *)ext;
295105197Ssam
296105197Ssam	/* sanity check */
297105197Ssam	if (ext == NULL)
298105197Ssam		printf("kdebug_sadb_lifetime: NULL pointer was passed.\n");
299105197Ssam
300105197Ssam	printf("sadb_lifetime{ alloc=%u, bytes=%u\n",
301105197Ssam		lft->sadb_lifetime_allocations,
302105197Ssam		(u_int32_t)lft->sadb_lifetime_bytes);
303105197Ssam	printf("  addtime=%u, usetime=%u }\n",
304105197Ssam		(u_int32_t)lft->sadb_lifetime_addtime,
305105197Ssam		(u_int32_t)lft->sadb_lifetime_usetime);
306105197Ssam
307105197Ssam	return;
308105197Ssam}
309105197Ssam
310105197Ssamstatic void
311105197Ssamkdebug_sadb_sa(ext)
312105197Ssam	struct sadb_ext *ext;
313105197Ssam{
314105197Ssam	struct sadb_sa *sa = (struct sadb_sa *)ext;
315105197Ssam
316105197Ssam	/* sanity check */
317105197Ssam	if (ext == NULL)
318105197Ssam		panic("kdebug_sadb_sa: NULL pointer was passed.\n");
319105197Ssam
320105197Ssam	printf("sadb_sa{ spi=%u replay=%u state=%u\n",
321105197Ssam	    (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay,
322105197Ssam	    sa->sadb_sa_state);
323105197Ssam	printf("  auth=%u encrypt=%u flags=0x%08x }\n",
324105197Ssam	    sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags);
325105197Ssam
326105197Ssam	return;
327105197Ssam}
328105197Ssam
329105197Ssamstatic void
330105197Ssamkdebug_sadb_address(ext)
331105197Ssam	struct sadb_ext *ext;
332105197Ssam{
333105197Ssam	struct sadb_address *addr = (struct sadb_address *)ext;
334105197Ssam
335105197Ssam	/* sanity check */
336105197Ssam	if (ext == NULL)
337105197Ssam		panic("kdebug_sadb_address: NULL pointer was passed.\n");
338105197Ssam
339105197Ssam	printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n",
340105197Ssam	    addr->sadb_address_proto, addr->sadb_address_prefixlen,
341105197Ssam	    ((u_char *)&addr->sadb_address_reserved)[0],
342105197Ssam	    ((u_char *)&addr->sadb_address_reserved)[1]);
343105197Ssam
344105197Ssam	kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr)));
345105197Ssam
346105197Ssam	return;
347105197Ssam}
348105197Ssam
349105197Ssamstatic void
350105197Ssamkdebug_sadb_key(ext)
351105197Ssam	struct sadb_ext *ext;
352105197Ssam{
353105197Ssam	struct sadb_key *key = (struct sadb_key *)ext;
354105197Ssam
355105197Ssam	/* sanity check */
356105197Ssam	if (ext == NULL)
357105197Ssam		panic("kdebug_sadb_key: NULL pointer was passed.\n");
358105197Ssam
359105197Ssam	printf("sadb_key{ bits=%u reserved=%u\n",
360105197Ssam	    key->sadb_key_bits, key->sadb_key_reserved);
361105197Ssam	printf("  key=");
362105197Ssam
363105197Ssam	/* sanity check 2 */
364105197Ssam	if ((key->sadb_key_bits >> 3) >
365105197Ssam		(PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) {
366105197Ssam		printf("kdebug_sadb_key: key length mismatch, bit:%d len:%ld.\n",
367105197Ssam			key->sadb_key_bits >> 3,
368105197Ssam			(long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key));
369105197Ssam	}
370105197Ssam
371105197Ssam	ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key),
372105197Ssam	              key->sadb_key_bits >> 3);
373105197Ssam	printf(" }\n");
374105197Ssam	return;
375105197Ssam}
376105197Ssam
377105197Ssamstatic void
378105197Ssamkdebug_sadb_x_sa2(ext)
379105197Ssam	struct sadb_ext *ext;
380105197Ssam{
381105197Ssam	struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext;
382105197Ssam
383105197Ssam	/* sanity check */
384105197Ssam	if (ext == NULL)
385105197Ssam		panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n");
386105197Ssam
387105197Ssam	printf("sadb_x_sa2{ mode=%u reqid=%u\n",
388105197Ssam	    sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid);
389105197Ssam	printf("  reserved1=%u reserved2=%u sequence=%u }\n",
390105197Ssam	    sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2,
391105197Ssam	    sa2->sadb_x_sa2_sequence);
392105197Ssam
393105197Ssam	return;
394105197Ssam}
395105197Ssam
396105197Ssamvoid
397105197Ssamkdebug_sadb_x_policy(ext)
398105197Ssam	struct sadb_ext *ext;
399105197Ssam{
400105197Ssam	struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext;
401105197Ssam	struct sockaddr *addr;
402105197Ssam
403105197Ssam	/* sanity check */
404105197Ssam	if (ext == NULL)
405105197Ssam		panic("kdebug_sadb_x_policy: NULL pointer was passed.\n");
406105197Ssam
407105197Ssam	printf("sadb_x_policy{ type=%u dir=%u id=%x }\n",
408105197Ssam		xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
409105197Ssam		xpl->sadb_x_policy_id);
410105197Ssam
411105197Ssam	if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
412105197Ssam		int tlen;
413105197Ssam		struct sadb_x_ipsecrequest *xisr;
414105197Ssam
415105197Ssam		tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl);
416105197Ssam		xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
417105197Ssam
418105197Ssam		while (tlen > 0) {
419105197Ssam			printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n",
420105197Ssam				xisr->sadb_x_ipsecrequest_len,
421105197Ssam				xisr->sadb_x_ipsecrequest_proto,
422105197Ssam				xisr->sadb_x_ipsecrequest_mode,
423105197Ssam				xisr->sadb_x_ipsecrequest_level,
424105197Ssam				xisr->sadb_x_ipsecrequest_reqid);
425105197Ssam
426105197Ssam			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
427105197Ssam				addr = (struct sockaddr *)(xisr + 1);
428105197Ssam				kdebug_sockaddr(addr);
429105197Ssam				addr = (struct sockaddr *)((caddr_t)addr
430105197Ssam							+ addr->sa_len);
431105197Ssam				kdebug_sockaddr(addr);
432105197Ssam			}
433105197Ssam
434105197Ssam			printf(" }\n");
435105197Ssam
436105197Ssam			/* prevent infinite loop */
437105197Ssam			if (xisr->sadb_x_ipsecrequest_len <= 0) {
438105197Ssam				printf("kdebug_sadb_x_policy: wrong policy struct.\n");
439105197Ssam				return;
440105197Ssam			}
441105197Ssam			/* prevent overflow */
442105197Ssam			if (xisr->sadb_x_ipsecrequest_len > tlen) {
443105197Ssam				printf("invalid ipsec policy length\n");
444105197Ssam				return;
445105197Ssam			}
446105197Ssam
447105197Ssam			tlen -= xisr->sadb_x_ipsecrequest_len;
448105197Ssam
449105197Ssam			xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
450105197Ssam			                + xisr->sadb_x_ipsecrequest_len);
451105197Ssam		}
452105197Ssam
453105197Ssam		if (tlen != 0)
454105197Ssam			panic("kdebug_sadb_x_policy: wrong policy struct.\n");
455105197Ssam	}
456105197Ssam
457105197Ssam	return;
458105197Ssam}
459105197Ssam
460105197Ssam#ifdef _KERNEL
461105197Ssam/* %%%: about SPD and SAD */
462105197Ssamvoid
463105197Ssamkdebug_secpolicy(sp)
464105197Ssam	struct secpolicy *sp;
465105197Ssam{
466105197Ssam	/* sanity check */
467105197Ssam	if (sp == NULL)
468105197Ssam		panic("kdebug_secpolicy: NULL pointer was passed.\n");
469105197Ssam
470105197Ssam	printf("secpolicy{ refcnt=%u state=%u policy=%u\n",
471105197Ssam		sp->refcnt, sp->state, sp->policy);
472105197Ssam
473105197Ssam	kdebug_secpolicyindex(&sp->spidx);
474105197Ssam
475105197Ssam	switch (sp->policy) {
476105197Ssam	case IPSEC_POLICY_DISCARD:
477105197Ssam		printf("  type=discard }\n");
478105197Ssam		break;
479105197Ssam	case IPSEC_POLICY_NONE:
480105197Ssam		printf("  type=none }\n");
481105197Ssam		break;
482105197Ssam	case IPSEC_POLICY_IPSEC:
483105197Ssam	    {
484105197Ssam		struct ipsecrequest *isr;
485105197Ssam		for (isr = sp->req; isr != NULL; isr = isr->next) {
486105197Ssam
487105197Ssam			printf("  level=%u\n", isr->level);
488105197Ssam			kdebug_secasindex(&isr->saidx);
489105197Ssam
490105197Ssam			if (isr->sav != NULL)
491105197Ssam				kdebug_secasv(isr->sav);
492105197Ssam		}
493105197Ssam		printf("  }\n");
494105197Ssam	    }
495105197Ssam		break;
496105197Ssam	case IPSEC_POLICY_BYPASS:
497105197Ssam		printf("  type=bypass }\n");
498105197Ssam		break;
499105197Ssam	case IPSEC_POLICY_ENTRUST:
500105197Ssam		printf("  type=entrust }\n");
501105197Ssam		break;
502105197Ssam	default:
503105197Ssam		printf("kdebug_secpolicy: Invalid policy found. %d\n",
504105197Ssam			sp->policy);
505105197Ssam		break;
506105197Ssam	}
507105197Ssam
508105197Ssam	return;
509105197Ssam}
510105197Ssam
511105197Ssamvoid
512105197Ssamkdebug_secpolicyindex(spidx)
513105197Ssam	struct secpolicyindex *spidx;
514105197Ssam{
515105197Ssam	/* sanity check */
516105197Ssam	if (spidx == NULL)
517105197Ssam		panic("kdebug_secpolicyindex: NULL pointer was passed.\n");
518105197Ssam
519105197Ssam	printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n",
520105197Ssam		spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto);
521105197Ssam
522105197Ssam	ipsec_hexdump((caddr_t)&spidx->src,
523105197Ssam		((struct sockaddr *)&spidx->src)->sa_len);
524105197Ssam	printf("\n");
525105197Ssam	ipsec_hexdump((caddr_t)&spidx->dst,
526105197Ssam		((struct sockaddr *)&spidx->dst)->sa_len);
527105197Ssam	printf("}\n");
528105197Ssam
529105197Ssam	return;
530105197Ssam}
531105197Ssam
532105197Ssamvoid
533105197Ssamkdebug_secasindex(saidx)
534105197Ssam	struct secasindex *saidx;
535105197Ssam{
536105197Ssam	/* sanity check */
537105197Ssam	if (saidx == NULL)
538105197Ssam		panic("kdebug_secpolicyindex: NULL pointer was passed.\n");
539105197Ssam
540105197Ssam	printf("secasindex{ mode=%u proto=%u\n",
541105197Ssam		saidx->mode, saidx->proto);
542105197Ssam
543105197Ssam	ipsec_hexdump((caddr_t)&saidx->src,
544105197Ssam		((struct sockaddr *)&saidx->src)->sa_len);
545105197Ssam	printf("\n");
546105197Ssam	ipsec_hexdump((caddr_t)&saidx->dst,
547105197Ssam		((struct sockaddr *)&saidx->dst)->sa_len);
548105197Ssam	printf("\n");
549105197Ssam
550105197Ssam	return;
551105197Ssam}
552105197Ssam
553105197Ssamvoid
554105197Ssamkdebug_secasv(sav)
555105197Ssam	struct secasvar *sav;
556105197Ssam{
557105197Ssam	/* sanity check */
558105197Ssam	if (sav == NULL)
559105197Ssam		panic("kdebug_secasv: NULL pointer was passed.\n");
560105197Ssam
561105197Ssam	printf("secas{");
562105197Ssam	kdebug_secasindex(&sav->sah->saidx);
563105197Ssam
564105197Ssam	printf("  refcnt=%u state=%u auth=%u enc=%u\n",
565105197Ssam	    sav->refcnt, sav->state, sav->alg_auth, sav->alg_enc);
566105197Ssam	printf("  spi=%u flags=%u\n",
567105197Ssam	    (u_int32_t)ntohl(sav->spi), sav->flags);
568105197Ssam
569105197Ssam	if (sav->key_auth != NULL)
570105197Ssam		kdebug_sadb_key((struct sadb_ext *)sav->key_auth);
571105197Ssam	if (sav->key_enc != NULL)
572105197Ssam		kdebug_sadb_key((struct sadb_ext *)sav->key_enc);
573105197Ssam	if (sav->iv != NULL) {
574105197Ssam		printf("  iv=");
575105197Ssam		ipsec_hexdump(sav->iv, sav->ivlen ? sav->ivlen : 8);
576105197Ssam		printf("\n");
577105197Ssam	}
578105197Ssam
579105197Ssam	if (sav->replay != NULL)
580105197Ssam		kdebug_secreplay(sav->replay);
581105197Ssam	if (sav->lft_c != NULL)
582105197Ssam		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_c);
583105197Ssam	if (sav->lft_h != NULL)
584105197Ssam		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_h);
585105197Ssam	if (sav->lft_s != NULL)
586105197Ssam		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_s);
587105197Ssam
588105197Ssam#if notyet
589105197Ssam	/* XXX: misc[123] ? */
590105197Ssam#endif
591105197Ssam
592105197Ssam	return;
593105197Ssam}
594105197Ssam
595105197Ssamstatic void
596105197Ssamkdebug_secreplay(rpl)
597105197Ssam	struct secreplay *rpl;
598105197Ssam{
599105197Ssam	int len, l;
600105197Ssam
601105197Ssam	/* sanity check */
602105197Ssam	if (rpl == NULL)
603105197Ssam		panic("kdebug_secreplay: NULL pointer was passed.\n");
604105197Ssam
605105197Ssam	printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u",
606105197Ssam	    rpl->count, rpl->wsize, rpl->seq, rpl->lastseq);
607105197Ssam
608105197Ssam	if (rpl->bitmap == NULL) {
609105197Ssam		printf(" }\n");
610105197Ssam		return;
611105197Ssam	}
612105197Ssam
613105197Ssam	printf("\n   bitmap { ");
614105197Ssam
615105197Ssam	for (len = 0; len < rpl->wsize; len++) {
616105197Ssam		for (l = 7; l >= 0; l--)
617105197Ssam			printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0);
618105197Ssam	}
619105197Ssam	printf(" }\n");
620105197Ssam
621105197Ssam	return;
622105197Ssam}
623105197Ssam
624105197Ssamvoid
625105197Ssamkdebug_mbufhdr(m)
626105197Ssam	struct mbuf *m;
627105197Ssam{
628105197Ssam	/* sanity check */
629105197Ssam	if (m == NULL)
630105197Ssam		return;
631105197Ssam
632105197Ssam	printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
633105197Ssam	       "m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
634105197Ssam		m, m->m_next, m->m_nextpkt, m->m_data,
635105197Ssam		m->m_len, m->m_type, m->m_flags);
636105197Ssam
637105197Ssam	if (m->m_flags & M_PKTHDR) {
638105197Ssam		printf("  m_pkthdr{ len:%d rcvif:%p }\n",
639105197Ssam		    m->m_pkthdr.len, m->m_pkthdr.rcvif);
640105197Ssam	}
641105197Ssam
642105197Ssam	if (m->m_flags & M_EXT) {
643105197Ssam		printf("  m_ext{ ext_buf:%p ext_free:%p "
644105197Ssam		       "ext_size:%u ref_cnt:%p }\n",
645105197Ssam			m->m_ext.ext_buf, m->m_ext.ext_free,
646105197Ssam			m->m_ext.ext_size, m->m_ext.ref_cnt);
647105197Ssam	}
648105197Ssam
649105197Ssam	return;
650105197Ssam}
651105197Ssam
652105197Ssamvoid
653105197Ssamkdebug_mbuf(m0)
654105197Ssam	struct mbuf *m0;
655105197Ssam{
656105197Ssam	struct mbuf *m = m0;
657105197Ssam	int i, j;
658105197Ssam
659105197Ssam	for (j = 0; m; m = m->m_next) {
660105197Ssam		kdebug_mbufhdr(m);
661105197Ssam		printf("  m_data:\n");
662105197Ssam		for (i = 0; i < m->m_len; i++) {
663105197Ssam			if (i && i % 32 == 0)
664105197Ssam				printf("\n");
665105197Ssam			if (i % 4 == 0)
666105197Ssam				printf(" ");
667105197Ssam			printf("%02x", mtod(m, u_char *)[i]);
668105197Ssam			j++;
669105197Ssam		}
670105197Ssam		printf("\n");
671105197Ssam	}
672105197Ssam
673105197Ssam	return;
674105197Ssam}
675105197Ssam#endif /* _KERNEL */
676105197Ssam
677105197Ssamvoid
678105197Ssamkdebug_sockaddr(addr)
679105197Ssam	struct sockaddr *addr;
680105197Ssam{
681105197Ssam	struct sockaddr_in *sin4;
682105197Ssam#ifdef INET6
683105197Ssam	struct sockaddr_in6 *sin6;
684105197Ssam#endif
685105197Ssam
686105197Ssam	/* sanity check */
687105197Ssam	if (addr == NULL)
688105197Ssam		panic("kdebug_sockaddr: NULL pointer was passed.\n");
689105197Ssam
690105197Ssam	/* NOTE: We deal with port number as host byte order. */
691105197Ssam	printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family);
692105197Ssam
693105197Ssam	switch (addr->sa_family) {
694105197Ssam	case AF_INET:
695105197Ssam		sin4 = (struct sockaddr_in *)addr;
696105197Ssam		printf(" port=%u\n", ntohs(sin4->sin_port));
697105197Ssam		ipsec_hexdump((caddr_t)&sin4->sin_addr, sizeof(sin4->sin_addr));
698105197Ssam		break;
699105197Ssam#ifdef INET6
700105197Ssam	case AF_INET6:
701105197Ssam		sin6 = (struct sockaddr_in6 *)addr;
702105197Ssam		printf(" port=%u\n", ntohs(sin6->sin6_port));
703105197Ssam		printf("  flowinfo=0x%08x, scope_id=0x%08x\n",
704105197Ssam		    sin6->sin6_flowinfo, sin6->sin6_scope_id);
705105197Ssam		ipsec_hexdump((caddr_t)&sin6->sin6_addr,
706105197Ssam		    sizeof(sin6->sin6_addr));
707105197Ssam		break;
708105197Ssam#endif
709105197Ssam	}
710105197Ssam
711105197Ssam	printf("  }\n");
712105197Ssam
713105197Ssam	return;
714105197Ssam}
715105197Ssam
716105197Ssamvoid
717105197Ssamipsec_bindump(buf, len)
718105197Ssam	caddr_t buf;
719105197Ssam	int len;
720105197Ssam{
721105197Ssam	int i;
722105197Ssam
723105197Ssam	for (i = 0; i < len; i++)
724105197Ssam		printf("%c", (unsigned char)buf[i]);
725105197Ssam
726105197Ssam	return;
727105197Ssam}
728105197Ssam
729105197Ssam
730105197Ssamvoid
731105197Ssamipsec_hexdump(buf, len)
732105197Ssam	caddr_t buf;
733105197Ssam	int len;
734105197Ssam{
735105197Ssam	int i;
736105197Ssam
737105197Ssam	for (i = 0; i < len; i++) {
738105197Ssam		if (i != 0 && i % 32 == 0) printf("\n");
739105197Ssam		if (i % 4 == 0) printf(" ");
740105197Ssam		printf("%02x", (unsigned char)buf[i]);
741105197Ssam	}
742105197Ssam#if 0
743105197Ssam	if (i % 32 != 0) printf("\n");
744105197Ssam#endif
745105197Ssam
746105197Ssam	return;
747105197Ssam}
748