1105197Ssam/*	$FreeBSD: stable/11/sys/netipsec/key_debug.c 336334 2018-07-16 10:32:11Z ae $	*/
2105197Ssam/*	$KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $	*/
3105197Ssam
4139823Simp/*-
5105197Ssam * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6105197Ssam * All rights reserved.
7105197Ssam *
8105197Ssam * Redistribution and use in source and binary forms, with or without
9105197Ssam * modification, are permitted provided that the following conditions
10105197Ssam * are met:
11105197Ssam * 1. Redistributions of source code must retain the above copyright
12105197Ssam *    notice, this list of conditions and the following disclaimer.
13105197Ssam * 2. Redistributions in binary form must reproduce the above copyright
14105197Ssam *    notice, this list of conditions and the following disclaimer in the
15105197Ssam *    documentation and/or other materials provided with the distribution.
16105197Ssam * 3. Neither the name of the project nor the names of its contributors
17105197Ssam *    may be used to endorse or promote products derived from this software
18105197Ssam *    without specific prior written permission.
19105197Ssam *
20105197Ssam * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21105197Ssam * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22105197Ssam * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23105197Ssam * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24105197Ssam * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25105197Ssam * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26105197Ssam * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27105197Ssam * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28105197Ssam * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29105197Ssam * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30105197Ssam * SUCH DAMAGE.
31105197Ssam */
32105197Ssam
33105197Ssam#ifdef _KERNEL
34105197Ssam#include "opt_inet.h"
35105197Ssam#include "opt_inet6.h"
36105197Ssam#include "opt_ipsec.h"
37105197Ssam#endif
38105197Ssam
39105197Ssam#include <sys/param.h>
40105197Ssam#ifdef _KERNEL
41105197Ssam#include <sys/systm.h>
42315514Sae#include <sys/lock.h>
43295126Sglebius#include <sys/malloc.h>
44105197Ssam#include <sys/mbuf.h>
45315514Sae#include <sys/mutex.h>
46105197Ssam#include <sys/queue.h>
47105197Ssam#endif
48105197Ssam#include <sys/socket.h>
49105197Ssam
50195699Srwatson#include <net/vnet.h>
51105197Ssam
52105197Ssam#include <netipsec/key_var.h>
53105197Ssam#include <netipsec/key_debug.h>
54105197Ssam
55105197Ssam#include <netinet/in.h>
56105197Ssam#include <netipsec/ipsec.h>
57176743Sbz#ifdef _KERNEL
58176743Sbz#include <netipsec/keydb.h>
59315514Sae#include <netipsec/xform.h>
60176743Sbz#endif
61105197Ssam
62105197Ssam#ifndef _KERNEL
63105197Ssam#include <ctype.h>
64105197Ssam#include <stdio.h>
65105197Ssam#include <stdlib.h>
66317502Sae#include <arpa/inet.h>
67105197Ssam#endif /* !_KERNEL */
68105197Ssam
69275438Saestatic void kdebug_sadb_prop(struct sadb_ext *);
70275438Saestatic void kdebug_sadb_identity(struct sadb_ext *);
71275438Saestatic void kdebug_sadb_supported(struct sadb_ext *);
72275438Saestatic void kdebug_sadb_lifetime(struct sadb_ext *);
73275438Saestatic void kdebug_sadb_sa(struct sadb_ext *);
74275438Saestatic void kdebug_sadb_address(struct sadb_ext *);
75275438Saestatic void kdebug_sadb_key(struct sadb_ext *);
76275438Saestatic void kdebug_sadb_x_sa2(struct sadb_ext *);
77317502Saestatic void kdebug_sadb_x_sa_replay(struct sadb_ext *);
78317502Saestatic void kdebug_sadb_x_natt(struct sadb_ext *);
79105197Ssam
80105197Ssam#ifndef _KERNEL
81171133Sgnn#define panic(fmt, ...)	{ printf(fmt, ## __VA_ARGS__); exit(-1); }
82105197Ssam#endif
83105197Ssam
84105197Ssam/* NOTE: host byte order */
85105197Ssam
86336334Saestatic const char*
87336334Saekdebug_sadb_type(uint8_t type)
88336334Sae{
89336334Sae#define	SADB_NAME(n)	case SADB_ ## n: return (#n)
90336334Sae
91336334Sae	switch (type) {
92336334Sae	SADB_NAME(RESERVED);
93336334Sae	SADB_NAME(GETSPI);
94336334Sae	SADB_NAME(UPDATE);
95336334Sae	SADB_NAME(ADD);
96336334Sae	SADB_NAME(DELETE);
97336334Sae	SADB_NAME(GET);
98336334Sae	SADB_NAME(ACQUIRE);
99336334Sae	SADB_NAME(REGISTER);
100336334Sae	SADB_NAME(EXPIRE);
101336334Sae	SADB_NAME(FLUSH);
102336334Sae	SADB_NAME(DUMP);
103336334Sae	SADB_NAME(X_PROMISC);
104336334Sae	SADB_NAME(X_PCHANGE);
105336334Sae	SADB_NAME(X_SPDUPDATE);
106336334Sae	SADB_NAME(X_SPDADD);
107336334Sae	SADB_NAME(X_SPDDELETE);
108336334Sae	SADB_NAME(X_SPDGET);
109336334Sae	SADB_NAME(X_SPDACQUIRE);
110336334Sae	SADB_NAME(X_SPDDUMP);
111336334Sae	SADB_NAME(X_SPDFLUSH);
112336334Sae	SADB_NAME(X_SPDSETIDX);
113336334Sae	SADB_NAME(X_SPDEXPIRE);
114336334Sae	SADB_NAME(X_SPDDELETE2);
115336334Sae	default:
116336334Sae		return ("UNKNOWN");
117336334Sae	}
118336334Sae#undef SADB_NAME
119336334Sae}
120336334Sae
121336334Saestatic const char*
122336334Saekdebug_sadb_exttype(uint16_t type)
123336334Sae{
124336334Sae#define	EXT_NAME(n)	case SADB_EXT_ ## n: return (#n)
125336334Sae#define	X_NAME(n)	case SADB_X_EXT_ ## n: return (#n)
126336334Sae
127336334Sae	switch (type) {
128336334Sae	EXT_NAME(RESERVED);
129336334Sae	EXT_NAME(SA);
130336334Sae	EXT_NAME(LIFETIME_CURRENT);
131336334Sae	EXT_NAME(LIFETIME_HARD);
132336334Sae	EXT_NAME(LIFETIME_SOFT);
133336334Sae	EXT_NAME(ADDRESS_SRC);
134336334Sae	EXT_NAME(ADDRESS_DST);
135336334Sae	EXT_NAME(ADDRESS_PROXY);
136336334Sae	EXT_NAME(KEY_AUTH);
137336334Sae	EXT_NAME(KEY_ENCRYPT);
138336334Sae	EXT_NAME(IDENTITY_SRC);
139336334Sae	EXT_NAME(IDENTITY_DST);
140336334Sae	EXT_NAME(SENSITIVITY);
141336334Sae	EXT_NAME(PROPOSAL);
142336334Sae	EXT_NAME(SUPPORTED_AUTH);
143336334Sae	EXT_NAME(SUPPORTED_ENCRYPT);
144336334Sae	EXT_NAME(SPIRANGE);
145336334Sae	X_NAME(KMPRIVATE);
146336334Sae	X_NAME(POLICY);
147336334Sae	X_NAME(SA2);
148336334Sae	X_NAME(NAT_T_TYPE);
149336334Sae	X_NAME(NAT_T_SPORT);
150336334Sae	X_NAME(NAT_T_DPORT);
151336334Sae	X_NAME(NAT_T_OAI);
152336334Sae	X_NAME(NAT_T_OAR);
153336334Sae	X_NAME(NAT_T_FRAG);
154336334Sae	X_NAME(SA_REPLAY);
155336334Sae	X_NAME(NEW_ADDRESS_SRC);
156336334Sae	X_NAME(NEW_ADDRESS_DST);
157336334Sae	default:
158336334Sae		return ("UNKNOWN");
159336334Sae	};
160336334Sae#undef EXT_NAME
161336334Sae#undef X_NAME
162336334Sae}
163336334Sae
164336334Sae
165105197Ssam/* %%%: about struct sadb_msg */
166105197Ssamvoid
167275437Saekdebug_sadb(struct sadb_msg *base)
168105197Ssam{
169105197Ssam	struct sadb_ext *ext;
170105197Ssam	int tlen, extlen;
171105197Ssam
172105197Ssam	/* sanity check */
173105197Ssam	if (base == NULL)
174120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
175105197Ssam
176336334Sae	printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n",
177105197Ssam	    base->sadb_msg_version, base->sadb_msg_type,
178336334Sae	    kdebug_sadb_type(base->sadb_msg_type),
179105197Ssam	    base->sadb_msg_errno, base->sadb_msg_satype);
180105197Ssam	printf("  len=%u reserved=%u seq=%u pid=%u\n",
181105197Ssam	    base->sadb_msg_len, base->sadb_msg_reserved,
182105197Ssam	    base->sadb_msg_seq, base->sadb_msg_pid);
183105197Ssam
184105197Ssam	tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
185105197Ssam	ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg));
186105197Ssam
187105197Ssam	while (tlen > 0) {
188336334Sae		printf("sadb_ext{ len=%u type=%u(%s) }\n",
189336334Sae		    ext->sadb_ext_len, ext->sadb_ext_type,
190336334Sae		    kdebug_sadb_exttype(ext->sadb_ext_type));
191105197Ssam
192105197Ssam		if (ext->sadb_ext_len == 0) {
193120585Ssam			printf("%s: invalid ext_len=0 was passed.\n", __func__);
194105197Ssam			return;
195105197Ssam		}
196105197Ssam		if (ext->sadb_ext_len > tlen) {
197120585Ssam			printf("%s: ext_len too big (%u > %u).\n",
198120585Ssam				__func__, ext->sadb_ext_len, tlen);
199105197Ssam			return;
200105197Ssam		}
201105197Ssam
202105197Ssam		switch (ext->sadb_ext_type) {
203105197Ssam		case SADB_EXT_SA:
204105197Ssam			kdebug_sadb_sa(ext);
205105197Ssam			break;
206105197Ssam		case SADB_EXT_LIFETIME_CURRENT:
207105197Ssam		case SADB_EXT_LIFETIME_HARD:
208105197Ssam		case SADB_EXT_LIFETIME_SOFT:
209105197Ssam			kdebug_sadb_lifetime(ext);
210105197Ssam			break;
211105197Ssam		case SADB_EXT_ADDRESS_SRC:
212105197Ssam		case SADB_EXT_ADDRESS_DST:
213105197Ssam		case SADB_EXT_ADDRESS_PROXY:
214317502Sae		case SADB_X_EXT_NAT_T_OAI:
215317502Sae		case SADB_X_EXT_NAT_T_OAR:
216317502Sae		case SADB_X_EXT_NEW_ADDRESS_SRC:
217317502Sae		case SADB_X_EXT_NEW_ADDRESS_DST:
218105197Ssam			kdebug_sadb_address(ext);
219105197Ssam			break;
220105197Ssam		case SADB_EXT_KEY_AUTH:
221105197Ssam		case SADB_EXT_KEY_ENCRYPT:
222105197Ssam			kdebug_sadb_key(ext);
223105197Ssam			break;
224105197Ssam		case SADB_EXT_IDENTITY_SRC:
225105197Ssam		case SADB_EXT_IDENTITY_DST:
226105197Ssam			kdebug_sadb_identity(ext);
227105197Ssam			break;
228105197Ssam		case SADB_EXT_SENSITIVITY:
229105197Ssam			break;
230105197Ssam		case SADB_EXT_PROPOSAL:
231105197Ssam			kdebug_sadb_prop(ext);
232105197Ssam			break;
233105197Ssam		case SADB_EXT_SUPPORTED_AUTH:
234105197Ssam		case SADB_EXT_SUPPORTED_ENCRYPT:
235105197Ssam			kdebug_sadb_supported(ext);
236105197Ssam			break;
237105197Ssam		case SADB_EXT_SPIRANGE:
238105197Ssam		case SADB_X_EXT_KMPRIVATE:
239105197Ssam			break;
240105197Ssam		case SADB_X_EXT_POLICY:
241105197Ssam			kdebug_sadb_x_policy(ext);
242105197Ssam			break;
243105197Ssam		case SADB_X_EXT_SA2:
244105197Ssam			kdebug_sadb_x_sa2(ext);
245105197Ssam			break;
246317502Sae		case SADB_X_EXT_SA_REPLAY:
247317502Sae			kdebug_sadb_x_sa_replay(ext);
248317502Sae			break;
249317502Sae		case SADB_X_EXT_NAT_T_TYPE:
250317502Sae		case SADB_X_EXT_NAT_T_SPORT:
251317502Sae		case SADB_X_EXT_NAT_T_DPORT:
252317502Sae			kdebug_sadb_x_natt(ext);
253317502Sae			break;
254105197Ssam		default:
255120585Ssam			printf("%s: invalid ext_type %u\n", __func__,
256105197Ssam			    ext->sadb_ext_type);
257105197Ssam			return;
258105197Ssam		}
259105197Ssam
260105197Ssam		extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
261105197Ssam		tlen -= extlen;
262105197Ssam		ext = (struct sadb_ext *)((caddr_t)ext + extlen);
263105197Ssam	}
264105197Ssam
265105197Ssam	return;
266105197Ssam}
267105197Ssam
268105197Ssamstatic void
269275437Saekdebug_sadb_prop(struct sadb_ext *ext)
270105197Ssam{
271105197Ssam	struct sadb_prop *prop = (struct sadb_prop *)ext;
272105197Ssam	struct sadb_comb *comb;
273105197Ssam	int len;
274105197Ssam
275105197Ssam	/* sanity check */
276105197Ssam	if (ext == NULL)
277120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
278105197Ssam
279105197Ssam	len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop))
280105197Ssam		/ sizeof(*comb);
281105197Ssam	comb = (struct sadb_comb *)(prop + 1);
282105197Ssam	printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay);
283105197Ssam
284105197Ssam	while (len--) {
285105197Ssam		printf("sadb_comb{ auth=%u encrypt=%u "
286105197Ssam			"flags=0x%04x reserved=0x%08x\n",
287105197Ssam			comb->sadb_comb_auth, comb->sadb_comb_encrypt,
288105197Ssam			comb->sadb_comb_flags, comb->sadb_comb_reserved);
289105197Ssam
290105197Ssam		printf("  auth_minbits=%u auth_maxbits=%u "
291105197Ssam			"encrypt_minbits=%u encrypt_maxbits=%u\n",
292105197Ssam			comb->sadb_comb_auth_minbits,
293105197Ssam			comb->sadb_comb_auth_maxbits,
294105197Ssam			comb->sadb_comb_encrypt_minbits,
295105197Ssam			comb->sadb_comb_encrypt_maxbits);
296105197Ssam
297105197Ssam		printf("  soft_alloc=%u hard_alloc=%u "
298105197Ssam			"soft_bytes=%lu hard_bytes=%lu\n",
299105197Ssam			comb->sadb_comb_soft_allocations,
300105197Ssam			comb->sadb_comb_hard_allocations,
301105197Ssam			(unsigned long)comb->sadb_comb_soft_bytes,
302105197Ssam			(unsigned long)comb->sadb_comb_hard_bytes);
303105197Ssam
304105197Ssam		printf("  soft_alloc=%lu hard_alloc=%lu "
305105197Ssam			"soft_bytes=%lu hard_bytes=%lu }\n",
306105197Ssam			(unsigned long)comb->sadb_comb_soft_addtime,
307105197Ssam			(unsigned long)comb->sadb_comb_hard_addtime,
308105197Ssam			(unsigned long)comb->sadb_comb_soft_usetime,
309105197Ssam			(unsigned long)comb->sadb_comb_hard_usetime);
310105197Ssam		comb++;
311105197Ssam	}
312105197Ssam	printf("}\n");
313105197Ssam
314105197Ssam	return;
315105197Ssam}
316105197Ssam
317105197Ssamstatic void
318275437Saekdebug_sadb_identity(struct sadb_ext *ext)
319105197Ssam{
320105197Ssam	struct sadb_ident *id = (struct sadb_ident *)ext;
321105197Ssam	int len;
322105197Ssam
323105197Ssam	/* sanity check */
324105197Ssam	if (ext == NULL)
325120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
326105197Ssam
327105197Ssam	len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id);
328105197Ssam	printf("sadb_ident_%s{",
329105197Ssam	    id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst");
330105197Ssam	switch (id->sadb_ident_type) {
331105197Ssam	default:
332105197Ssam		printf(" type=%d id=%lu",
333105197Ssam			id->sadb_ident_type, (u_long)id->sadb_ident_id);
334105197Ssam		if (len) {
335105197Ssam#ifdef _KERNEL
336105197Ssam			ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
337105197Ssam#else
338105197Ssam			char *p, *ep;
339105197Ssam			printf("\n  str=\"");
340105197Ssam			p = (char *)(id + 1);
341105197Ssam			ep = p + len;
342105197Ssam			for (/*nothing*/; *p && p < ep; p++) {
343105197Ssam				if (isprint(*p))
344105197Ssam					printf("%c", *p & 0xff);
345105197Ssam				else
346105197Ssam					printf("\\%03o", *p & 0xff);
347105197Ssam			}
348105197Ssam#endif
349105197Ssam			printf("\"");
350105197Ssam		}
351105197Ssam		break;
352105197Ssam	}
353105197Ssam
354105197Ssam	printf(" }\n");
355105197Ssam
356105197Ssam	return;
357105197Ssam}
358105197Ssam
359105197Ssamstatic void
360275437Saekdebug_sadb_supported(struct sadb_ext *ext)
361105197Ssam{
362105197Ssam	struct sadb_supported *sup = (struct sadb_supported *)ext;
363105197Ssam	struct sadb_alg *alg;
364105197Ssam	int len;
365105197Ssam
366105197Ssam	/* sanity check */
367105197Ssam	if (ext == NULL)
368120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
369105197Ssam
370105197Ssam	len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup))
371105197Ssam		/ sizeof(*alg);
372105197Ssam	alg = (struct sadb_alg *)(sup + 1);
373105197Ssam	printf("sadb_sup{\n");
374105197Ssam	while (len--) {
375105197Ssam		printf("  { id=%d ivlen=%d min=%d max=%d }\n",
376105197Ssam			alg->sadb_alg_id, alg->sadb_alg_ivlen,
377105197Ssam			alg->sadb_alg_minbits, alg->sadb_alg_maxbits);
378105197Ssam		alg++;
379105197Ssam	}
380105197Ssam	printf("}\n");
381105197Ssam
382105197Ssam	return;
383105197Ssam}
384105197Ssam
385105197Ssamstatic void
386275437Saekdebug_sadb_lifetime(struct sadb_ext *ext)
387105197Ssam{
388105197Ssam	struct sadb_lifetime *lft = (struct sadb_lifetime *)ext;
389105197Ssam
390105197Ssam	/* sanity check */
391105197Ssam	if (ext == NULL)
392176743Sbz		panic("%s: NULL pointer was passed.\n", __func__);
393105197Ssam
394105197Ssam	printf("sadb_lifetime{ alloc=%u, bytes=%u\n",
395105197Ssam		lft->sadb_lifetime_allocations,
396105197Ssam		(u_int32_t)lft->sadb_lifetime_bytes);
397105197Ssam	printf("  addtime=%u, usetime=%u }\n",
398105197Ssam		(u_int32_t)lft->sadb_lifetime_addtime,
399105197Ssam		(u_int32_t)lft->sadb_lifetime_usetime);
400105197Ssam
401105197Ssam	return;
402105197Ssam}
403105197Ssam
404105197Ssamstatic void
405275437Saekdebug_sadb_sa(struct sadb_ext *ext)
406105197Ssam{
407105197Ssam	struct sadb_sa *sa = (struct sadb_sa *)ext;
408105197Ssam
409105197Ssam	/* sanity check */
410105197Ssam	if (ext == NULL)
411120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
412105197Ssam
413105197Ssam	printf("sadb_sa{ spi=%u replay=%u state=%u\n",
414105197Ssam	    (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay,
415105197Ssam	    sa->sadb_sa_state);
416105197Ssam	printf("  auth=%u encrypt=%u flags=0x%08x }\n",
417105197Ssam	    sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags);
418105197Ssam
419105197Ssam	return;
420105197Ssam}
421105197Ssam
422105197Ssamstatic void
423275437Saekdebug_sadb_address(struct sadb_ext *ext)
424105197Ssam{
425105197Ssam	struct sadb_address *addr = (struct sadb_address *)ext;
426105197Ssam
427105197Ssam	/* sanity check */
428105197Ssam	if (ext == NULL)
429120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
430105197Ssam
431105197Ssam	printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n",
432105197Ssam	    addr->sadb_address_proto, addr->sadb_address_prefixlen,
433105197Ssam	    ((u_char *)&addr->sadb_address_reserved)[0],
434105197Ssam	    ((u_char *)&addr->sadb_address_reserved)[1]);
435105197Ssam
436105197Ssam	kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr)));
437105197Ssam}
438105197Ssam
439105197Ssamstatic void
440275437Saekdebug_sadb_key(struct sadb_ext *ext)
441105197Ssam{
442105197Ssam	struct sadb_key *key = (struct sadb_key *)ext;
443105197Ssam
444105197Ssam	/* sanity check */
445105197Ssam	if (ext == NULL)
446120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
447105197Ssam
448105197Ssam	printf("sadb_key{ bits=%u reserved=%u\n",
449105197Ssam	    key->sadb_key_bits, key->sadb_key_reserved);
450105197Ssam	printf("  key=");
451105197Ssam
452105197Ssam	/* sanity check 2 */
453105197Ssam	if ((key->sadb_key_bits >> 3) >
454105197Ssam		(PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) {
455120585Ssam		printf("%s: key length mismatch, bit:%d len:%ld.\n",
456120585Ssam			__func__,
457105197Ssam			key->sadb_key_bits >> 3,
458105197Ssam			(long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key));
459105197Ssam	}
460105197Ssam
461105197Ssam	ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key),
462105197Ssam	              key->sadb_key_bits >> 3);
463105197Ssam	printf(" }\n");
464105197Ssam	return;
465105197Ssam}
466105197Ssam
467105197Ssamstatic void
468275437Saekdebug_sadb_x_sa2(struct sadb_ext *ext)
469105197Ssam{
470105197Ssam	struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext;
471105197Ssam
472105197Ssam	/* sanity check */
473105197Ssam	if (ext == NULL)
474120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
475105197Ssam
476105197Ssam	printf("sadb_x_sa2{ mode=%u reqid=%u\n",
477105197Ssam	    sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid);
478105197Ssam	printf("  reserved1=%u reserved2=%u sequence=%u }\n",
479105197Ssam	    sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2,
480105197Ssam	    sa2->sadb_x_sa2_sequence);
481105197Ssam
482105197Ssam	return;
483105197Ssam}
484105197Ssam
485317502Saestatic void
486317502Saekdebug_sadb_x_sa_replay(struct sadb_ext *ext)
487317502Sae{
488317502Sae	struct sadb_x_sa_replay *replay;
489317502Sae
490317502Sae	/* sanity check */
491317502Sae	if (ext == NULL)
492317502Sae		panic("%s: NULL pointer was passed.\n", __func__);
493317502Sae
494317502Sae	replay = (struct sadb_x_sa_replay *)ext;
495317502Sae	printf("sadb_x_sa_replay{ replay=%u }\n",
496317502Sae	    replay->sadb_x_sa_replay_replay);
497317502Sae}
498317502Sae
499317502Saestatic void
500317502Saekdebug_sadb_x_natt(struct sadb_ext *ext)
501317502Sae{
502317502Sae	struct sadb_x_nat_t_type *type;
503317502Sae	struct sadb_x_nat_t_port *port;
504317502Sae
505317502Sae	/* sanity check */
506317502Sae	if (ext == NULL)
507317502Sae		panic("%s: NULL pointer was passed.\n", __func__);
508317502Sae
509317502Sae	if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) {
510317502Sae		type = (struct sadb_x_nat_t_type *)ext;
511317502Sae		printf("sadb_x_nat_t_type{ type=%u }\n",
512317502Sae		    type->sadb_x_nat_t_type_type);
513317502Sae	} else {
514317502Sae		port = (struct sadb_x_nat_t_port *)ext;
515317502Sae		printf("sadb_x_nat_t_port{ port=%u }\n",
516317502Sae		    ntohs(port->sadb_x_nat_t_port_port));
517317502Sae	}
518317502Sae}
519317502Sae
520105197Ssamvoid
521275437Saekdebug_sadb_x_policy(struct sadb_ext *ext)
522105197Ssam{
523105197Ssam	struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext;
524105197Ssam	struct sockaddr *addr;
525105197Ssam
526105197Ssam	/* sanity check */
527105197Ssam	if (ext == NULL)
528120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
529105197Ssam
530317502Sae	printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n",
531105197Ssam		xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
532317502Sae		xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope,
533317502Sae		xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ?
534317502Sae		"ifindex": "priority", xpl->sadb_x_policy_priority);
535105197Ssam
536105197Ssam	if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
537105197Ssam		int tlen;
538105197Ssam		struct sadb_x_ipsecrequest *xisr;
539105197Ssam
540105197Ssam		tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl);
541105197Ssam		xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
542105197Ssam
543105197Ssam		while (tlen > 0) {
544105197Ssam			printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n",
545105197Ssam				xisr->sadb_x_ipsecrequest_len,
546105197Ssam				xisr->sadb_x_ipsecrequest_proto,
547105197Ssam				xisr->sadb_x_ipsecrequest_mode,
548105197Ssam				xisr->sadb_x_ipsecrequest_level,
549105197Ssam				xisr->sadb_x_ipsecrequest_reqid);
550105197Ssam
551105197Ssam			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
552105197Ssam				addr = (struct sockaddr *)(xisr + 1);
553105197Ssam				kdebug_sockaddr(addr);
554105197Ssam				addr = (struct sockaddr *)((caddr_t)addr
555105197Ssam							+ addr->sa_len);
556105197Ssam				kdebug_sockaddr(addr);
557105197Ssam			}
558105197Ssam
559105197Ssam			printf(" }\n");
560105197Ssam
561105197Ssam			/* prevent infinite loop */
562105197Ssam			if (xisr->sadb_x_ipsecrequest_len <= 0) {
563120585Ssam				printf("%s: wrong policy struct.\n", __func__);
564105197Ssam				return;
565105197Ssam			}
566105197Ssam			/* prevent overflow */
567105197Ssam			if (xisr->sadb_x_ipsecrequest_len > tlen) {
568120585Ssam				printf("%s: invalid ipsec policy length "
569120585Ssam					"(%u > %u)\n", __func__,
570120585Ssam					xisr->sadb_x_ipsecrequest_len, tlen);
571105197Ssam				return;
572105197Ssam			}
573105197Ssam
574105197Ssam			tlen -= xisr->sadb_x_ipsecrequest_len;
575105197Ssam
576105197Ssam			xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
577105197Ssam			                + xisr->sadb_x_ipsecrequest_len);
578105197Ssam		}
579105197Ssam
580105197Ssam		if (tlen != 0)
581120585Ssam			panic("%s: wrong policy struct.\n", __func__);
582105197Ssam	}
583105197Ssam
584105197Ssam	return;
585105197Ssam}
586105197Ssam
587105197Ssam#ifdef _KERNEL
588105197Ssam/* %%%: about SPD and SAD */
589315514Saeconst char*
590315514Saekdebug_secpolicy_state(u_int state)
591105197Ssam{
592105197Ssam
593315514Sae	switch (state) {
594315514Sae	case IPSEC_SPSTATE_DEAD:
595315514Sae		return ("dead");
596315514Sae	case IPSEC_SPSTATE_LARVAL:
597315514Sae		return ("larval");
598315514Sae	case IPSEC_SPSTATE_ALIVE:
599315514Sae		return ("alive");
600315514Sae	case IPSEC_SPSTATE_PCB:
601315514Sae		return ("pcb");
602315514Sae	case IPSEC_SPSTATE_IFNET:
603315514Sae		return ("ifnet");
604315514Sae	}
605315514Sae	return ("unknown");
606315514Sae}
607105197Ssam
608315514Saeconst char*
609315514Saekdebug_secpolicy_policy(u_int policy)
610315514Sae{
611105197Ssam
612315514Sae	switch (policy) {
613105197Ssam	case IPSEC_POLICY_DISCARD:
614315514Sae		return ("discard");
615105197Ssam	case IPSEC_POLICY_NONE:
616315514Sae		return ("none");
617105197Ssam	case IPSEC_POLICY_IPSEC:
618315514Sae		return ("ipsec");
619315514Sae	case IPSEC_POLICY_ENTRUST:
620315514Sae		return ("entrust");
621315514Sae	case IPSEC_POLICY_BYPASS:
622315514Sae		return ("bypass");
623315514Sae	}
624315514Sae	return ("unknown");
625315514Sae}
626105197Ssam
627315514Saeconst char*
628315514Saekdebug_secpolicyindex_dir(u_int dir)
629315514Sae{
630105197Ssam
631315514Sae	switch (dir) {
632315514Sae	case IPSEC_DIR_ANY:
633315514Sae		return ("any");
634315514Sae	case IPSEC_DIR_INBOUND:
635315514Sae		return ("in");
636315514Sae	case IPSEC_DIR_OUTBOUND:
637315514Sae		return ("out");
638105197Ssam	}
639315514Sae	return ("unknown");
640315514Sae}
641105197Ssam
642315514Saeconst char*
643315514Saekdebug_ipsecrequest_level(u_int level)
644315514Sae{
645315514Sae
646315514Sae	switch (level) {
647315514Sae	case IPSEC_LEVEL_DEFAULT:
648315514Sae		return ("default");
649315514Sae	case IPSEC_LEVEL_USE:
650315514Sae		return ("use");
651315514Sae	case IPSEC_LEVEL_REQUIRE:
652315514Sae		return ("require");
653315514Sae	case IPSEC_LEVEL_UNIQUE:
654315514Sae		return ("unique");
655315514Sae	}
656315514Sae	return ("unknown");
657105197Ssam}
658105197Ssam
659315514Saeconst char*
660315514Saekdebug_secasindex_mode(u_int mode)
661105197Ssam{
662298536Sae
663315514Sae	switch (mode) {
664315514Sae	case IPSEC_MODE_ANY:
665315514Sae		return ("any");
666315514Sae	case IPSEC_MODE_TRANSPORT:
667315514Sae		return ("transport");
668315514Sae	case IPSEC_MODE_TUNNEL:
669315514Sae		return ("tunnel");
670315514Sae	case IPSEC_MODE_TCPMD5:
671315514Sae		return ("tcp-md5");
672315514Sae	}
673315514Sae	return ("unknown");
674315514Sae}
675105197Ssam
676315514Saeconst char*
677315514Saekdebug_secasv_state(u_int state)
678315514Sae{
679105197Ssam
680315514Sae	switch (state) {
681315514Sae	case SADB_SASTATE_LARVAL:
682315514Sae		return ("larval");
683315514Sae	case SADB_SASTATE_MATURE:
684315514Sae		return ("mature");
685315514Sae	case SADB_SASTATE_DYING:
686315514Sae		return ("dying");
687315514Sae	case SADB_SASTATE_DEAD:
688315514Sae		return ("dead");
689315514Sae	}
690315514Sae	return ("unknown");
691105197Ssam}
692105197Ssam
693315514Saestatic char*
694315514Saekdebug_port2str(const struct sockaddr *sa, char *buf, size_t len)
695105197Ssam{
696315514Sae	uint16_t port;
697298536Sae
698315514Sae	IPSEC_ASSERT(sa != NULL, ("null sa"));
699315514Sae	switch (sa->sa_family) {
700315514Sae#ifdef INET
701315514Sae	case AF_INET:
702315514Sae		port = ntohs(((const struct sockaddr_in *)sa)->sin_port);
703315514Sae		break;
704315514Sae#endif
705315514Sae#ifdef INET6
706315514Sae	case AF_INET6:
707315514Sae		port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port);
708315514Sae		break;
709315514Sae#endif
710315514Sae	default:
711315514Sae		port = 0;
712315514Sae	}
713315514Sae	if (port == 0)
714315514Sae		return ("*");
715315514Sae	snprintf(buf, len, "%u", port);
716315514Sae	return (buf);
717315514Sae}
718105197Ssam
719315514Saevoid
720315514Saekdebug_secpolicy(struct secpolicy *sp)
721315514Sae{
722315514Sae	u_int idx;
723105197Ssam
724315514Sae	IPSEC_ASSERT(sp != NULL, ("null sp"));
725315514Sae	printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n",
726315514Sae	    sp->refcnt, sp->id, sp->priority,
727315514Sae	    kdebug_secpolicy_state(sp->state),
728315514Sae	    kdebug_secpolicy_policy(sp->policy));
729315514Sae	kdebug_secpolicyindex(&sp->spidx, "  ");
730315514Sae	for (idx = 0; idx < sp->tcount; idx++) {
731315514Sae		printf("  req[%u]{ level=%s ", idx,
732315514Sae		    kdebug_ipsecrequest_level(sp->req[idx]->level));
733315514Sae		kdebug_secasindex(&sp->req[idx]->saidx, NULL);
734315514Sae		printf("  }\n");
735315514Sae	}
736315514Sae	printf("}\n");
737105197Ssam}
738105197Ssam
739315514Saevoid
740315514Saekdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent)
741176743Sbz{
742315514Sae	char buf[IPSEC_ADDRSTRLEN];
743176743Sbz
744315514Sae	IPSEC_ASSERT(spidx != NULL, ("null spidx"));
745315514Sae	if (indent != NULL)
746315514Sae		printf("%s", indent);
747315514Sae	printf("spidx { dir=%s ul_proto=",
748315514Sae	    kdebug_secpolicyindex_dir(spidx->dir));
749315514Sae	if (spidx->ul_proto == IPSEC_ULPROTO_ANY)
750315514Sae		printf("* ");
751315514Sae	else
752315514Sae		printf("%u ", spidx->ul_proto);
753315514Sae	printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)),
754315514Sae	    spidx->prefs);
755315514Sae	printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)),
756315514Sae	    spidx->prefd);
757176743Sbz}
758176743Sbz
759105197Ssamvoid
760315514Saekdebug_secasindex(const struct secasindex *saidx, const char *indent)
761105197Ssam{
762315514Sae	char buf[IPSEC_ADDRSTRLEN], port[6];
763105197Ssam
764315514Sae	IPSEC_ASSERT(saidx != NULL, ("null saidx"));
765315514Sae	if (indent != NULL)
766315514Sae		printf("%s", indent);
767315514Sae	printf("saidx { mode=%s proto=%u reqid=%u ",
768315514Sae	    kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid);
769315514Sae	printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)),
770315514Sae	    kdebug_port2str(&saidx->src.sa, port, sizeof(port)));
771315514Sae	printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)),
772315514Sae	    kdebug_port2str(&saidx->dst.sa, port, sizeof(port)));
773315514Sae}
774105197Ssam
775315514Saestatic void
776315514Saekdebug_sec_lifetime(struct seclifetime *lft, const char *indent)
777315514Sae{
778105197Ssam
779315514Sae	IPSEC_ASSERT(lft != NULL, ("null lft"));
780315514Sae	if (indent != NULL)
781315514Sae		printf("%s", indent);
782315514Sae	printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n",
783315514Sae	    lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime,
784315514Sae	    (uintmax_t)lft->usetime);
785315514Sae}
786105197Ssam
787315514Saevoid
788315514Saekdebug_secash(struct secashead *sah, const char *indent)
789315514Sae{
790105197Ssam
791315514Sae	IPSEC_ASSERT(sah != NULL, ("null sah"));
792315514Sae	if (indent != NULL)
793315514Sae		printf("%s", indent);
794315514Sae	printf("SAH { refcnt=%u state=%s\n", sah->refcnt,
795315514Sae	    kdebug_secasv_state(sah->state));
796315514Sae	if (indent != NULL)
797315514Sae		printf("%s", indent);
798315514Sae	kdebug_secasindex(&sah->saidx, indent);
799315514Sae	if (indent != NULL)
800315514Sae		printf("%s", indent);
801315514Sae	printf("}\n");
802105197Ssam}
803105197Ssam
804319599Sae#ifdef IPSEC_DEBUG
805105197Ssamstatic void
806275437Saekdebug_secreplay(struct secreplay *rpl)
807105197Ssam{
808105197Ssam	int len, l;
809105197Ssam
810315514Sae	IPSEC_ASSERT(rpl != NULL, ("null rpl"));
811315514Sae	printf(" secreplay{ count=%u bitmap_size=%u wsize=%u seq=%u lastseq=%u",
812315514Sae	    rpl->count, rpl->bitmap_size, rpl->wsize, rpl->seq, rpl->lastseq);
813105197Ssam
814105197Ssam	if (rpl->bitmap == NULL) {
815315514Sae		printf("  }\n");
816105197Ssam		return;
817105197Ssam	}
818105197Ssam
819315514Sae	printf("\n    bitmap { ");
820315514Sae	for (len = 0; len < rpl->bitmap_size*4; len++) {
821105197Ssam		for (l = 7; l >= 0; l--)
822105197Ssam			printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0);
823105197Ssam	}
824315514Sae	printf("    }\n");
825315514Sae}
826319599Sae#endif /* IPSEC_DEBUG */
827105197Ssam
828315514Saestatic void
829315514Saekdebug_secnatt(struct secnatt *natt)
830315514Sae{
831315514Sae	char buf[IPSEC_ADDRSTRLEN];
832315514Sae
833315514Sae	IPSEC_ASSERT(natt != NULL, ("null natt"));
834315514Sae	printf("  natt{ sport=%u dport=%u ", ntohs(natt->sport),
835315514Sae	    ntohs(natt->dport));
836315514Sae	if (natt->flags & IPSEC_NATT_F_OAI)
837315514Sae		printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf)));
838315514Sae	if (natt->flags & IPSEC_NATT_F_OAR)
839315514Sae		printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf)));
840315514Sae	printf("}\n");
841105197Ssam}
842105197Ssam
843105197Ssamvoid
844315514Saekdebug_secasv(struct secasvar *sav)
845315514Sae{
846315514Sae	struct seclifetime lft_c;
847315514Sae
848315514Sae	IPSEC_ASSERT(sav != NULL, ("null sav"));
849315514Sae
850315514Sae	printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n",
851315514Sae	    sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid,
852315514Sae	    sav->flags, kdebug_secasv_state(sav->state));
853315514Sae	kdebug_secash(sav->sah, "  ");
854315514Sae
855315514Sae	lft_c.addtime = sav->created;
856315514Sae	lft_c.allocations = (uint32_t)counter_u64_fetch(
857315514Sae	    sav->lft_c_allocations);
858315514Sae	lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes);
859315514Sae	lft_c.usetime = sav->firstused;
860315514Sae	kdebug_sec_lifetime(&lft_c, "  c_");
861315514Sae	if (sav->lft_h != NULL)
862315514Sae		kdebug_sec_lifetime(sav->lft_h, "  h_");
863315514Sae	if (sav->lft_s != NULL)
864315514Sae		kdebug_sec_lifetime(sav->lft_s, "  s_");
865315514Sae
866315514Sae	if (sav->tdb_authalgxform != NULL)
867315514Sae		printf("  alg_auth=%s\n", sav->tdb_authalgxform->name);
868315514Sae	if (sav->key_auth != NULL)
869315514Sae		KEYDBG(DUMP,
870315514Sae		    kdebug_sadb_key((struct sadb_ext *)sav->key_auth));
871315514Sae	if (sav->tdb_encalgxform != NULL)
872315514Sae		printf("  alg_enc=%s\n", sav->tdb_encalgxform->name);
873315514Sae	if (sav->key_enc != NULL)
874315514Sae		KEYDBG(DUMP,
875315514Sae		    kdebug_sadb_key((struct sadb_ext *)sav->key_enc));
876315514Sae	if (sav->natt != NULL)
877315514Sae		kdebug_secnatt(sav->natt);
878315514Sae	if (sav->replay != NULL) {
879315514Sae		KEYDBG(DUMP,
880315514Sae		    SECASVAR_LOCK(sav);
881315514Sae		    kdebug_secreplay(sav->replay);
882315514Sae		    SECASVAR_UNLOCK(sav));
883315514Sae	}
884315514Sae	printf("}\n");
885315514Sae}
886315514Sae
887315514Saevoid
888298398Saekdebug_mbufhdr(const struct mbuf *m)
889105197Ssam{
890105197Ssam	/* sanity check */
891105197Ssam	if (m == NULL)
892105197Ssam		return;
893105197Ssam
894105197Ssam	printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
895105197Ssam	       "m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
896105197Ssam		m, m->m_next, m->m_nextpkt, m->m_data,
897105197Ssam		m->m_len, m->m_type, m->m_flags);
898105197Ssam
899105197Ssam	if (m->m_flags & M_PKTHDR) {
900105197Ssam		printf("  m_pkthdr{ len:%d rcvif:%p }\n",
901105197Ssam		    m->m_pkthdr.len, m->m_pkthdr.rcvif);
902105197Ssam	}
903105197Ssam
904105197Ssam	if (m->m_flags & M_EXT) {
905105197Ssam		printf("  m_ext{ ext_buf:%p ext_free:%p "
906268530Sglebius		       "ext_size:%u ext_cnt:%p }\n",
907105197Ssam			m->m_ext.ext_buf, m->m_ext.ext_free,
908268530Sglebius			m->m_ext.ext_size, m->m_ext.ext_cnt);
909105197Ssam	}
910105197Ssam
911105197Ssam	return;
912105197Ssam}
913105197Ssam
914105197Ssamvoid
915298398Saekdebug_mbuf(const struct mbuf *m0)
916105197Ssam{
917298398Sae	const struct mbuf *m = m0;
918105197Ssam	int i, j;
919105197Ssam
920105197Ssam	for (j = 0; m; m = m->m_next) {
921105197Ssam		kdebug_mbufhdr(m);
922105197Ssam		printf("  m_data:\n");
923105197Ssam		for (i = 0; i < m->m_len; i++) {
924105197Ssam			if (i && i % 32 == 0)
925105197Ssam				printf("\n");
926105197Ssam			if (i % 4 == 0)
927105197Ssam				printf(" ");
928298398Sae			printf("%02x", mtod(m, const u_char *)[i]);
929105197Ssam			j++;
930105197Ssam		}
931105197Ssam		printf("\n");
932105197Ssam	}
933105197Ssam
934105197Ssam	return;
935105197Ssam}
936315514Sae
937315514Sae/* Return a printable string for the address. */
938315514Saechar *
939315514Saeipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size)
940315514Sae{
941315514Sae
942315514Sae	switch (sa->sa.sa_family) {
943315514Sae#ifdef INET
944315514Sae	case AF_INET:
945315514Sae		return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size));
946315514Sae#endif /* INET */
947315514Sae#ifdef INET6
948315514Sae	case AF_INET6:
949315514Sae		if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) {
950315514Sae			snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6,
951315514Sae			    &sa->sin6.sin6_addr, buf, size),
952315514Sae			    sa->sin6.sin6_scope_id);
953315514Sae			return (buf);
954315514Sae		} else
955315514Sae			return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr,
956315514Sae			    buf, size));
957315514Sae#endif /* INET6 */
958315514Sae	case 0:
959315514Sae		return ("*");
960315514Sae	default:
961315514Sae		return ("(unknown address family)");
962315514Sae	}
963315514Sae}
964315514Sae
965315514Saechar *
966315514Saeipsec_sa2str(struct secasvar *sav, char *buf, size_t size)
967315514Sae{
968315514Sae	char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
969315514Sae
970315514Sae	snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)",
971315514Sae	    (u_long)ntohl(sav->spi),
972315514Sae	    ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)),
973315514Sae	    ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf)));
974315514Sae	return (buf);
975315514Sae}
976315514Sae
977105197Ssam#endif /* _KERNEL */
978105197Ssam
979105197Ssamvoid
980275437Saekdebug_sockaddr(struct sockaddr *addr)
981105197Ssam{
982317502Sae	char buf[IPSEC_ADDRSTRLEN];
983105197Ssam
984105197Ssam	/* sanity check */
985105197Ssam	if (addr == NULL)
986120585Ssam		panic("%s: NULL pointer was passed.\n", __func__);
987105197Ssam
988317502Sae	switch (addr->sa_family) {
989317502Sae#ifdef INET
990317502Sae	case AF_INET: {
991317502Sae		struct sockaddr_in *sin;
992105197Ssam
993317502Sae		sin = (struct sockaddr_in *)addr;
994317502Sae		inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf));
995105197Ssam		break;
996317502Sae	}
997317502Sae#endif
998105197Ssam#ifdef INET6
999317502Sae	case AF_INET6: {
1000317502Sae		struct sockaddr_in6 *sin6;
1001317502Sae
1002105197Ssam		sin6 = (struct sockaddr_in6 *)addr;
1003317502Sae		if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
1004317502Sae			snprintf(buf, sizeof(buf), "%s%%%u",
1005317502Sae			    inet_ntop(AF_INET6, &sin6->sin6_addr, buf,
1006317502Sae			    sizeof(buf)), sin6->sin6_scope_id);
1007317502Sae		} else
1008317502Sae			inet_ntop(AF_INET6, &sin6->sin6_addr, buf,
1009317502Sae			    sizeof(buf));
1010105197Ssam		break;
1011317502Sae	}
1012105197Ssam#endif
1013317502Sae	default:
1014317502Sae		sprintf(buf, "unknown");
1015105197Ssam	}
1016317502Sae	printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len,
1017317502Sae	    addr->sa_family, buf);
1018105197Ssam}
1019105197Ssam
1020105197Ssamvoid
1021275437Saeipsec_bindump(caddr_t buf, int len)
1022105197Ssam{
1023105197Ssam	int i;
1024105197Ssam
1025105197Ssam	for (i = 0; i < len; i++)
1026105197Ssam		printf("%c", (unsigned char)buf[i]);
1027105197Ssam
1028105197Ssam	return;
1029105197Ssam}
1030105197Ssam
1031105197Ssam
1032105197Ssamvoid
1033275437Saeipsec_hexdump(caddr_t buf, int len)
1034105197Ssam{
1035105197Ssam	int i;
1036105197Ssam
1037105197Ssam	for (i = 0; i < len; i++) {
1038105197Ssam		if (i != 0 && i % 32 == 0) printf("\n");
1039105197Ssam		if (i % 4 == 0) printf(" ");
1040105197Ssam		printf("%02x", (unsigned char)buf[i]);
1041105197Ssam	}
1042105197Ssam#if 0
1043105197Ssam	if (i % 32 != 0) printf("\n");
1044105197Ssam#endif
1045105197Ssam
1046105197Ssam	return;
1047105197Ssam}
1048