1105197Ssam/* $FreeBSD: releng/10.3/sys/netipsec/key_debug.c 283902 2015-06-02 03:43:36Z ae $ */ 2105197Ssam/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3105197Ssam 4139823Simp/*- 5105197Ssam * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6105197Ssam * All rights reserved. 7105197Ssam * 8105197Ssam * Redistribution and use in source and binary forms, with or without 9105197Ssam * modification, are permitted provided that the following conditions 10105197Ssam * are met: 11105197Ssam * 1. Redistributions of source code must retain the above copyright 12105197Ssam * notice, this list of conditions and the following disclaimer. 13105197Ssam * 2. Redistributions in binary form must reproduce the above copyright 14105197Ssam * notice, this list of conditions and the following disclaimer in the 15105197Ssam * documentation and/or other materials provided with the distribution. 16105197Ssam * 3. Neither the name of the project nor the names of its contributors 17105197Ssam * may be used to endorse or promote products derived from this software 18105197Ssam * without specific prior written permission. 19105197Ssam * 20105197Ssam * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21105197Ssam * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22105197Ssam * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23105197Ssam * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24105197Ssam * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25105197Ssam * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26105197Ssam * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27105197Ssam * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28105197Ssam * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29105197Ssam * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30105197Ssam * SUCH DAMAGE. 31105197Ssam */ 32105197Ssam 33105197Ssam#ifdef _KERNEL 34105197Ssam#include "opt_inet.h" 35105197Ssam#include "opt_inet6.h" 36105197Ssam#include "opt_ipsec.h" 37105197Ssam#endif 38105197Ssam 39105197Ssam#include <sys/types.h> 40105197Ssam#include <sys/param.h> 41105197Ssam#ifdef _KERNEL 42105197Ssam#include <sys/systm.h> 43105197Ssam#include <sys/mbuf.h> 44105197Ssam#include <sys/queue.h> 45105197Ssam#endif 46105197Ssam#include <sys/socket.h> 47105197Ssam 48195699Srwatson#include <net/vnet.h> 49105197Ssam 50105197Ssam#include <netipsec/key_var.h> 51105197Ssam#include <netipsec/key_debug.h> 52105197Ssam 53105197Ssam#include <netinet/in.h> 54105197Ssam#include <netipsec/ipsec.h> 55176743Sbz#ifdef _KERNEL 56176743Sbz#include <netipsec/keydb.h> 57176743Sbz#endif 58105197Ssam 59105197Ssam#ifndef _KERNEL 60105197Ssam#include <ctype.h> 61105197Ssam#include <stdio.h> 62105197Ssam#include <stdlib.h> 63105197Ssam#endif /* !_KERNEL */ 64105197Ssam 65283902Saestatic void kdebug_sadb_prop(struct sadb_ext *); 66283902Saestatic void kdebug_sadb_identity(struct sadb_ext *); 67283902Saestatic void kdebug_sadb_supported(struct sadb_ext *); 68283902Saestatic void kdebug_sadb_lifetime(struct sadb_ext *); 69283902Saestatic void kdebug_sadb_sa(struct sadb_ext *); 70283902Saestatic void kdebug_sadb_address(struct sadb_ext *); 71283902Saestatic void kdebug_sadb_key(struct sadb_ext *); 72283902Saestatic void kdebug_sadb_x_sa2(struct sadb_ext *); 73105197Ssam 74105197Ssam#ifdef _KERNEL 75283902Saestatic void kdebug_secreplay(struct secreplay *); 76105197Ssam#endif 77105197Ssam 78105197Ssam#ifndef _KERNEL 79171133Sgnn#define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 80105197Ssam#endif 81105197Ssam 82105197Ssam/* NOTE: host byte order */ 83105197Ssam 84105197Ssam/* %%%: about struct sadb_msg */ 85105197Ssamvoid 86283902Saekdebug_sadb(struct sadb_msg *base) 87105197Ssam{ 88105197Ssam struct sadb_ext *ext; 89105197Ssam int tlen, extlen; 90105197Ssam 91105197Ssam /* sanity check */ 92105197Ssam if (base == NULL) 93120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 94105197Ssam 95105197Ssam printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n", 96105197Ssam base->sadb_msg_version, base->sadb_msg_type, 97105197Ssam base->sadb_msg_errno, base->sadb_msg_satype); 98105197Ssam printf(" len=%u reserved=%u seq=%u pid=%u\n", 99105197Ssam base->sadb_msg_len, base->sadb_msg_reserved, 100105197Ssam base->sadb_msg_seq, base->sadb_msg_pid); 101105197Ssam 102105197Ssam tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 103105197Ssam ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 104105197Ssam 105105197Ssam while (tlen > 0) { 106105197Ssam printf("sadb_ext{ len=%u type=%u }\n", 107105197Ssam ext->sadb_ext_len, ext->sadb_ext_type); 108105197Ssam 109105197Ssam if (ext->sadb_ext_len == 0) { 110120585Ssam printf("%s: invalid ext_len=0 was passed.\n", __func__); 111105197Ssam return; 112105197Ssam } 113105197Ssam if (ext->sadb_ext_len > tlen) { 114120585Ssam printf("%s: ext_len too big (%u > %u).\n", 115120585Ssam __func__, ext->sadb_ext_len, tlen); 116105197Ssam return; 117105197Ssam } 118105197Ssam 119105197Ssam switch (ext->sadb_ext_type) { 120105197Ssam case SADB_EXT_SA: 121105197Ssam kdebug_sadb_sa(ext); 122105197Ssam break; 123105197Ssam case SADB_EXT_LIFETIME_CURRENT: 124105197Ssam case SADB_EXT_LIFETIME_HARD: 125105197Ssam case SADB_EXT_LIFETIME_SOFT: 126105197Ssam kdebug_sadb_lifetime(ext); 127105197Ssam break; 128105197Ssam case SADB_EXT_ADDRESS_SRC: 129105197Ssam case SADB_EXT_ADDRESS_DST: 130105197Ssam case SADB_EXT_ADDRESS_PROXY: 131105197Ssam kdebug_sadb_address(ext); 132105197Ssam break; 133105197Ssam case SADB_EXT_KEY_AUTH: 134105197Ssam case SADB_EXT_KEY_ENCRYPT: 135105197Ssam kdebug_sadb_key(ext); 136105197Ssam break; 137105197Ssam case SADB_EXT_IDENTITY_SRC: 138105197Ssam case SADB_EXT_IDENTITY_DST: 139105197Ssam kdebug_sadb_identity(ext); 140105197Ssam break; 141105197Ssam case SADB_EXT_SENSITIVITY: 142105197Ssam break; 143105197Ssam case SADB_EXT_PROPOSAL: 144105197Ssam kdebug_sadb_prop(ext); 145105197Ssam break; 146105197Ssam case SADB_EXT_SUPPORTED_AUTH: 147105197Ssam case SADB_EXT_SUPPORTED_ENCRYPT: 148105197Ssam kdebug_sadb_supported(ext); 149105197Ssam break; 150105197Ssam case SADB_EXT_SPIRANGE: 151105197Ssam case SADB_X_EXT_KMPRIVATE: 152105197Ssam break; 153105197Ssam case SADB_X_EXT_POLICY: 154105197Ssam kdebug_sadb_x_policy(ext); 155105197Ssam break; 156105197Ssam case SADB_X_EXT_SA2: 157105197Ssam kdebug_sadb_x_sa2(ext); 158105197Ssam break; 159105197Ssam default: 160120585Ssam printf("%s: invalid ext_type %u\n", __func__, 161105197Ssam ext->sadb_ext_type); 162105197Ssam return; 163105197Ssam } 164105197Ssam 165105197Ssam extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 166105197Ssam tlen -= extlen; 167105197Ssam ext = (struct sadb_ext *)((caddr_t)ext + extlen); 168105197Ssam } 169105197Ssam 170105197Ssam return; 171105197Ssam} 172105197Ssam 173105197Ssamstatic void 174283902Saekdebug_sadb_prop(struct sadb_ext *ext) 175105197Ssam{ 176105197Ssam struct sadb_prop *prop = (struct sadb_prop *)ext; 177105197Ssam struct sadb_comb *comb; 178105197Ssam int len; 179105197Ssam 180105197Ssam /* sanity check */ 181105197Ssam if (ext == NULL) 182120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 183105197Ssam 184105197Ssam len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 185105197Ssam / sizeof(*comb); 186105197Ssam comb = (struct sadb_comb *)(prop + 1); 187105197Ssam printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 188105197Ssam 189105197Ssam while (len--) { 190105197Ssam printf("sadb_comb{ auth=%u encrypt=%u " 191105197Ssam "flags=0x%04x reserved=0x%08x\n", 192105197Ssam comb->sadb_comb_auth, comb->sadb_comb_encrypt, 193105197Ssam comb->sadb_comb_flags, comb->sadb_comb_reserved); 194105197Ssam 195105197Ssam printf(" auth_minbits=%u auth_maxbits=%u " 196105197Ssam "encrypt_minbits=%u encrypt_maxbits=%u\n", 197105197Ssam comb->sadb_comb_auth_minbits, 198105197Ssam comb->sadb_comb_auth_maxbits, 199105197Ssam comb->sadb_comb_encrypt_minbits, 200105197Ssam comb->sadb_comb_encrypt_maxbits); 201105197Ssam 202105197Ssam printf(" soft_alloc=%u hard_alloc=%u " 203105197Ssam "soft_bytes=%lu hard_bytes=%lu\n", 204105197Ssam comb->sadb_comb_soft_allocations, 205105197Ssam comb->sadb_comb_hard_allocations, 206105197Ssam (unsigned long)comb->sadb_comb_soft_bytes, 207105197Ssam (unsigned long)comb->sadb_comb_hard_bytes); 208105197Ssam 209105197Ssam printf(" soft_alloc=%lu hard_alloc=%lu " 210105197Ssam "soft_bytes=%lu hard_bytes=%lu }\n", 211105197Ssam (unsigned long)comb->sadb_comb_soft_addtime, 212105197Ssam (unsigned long)comb->sadb_comb_hard_addtime, 213105197Ssam (unsigned long)comb->sadb_comb_soft_usetime, 214105197Ssam (unsigned long)comb->sadb_comb_hard_usetime); 215105197Ssam comb++; 216105197Ssam } 217105197Ssam printf("}\n"); 218105197Ssam 219105197Ssam return; 220105197Ssam} 221105197Ssam 222105197Ssamstatic void 223283902Saekdebug_sadb_identity(struct sadb_ext *ext) 224105197Ssam{ 225105197Ssam struct sadb_ident *id = (struct sadb_ident *)ext; 226105197Ssam int len; 227105197Ssam 228105197Ssam /* sanity check */ 229105197Ssam if (ext == NULL) 230120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 231105197Ssam 232105197Ssam len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 233105197Ssam printf("sadb_ident_%s{", 234105197Ssam id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 235105197Ssam switch (id->sadb_ident_type) { 236105197Ssam default: 237105197Ssam printf(" type=%d id=%lu", 238105197Ssam id->sadb_ident_type, (u_long)id->sadb_ident_id); 239105197Ssam if (len) { 240105197Ssam#ifdef _KERNEL 241105197Ssam ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 242105197Ssam#else 243105197Ssam char *p, *ep; 244105197Ssam printf("\n str=\""); 245105197Ssam p = (char *)(id + 1); 246105197Ssam ep = p + len; 247105197Ssam for (/*nothing*/; *p && p < ep; p++) { 248105197Ssam if (isprint(*p)) 249105197Ssam printf("%c", *p & 0xff); 250105197Ssam else 251105197Ssam printf("\\%03o", *p & 0xff); 252105197Ssam } 253105197Ssam#endif 254105197Ssam printf("\""); 255105197Ssam } 256105197Ssam break; 257105197Ssam } 258105197Ssam 259105197Ssam printf(" }\n"); 260105197Ssam 261105197Ssam return; 262105197Ssam} 263105197Ssam 264105197Ssamstatic void 265283902Saekdebug_sadb_supported(struct sadb_ext *ext) 266105197Ssam{ 267105197Ssam struct sadb_supported *sup = (struct sadb_supported *)ext; 268105197Ssam struct sadb_alg *alg; 269105197Ssam int len; 270105197Ssam 271105197Ssam /* sanity check */ 272105197Ssam if (ext == NULL) 273120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 274105197Ssam 275105197Ssam len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 276105197Ssam / sizeof(*alg); 277105197Ssam alg = (struct sadb_alg *)(sup + 1); 278105197Ssam printf("sadb_sup{\n"); 279105197Ssam while (len--) { 280105197Ssam printf(" { id=%d ivlen=%d min=%d max=%d }\n", 281105197Ssam alg->sadb_alg_id, alg->sadb_alg_ivlen, 282105197Ssam alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 283105197Ssam alg++; 284105197Ssam } 285105197Ssam printf("}\n"); 286105197Ssam 287105197Ssam return; 288105197Ssam} 289105197Ssam 290105197Ssamstatic void 291283902Saekdebug_sadb_lifetime(struct sadb_ext *ext) 292105197Ssam{ 293105197Ssam struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 294105197Ssam 295105197Ssam /* sanity check */ 296105197Ssam if (ext == NULL) 297176743Sbz panic("%s: NULL pointer was passed.\n", __func__); 298105197Ssam 299105197Ssam printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 300105197Ssam lft->sadb_lifetime_allocations, 301105197Ssam (u_int32_t)lft->sadb_lifetime_bytes); 302105197Ssam printf(" addtime=%u, usetime=%u }\n", 303105197Ssam (u_int32_t)lft->sadb_lifetime_addtime, 304105197Ssam (u_int32_t)lft->sadb_lifetime_usetime); 305105197Ssam 306105197Ssam return; 307105197Ssam} 308105197Ssam 309105197Ssamstatic void 310283902Saekdebug_sadb_sa(struct sadb_ext *ext) 311105197Ssam{ 312105197Ssam struct sadb_sa *sa = (struct sadb_sa *)ext; 313105197Ssam 314105197Ssam /* sanity check */ 315105197Ssam if (ext == NULL) 316120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 317105197Ssam 318105197Ssam printf("sadb_sa{ spi=%u replay=%u state=%u\n", 319105197Ssam (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 320105197Ssam sa->sadb_sa_state); 321105197Ssam printf(" auth=%u encrypt=%u flags=0x%08x }\n", 322105197Ssam sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 323105197Ssam 324105197Ssam return; 325105197Ssam} 326105197Ssam 327105197Ssamstatic void 328283902Saekdebug_sadb_address(struct sadb_ext *ext) 329105197Ssam{ 330105197Ssam struct sadb_address *addr = (struct sadb_address *)ext; 331105197Ssam 332105197Ssam /* sanity check */ 333105197Ssam if (ext == NULL) 334120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 335105197Ssam 336105197Ssam printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 337105197Ssam addr->sadb_address_proto, addr->sadb_address_prefixlen, 338105197Ssam ((u_char *)&addr->sadb_address_reserved)[0], 339105197Ssam ((u_char *)&addr->sadb_address_reserved)[1]); 340105197Ssam 341105197Ssam kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 342105197Ssam 343105197Ssam return; 344105197Ssam} 345105197Ssam 346105197Ssamstatic void 347283902Saekdebug_sadb_key(struct sadb_ext *ext) 348105197Ssam{ 349105197Ssam struct sadb_key *key = (struct sadb_key *)ext; 350105197Ssam 351105197Ssam /* sanity check */ 352105197Ssam if (ext == NULL) 353120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 354105197Ssam 355105197Ssam printf("sadb_key{ bits=%u reserved=%u\n", 356105197Ssam key->sadb_key_bits, key->sadb_key_reserved); 357105197Ssam printf(" key="); 358105197Ssam 359105197Ssam /* sanity check 2 */ 360105197Ssam if ((key->sadb_key_bits >> 3) > 361105197Ssam (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 362120585Ssam printf("%s: key length mismatch, bit:%d len:%ld.\n", 363120585Ssam __func__, 364105197Ssam key->sadb_key_bits >> 3, 365105197Ssam (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 366105197Ssam } 367105197Ssam 368105197Ssam ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 369105197Ssam key->sadb_key_bits >> 3); 370105197Ssam printf(" }\n"); 371105197Ssam return; 372105197Ssam} 373105197Ssam 374105197Ssamstatic void 375283902Saekdebug_sadb_x_sa2(struct sadb_ext *ext) 376105197Ssam{ 377105197Ssam struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 378105197Ssam 379105197Ssam /* sanity check */ 380105197Ssam if (ext == NULL) 381120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 382105197Ssam 383105197Ssam printf("sadb_x_sa2{ mode=%u reqid=%u\n", 384105197Ssam sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 385105197Ssam printf(" reserved1=%u reserved2=%u sequence=%u }\n", 386105197Ssam sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 387105197Ssam sa2->sadb_x_sa2_sequence); 388105197Ssam 389105197Ssam return; 390105197Ssam} 391105197Ssam 392105197Ssamvoid 393283902Saekdebug_sadb_x_policy(struct sadb_ext *ext) 394105197Ssam{ 395105197Ssam struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 396105197Ssam struct sockaddr *addr; 397105197Ssam 398105197Ssam /* sanity check */ 399105197Ssam if (ext == NULL) 400120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 401105197Ssam 402105197Ssam printf("sadb_x_policy{ type=%u dir=%u id=%x }\n", 403105197Ssam xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 404105197Ssam xpl->sadb_x_policy_id); 405105197Ssam 406105197Ssam if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 407105197Ssam int tlen; 408105197Ssam struct sadb_x_ipsecrequest *xisr; 409105197Ssam 410105197Ssam tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 411105197Ssam xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 412105197Ssam 413105197Ssam while (tlen > 0) { 414105197Ssam printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 415105197Ssam xisr->sadb_x_ipsecrequest_len, 416105197Ssam xisr->sadb_x_ipsecrequest_proto, 417105197Ssam xisr->sadb_x_ipsecrequest_mode, 418105197Ssam xisr->sadb_x_ipsecrequest_level, 419105197Ssam xisr->sadb_x_ipsecrequest_reqid); 420105197Ssam 421105197Ssam if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 422105197Ssam addr = (struct sockaddr *)(xisr + 1); 423105197Ssam kdebug_sockaddr(addr); 424105197Ssam addr = (struct sockaddr *)((caddr_t)addr 425105197Ssam + addr->sa_len); 426105197Ssam kdebug_sockaddr(addr); 427105197Ssam } 428105197Ssam 429105197Ssam printf(" }\n"); 430105197Ssam 431105197Ssam /* prevent infinite loop */ 432105197Ssam if (xisr->sadb_x_ipsecrequest_len <= 0) { 433120585Ssam printf("%s: wrong policy struct.\n", __func__); 434105197Ssam return; 435105197Ssam } 436105197Ssam /* prevent overflow */ 437105197Ssam if (xisr->sadb_x_ipsecrequest_len > tlen) { 438120585Ssam printf("%s: invalid ipsec policy length " 439120585Ssam "(%u > %u)\n", __func__, 440120585Ssam xisr->sadb_x_ipsecrequest_len, tlen); 441105197Ssam return; 442105197Ssam } 443105197Ssam 444105197Ssam tlen -= xisr->sadb_x_ipsecrequest_len; 445105197Ssam 446105197Ssam xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 447105197Ssam + xisr->sadb_x_ipsecrequest_len); 448105197Ssam } 449105197Ssam 450105197Ssam if (tlen != 0) 451120585Ssam panic("%s: wrong policy struct.\n", __func__); 452105197Ssam } 453105197Ssam 454105197Ssam return; 455105197Ssam} 456105197Ssam 457105197Ssam#ifdef _KERNEL 458105197Ssam/* %%%: about SPD and SAD */ 459105197Ssamvoid 460283902Saekdebug_secpolicy(struct secpolicy *sp) 461105197Ssam{ 462105197Ssam /* sanity check */ 463105197Ssam if (sp == NULL) 464120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 465105197Ssam 466105197Ssam printf("secpolicy{ refcnt=%u state=%u policy=%u\n", 467105197Ssam sp->refcnt, sp->state, sp->policy); 468105197Ssam 469105197Ssam kdebug_secpolicyindex(&sp->spidx); 470105197Ssam 471105197Ssam switch (sp->policy) { 472105197Ssam case IPSEC_POLICY_DISCARD: 473105197Ssam printf(" type=discard }\n"); 474105197Ssam break; 475105197Ssam case IPSEC_POLICY_NONE: 476105197Ssam printf(" type=none }\n"); 477105197Ssam break; 478105197Ssam case IPSEC_POLICY_IPSEC: 479105197Ssam { 480105197Ssam struct ipsecrequest *isr; 481105197Ssam for (isr = sp->req; isr != NULL; isr = isr->next) { 482105197Ssam 483105197Ssam printf(" level=%u\n", isr->level); 484105197Ssam kdebug_secasindex(&isr->saidx); 485105197Ssam 486105197Ssam if (isr->sav != NULL) 487105197Ssam kdebug_secasv(isr->sav); 488105197Ssam } 489105197Ssam printf(" }\n"); 490105197Ssam } 491105197Ssam break; 492105197Ssam case IPSEC_POLICY_BYPASS: 493105197Ssam printf(" type=bypass }\n"); 494105197Ssam break; 495105197Ssam case IPSEC_POLICY_ENTRUST: 496105197Ssam printf(" type=entrust }\n"); 497105197Ssam break; 498105197Ssam default: 499120585Ssam printf("%s: Invalid policy found. %d\n", __func__, sp->policy); 500105197Ssam break; 501105197Ssam } 502105197Ssam 503105197Ssam return; 504105197Ssam} 505105197Ssam 506105197Ssamvoid 507283902Saekdebug_secpolicyindex(struct secpolicyindex *spidx) 508105197Ssam{ 509105197Ssam /* sanity check */ 510105197Ssam if (spidx == NULL) 511120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 512105197Ssam 513105197Ssam printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n", 514105197Ssam spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto); 515105197Ssam 516105197Ssam ipsec_hexdump((caddr_t)&spidx->src, 517105197Ssam ((struct sockaddr *)&spidx->src)->sa_len); 518105197Ssam printf("\n"); 519105197Ssam ipsec_hexdump((caddr_t)&spidx->dst, 520105197Ssam ((struct sockaddr *)&spidx->dst)->sa_len); 521105197Ssam printf("}\n"); 522105197Ssam 523105197Ssam return; 524105197Ssam} 525105197Ssam 526105197Ssamvoid 527283902Saekdebug_secasindex(struct secasindex *saidx) 528105197Ssam{ 529105197Ssam /* sanity check */ 530105197Ssam if (saidx == NULL) 531120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 532105197Ssam 533105197Ssam printf("secasindex{ mode=%u proto=%u\n", 534105197Ssam saidx->mode, saidx->proto); 535105197Ssam 536105197Ssam ipsec_hexdump((caddr_t)&saidx->src, 537105197Ssam ((struct sockaddr *)&saidx->src)->sa_len); 538105197Ssam printf("\n"); 539105197Ssam ipsec_hexdump((caddr_t)&saidx->dst, 540105197Ssam ((struct sockaddr *)&saidx->dst)->sa_len); 541105197Ssam printf("\n"); 542105197Ssam 543105197Ssam return; 544105197Ssam} 545105197Ssam 546176743Sbzstatic void 547176743Sbzkdebug_sec_lifetime(struct seclifetime *lft) 548176743Sbz{ 549176743Sbz /* sanity check */ 550176743Sbz if (lft == NULL) 551176743Sbz panic("%s: NULL pointer was passed.\n", __func__); 552176743Sbz 553176743Sbz printf("sec_lifetime{ alloc=%u, bytes=%u\n", 554176743Sbz lft->allocations, (u_int32_t)lft->bytes); 555176743Sbz printf(" addtime=%u, usetime=%u }\n", 556176743Sbz (u_int32_t)lft->addtime, (u_int32_t)lft->usetime); 557176743Sbz 558176743Sbz return; 559176743Sbz} 560176743Sbz 561105197Ssamvoid 562283902Saekdebug_secasv(struct secasvar *sav) 563105197Ssam{ 564105197Ssam /* sanity check */ 565105197Ssam if (sav == NULL) 566120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 567105197Ssam 568105197Ssam printf("secas{"); 569105197Ssam kdebug_secasindex(&sav->sah->saidx); 570105197Ssam 571105197Ssam printf(" refcnt=%u state=%u auth=%u enc=%u\n", 572105197Ssam sav->refcnt, sav->state, sav->alg_auth, sav->alg_enc); 573105197Ssam printf(" spi=%u flags=%u\n", 574105197Ssam (u_int32_t)ntohl(sav->spi), sav->flags); 575105197Ssam 576105197Ssam if (sav->key_auth != NULL) 577105197Ssam kdebug_sadb_key((struct sadb_ext *)sav->key_auth); 578105197Ssam if (sav->key_enc != NULL) 579105197Ssam kdebug_sadb_key((struct sadb_ext *)sav->key_enc); 580105197Ssam if (sav->iv != NULL) { 581105197Ssam printf(" iv="); 582105197Ssam ipsec_hexdump(sav->iv, sav->ivlen ? sav->ivlen : 8); 583105197Ssam printf("\n"); 584105197Ssam } 585105197Ssam 586105197Ssam if (sav->replay != NULL) 587105197Ssam kdebug_secreplay(sav->replay); 588105197Ssam if (sav->lft_c != NULL) 589176743Sbz kdebug_sec_lifetime(sav->lft_c); 590105197Ssam if (sav->lft_h != NULL) 591176743Sbz kdebug_sec_lifetime(sav->lft_h); 592105197Ssam if (sav->lft_s != NULL) 593176743Sbz kdebug_sec_lifetime(sav->lft_s); 594105197Ssam 595153110Sru#ifdef notyet 596105197Ssam /* XXX: misc[123] ? */ 597105197Ssam#endif 598105197Ssam 599105197Ssam return; 600105197Ssam} 601105197Ssam 602105197Ssamstatic void 603283902Saekdebug_secreplay(struct secreplay *rpl) 604105197Ssam{ 605105197Ssam int len, l; 606105197Ssam 607105197Ssam /* sanity check */ 608105197Ssam if (rpl == NULL) 609120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 610105197Ssam 611105197Ssam printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u", 612105197Ssam rpl->count, rpl->wsize, rpl->seq, rpl->lastseq); 613105197Ssam 614105197Ssam if (rpl->bitmap == NULL) { 615105197Ssam printf(" }\n"); 616105197Ssam return; 617105197Ssam } 618105197Ssam 619105197Ssam printf("\n bitmap { "); 620105197Ssam 621105197Ssam for (len = 0; len < rpl->wsize; len++) { 622105197Ssam for (l = 7; l >= 0; l--) 623105197Ssam printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 624105197Ssam } 625105197Ssam printf(" }\n"); 626105197Ssam 627105197Ssam return; 628105197Ssam} 629105197Ssam 630105197Ssamvoid 631283902Saekdebug_mbufhdr(struct mbuf *m) 632105197Ssam{ 633105197Ssam /* sanity check */ 634105197Ssam if (m == NULL) 635105197Ssam return; 636105197Ssam 637105197Ssam printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 638105197Ssam "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 639105197Ssam m, m->m_next, m->m_nextpkt, m->m_data, 640105197Ssam m->m_len, m->m_type, m->m_flags); 641105197Ssam 642105197Ssam if (m->m_flags & M_PKTHDR) { 643105197Ssam printf(" m_pkthdr{ len:%d rcvif:%p }\n", 644105197Ssam m->m_pkthdr.len, m->m_pkthdr.rcvif); 645105197Ssam } 646105197Ssam 647105197Ssam if (m->m_flags & M_EXT) { 648105197Ssam printf(" m_ext{ ext_buf:%p ext_free:%p " 649105197Ssam "ext_size:%u ref_cnt:%p }\n", 650105197Ssam m->m_ext.ext_buf, m->m_ext.ext_free, 651105197Ssam m->m_ext.ext_size, m->m_ext.ref_cnt); 652105197Ssam } 653105197Ssam 654105197Ssam return; 655105197Ssam} 656105197Ssam 657105197Ssamvoid 658283902Saekdebug_mbuf(struct mbuf *m0) 659105197Ssam{ 660105197Ssam struct mbuf *m = m0; 661105197Ssam int i, j; 662105197Ssam 663105197Ssam for (j = 0; m; m = m->m_next) { 664105197Ssam kdebug_mbufhdr(m); 665105197Ssam printf(" m_data:\n"); 666105197Ssam for (i = 0; i < m->m_len; i++) { 667105197Ssam if (i && i % 32 == 0) 668105197Ssam printf("\n"); 669105197Ssam if (i % 4 == 0) 670105197Ssam printf(" "); 671105197Ssam printf("%02x", mtod(m, u_char *)[i]); 672105197Ssam j++; 673105197Ssam } 674105197Ssam printf("\n"); 675105197Ssam } 676105197Ssam 677105197Ssam return; 678105197Ssam} 679105197Ssam#endif /* _KERNEL */ 680105197Ssam 681105197Ssamvoid 682283902Saekdebug_sockaddr(struct sockaddr *addr) 683105197Ssam{ 684105197Ssam struct sockaddr_in *sin4; 685105197Ssam#ifdef INET6 686105197Ssam struct sockaddr_in6 *sin6; 687105197Ssam#endif 688105197Ssam 689105197Ssam /* sanity check */ 690105197Ssam if (addr == NULL) 691120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 692105197Ssam 693105197Ssam /* NOTE: We deal with port number as host byte order. */ 694105197Ssam printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family); 695105197Ssam 696105197Ssam switch (addr->sa_family) { 697105197Ssam case AF_INET: 698105197Ssam sin4 = (struct sockaddr_in *)addr; 699105197Ssam printf(" port=%u\n", ntohs(sin4->sin_port)); 700105197Ssam ipsec_hexdump((caddr_t)&sin4->sin_addr, sizeof(sin4->sin_addr)); 701105197Ssam break; 702105197Ssam#ifdef INET6 703105197Ssam case AF_INET6: 704105197Ssam sin6 = (struct sockaddr_in6 *)addr; 705105197Ssam printf(" port=%u\n", ntohs(sin6->sin6_port)); 706105197Ssam printf(" flowinfo=0x%08x, scope_id=0x%08x\n", 707105197Ssam sin6->sin6_flowinfo, sin6->sin6_scope_id); 708105197Ssam ipsec_hexdump((caddr_t)&sin6->sin6_addr, 709105197Ssam sizeof(sin6->sin6_addr)); 710105197Ssam break; 711105197Ssam#endif 712105197Ssam } 713105197Ssam 714105197Ssam printf(" }\n"); 715105197Ssam 716105197Ssam return; 717105197Ssam} 718105197Ssam 719105197Ssamvoid 720283902Saeipsec_bindump(caddr_t buf, int len) 721105197Ssam{ 722105197Ssam int i; 723105197Ssam 724105197Ssam for (i = 0; i < len; i++) 725105197Ssam printf("%c", (unsigned char)buf[i]); 726105197Ssam 727105197Ssam return; 728105197Ssam} 729105197Ssam 730105197Ssam 731105197Ssamvoid 732283902Saeipsec_hexdump(caddr_t buf, int len) 733105197Ssam{ 734105197Ssam int i; 735105197Ssam 736105197Ssam for (i = 0; i < len; i++) { 737105197Ssam if (i != 0 && i % 32 == 0) printf("\n"); 738105197Ssam if (i % 4 == 0) printf(" "); 739105197Ssam printf("%02x", (unsigned char)buf[i]); 740105197Ssam } 741105197Ssam#if 0 742105197Ssam if (i % 32 != 0) printf("\n"); 743105197Ssam#endif 744105197Ssam 745105197Ssam return; 746105197Ssam} 747