key_debug.c revision 176743
1105197Ssam/* $FreeBSD: head/sys/netipsec/key_debug.c 176743 2008-03-02 17:12:28Z bz $ */ 2105197Ssam/* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3105197Ssam 4139823Simp/*- 5105197Ssam * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6105197Ssam * All rights reserved. 7105197Ssam * 8105197Ssam * Redistribution and use in source and binary forms, with or without 9105197Ssam * modification, are permitted provided that the following conditions 10105197Ssam * are met: 11105197Ssam * 1. Redistributions of source code must retain the above copyright 12105197Ssam * notice, this list of conditions and the following disclaimer. 13105197Ssam * 2. Redistributions in binary form must reproduce the above copyright 14105197Ssam * notice, this list of conditions and the following disclaimer in the 15105197Ssam * documentation and/or other materials provided with the distribution. 16105197Ssam * 3. Neither the name of the project nor the names of its contributors 17105197Ssam * may be used to endorse or promote products derived from this software 18105197Ssam * without specific prior written permission. 19105197Ssam * 20105197Ssam * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21105197Ssam * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22105197Ssam * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23105197Ssam * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24105197Ssam * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25105197Ssam * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26105197Ssam * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27105197Ssam * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28105197Ssam * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29105197Ssam * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30105197Ssam * SUCH DAMAGE. 31105197Ssam */ 32105197Ssam 33105197Ssam#ifdef _KERNEL 34105197Ssam#include "opt_inet.h" 35105197Ssam#include "opt_inet6.h" 36105197Ssam#include "opt_ipsec.h" 37105197Ssam#endif 38105197Ssam 39105197Ssam#include <sys/types.h> 40105197Ssam#include <sys/param.h> 41105197Ssam#ifdef _KERNEL 42105197Ssam#include <sys/systm.h> 43105197Ssam#include <sys/mbuf.h> 44105197Ssam#include <sys/queue.h> 45105197Ssam#endif 46105197Ssam#include <sys/socket.h> 47105197Ssam 48105197Ssam#include <net/route.h> 49105197Ssam 50105197Ssam#include <netipsec/key_var.h> 51105197Ssam#include <netipsec/key_debug.h> 52105197Ssam 53105197Ssam#include <netinet/in.h> 54105197Ssam#include <netipsec/ipsec.h> 55176743Sbz#ifdef _KERNEL 56176743Sbz#include <netipsec/keydb.h> 57176743Sbz#endif 58105197Ssam 59105197Ssam#ifndef _KERNEL 60105197Ssam#include <ctype.h> 61105197Ssam#include <stdio.h> 62105197Ssam#include <stdlib.h> 63105197Ssam#endif /* !_KERNEL */ 64105197Ssam 65105197Ssamstatic void kdebug_sadb_prop __P((struct sadb_ext *)); 66105197Ssamstatic void kdebug_sadb_identity __P((struct sadb_ext *)); 67105197Ssamstatic void kdebug_sadb_supported __P((struct sadb_ext *)); 68105197Ssamstatic void kdebug_sadb_lifetime __P((struct sadb_ext *)); 69105197Ssamstatic void kdebug_sadb_sa __P((struct sadb_ext *)); 70105197Ssamstatic void kdebug_sadb_address __P((struct sadb_ext *)); 71105197Ssamstatic void kdebug_sadb_key __P((struct sadb_ext *)); 72105197Ssamstatic void kdebug_sadb_x_sa2 __P((struct sadb_ext *)); 73105197Ssam 74105197Ssam#ifdef _KERNEL 75105197Ssamstatic void kdebug_secreplay __P((struct secreplay *)); 76105197Ssam#endif 77105197Ssam 78105197Ssam#ifndef _KERNEL 79171133Sgnn#define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 80105197Ssam#endif 81105197Ssam 82105197Ssam/* NOTE: host byte order */ 83105197Ssam 84105197Ssam/* %%%: about struct sadb_msg */ 85105197Ssamvoid 86105197Ssamkdebug_sadb(base) 87105197Ssam struct sadb_msg *base; 88105197Ssam{ 89105197Ssam struct sadb_ext *ext; 90105197Ssam int tlen, extlen; 91105197Ssam 92105197Ssam /* sanity check */ 93105197Ssam if (base == NULL) 94120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 95105197Ssam 96105197Ssam printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n", 97105197Ssam base->sadb_msg_version, base->sadb_msg_type, 98105197Ssam base->sadb_msg_errno, base->sadb_msg_satype); 99105197Ssam printf(" len=%u reserved=%u seq=%u pid=%u\n", 100105197Ssam base->sadb_msg_len, base->sadb_msg_reserved, 101105197Ssam base->sadb_msg_seq, base->sadb_msg_pid); 102105197Ssam 103105197Ssam tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 104105197Ssam ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 105105197Ssam 106105197Ssam while (tlen > 0) { 107105197Ssam printf("sadb_ext{ len=%u type=%u }\n", 108105197Ssam ext->sadb_ext_len, ext->sadb_ext_type); 109105197Ssam 110105197Ssam if (ext->sadb_ext_len == 0) { 111120585Ssam printf("%s: invalid ext_len=0 was passed.\n", __func__); 112105197Ssam return; 113105197Ssam } 114105197Ssam if (ext->sadb_ext_len > tlen) { 115120585Ssam printf("%s: ext_len too big (%u > %u).\n", 116120585Ssam __func__, ext->sadb_ext_len, tlen); 117105197Ssam return; 118105197Ssam } 119105197Ssam 120105197Ssam switch (ext->sadb_ext_type) { 121105197Ssam case SADB_EXT_SA: 122105197Ssam kdebug_sadb_sa(ext); 123105197Ssam break; 124105197Ssam case SADB_EXT_LIFETIME_CURRENT: 125105197Ssam case SADB_EXT_LIFETIME_HARD: 126105197Ssam case SADB_EXT_LIFETIME_SOFT: 127105197Ssam kdebug_sadb_lifetime(ext); 128105197Ssam break; 129105197Ssam case SADB_EXT_ADDRESS_SRC: 130105197Ssam case SADB_EXT_ADDRESS_DST: 131105197Ssam case SADB_EXT_ADDRESS_PROXY: 132105197Ssam kdebug_sadb_address(ext); 133105197Ssam break; 134105197Ssam case SADB_EXT_KEY_AUTH: 135105197Ssam case SADB_EXT_KEY_ENCRYPT: 136105197Ssam kdebug_sadb_key(ext); 137105197Ssam break; 138105197Ssam case SADB_EXT_IDENTITY_SRC: 139105197Ssam case SADB_EXT_IDENTITY_DST: 140105197Ssam kdebug_sadb_identity(ext); 141105197Ssam break; 142105197Ssam case SADB_EXT_SENSITIVITY: 143105197Ssam break; 144105197Ssam case SADB_EXT_PROPOSAL: 145105197Ssam kdebug_sadb_prop(ext); 146105197Ssam break; 147105197Ssam case SADB_EXT_SUPPORTED_AUTH: 148105197Ssam case SADB_EXT_SUPPORTED_ENCRYPT: 149105197Ssam kdebug_sadb_supported(ext); 150105197Ssam break; 151105197Ssam case SADB_EXT_SPIRANGE: 152105197Ssam case SADB_X_EXT_KMPRIVATE: 153105197Ssam break; 154105197Ssam case SADB_X_EXT_POLICY: 155105197Ssam kdebug_sadb_x_policy(ext); 156105197Ssam break; 157105197Ssam case SADB_X_EXT_SA2: 158105197Ssam kdebug_sadb_x_sa2(ext); 159105197Ssam break; 160105197Ssam default: 161120585Ssam printf("%s: invalid ext_type %u\n", __func__, 162105197Ssam ext->sadb_ext_type); 163105197Ssam return; 164105197Ssam } 165105197Ssam 166105197Ssam extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 167105197Ssam tlen -= extlen; 168105197Ssam ext = (struct sadb_ext *)((caddr_t)ext + extlen); 169105197Ssam } 170105197Ssam 171105197Ssam return; 172105197Ssam} 173105197Ssam 174105197Ssamstatic void 175105197Ssamkdebug_sadb_prop(ext) 176105197Ssam struct sadb_ext *ext; 177105197Ssam{ 178105197Ssam struct sadb_prop *prop = (struct sadb_prop *)ext; 179105197Ssam struct sadb_comb *comb; 180105197Ssam int len; 181105197Ssam 182105197Ssam /* sanity check */ 183105197Ssam if (ext == NULL) 184120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 185105197Ssam 186105197Ssam len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 187105197Ssam / sizeof(*comb); 188105197Ssam comb = (struct sadb_comb *)(prop + 1); 189105197Ssam printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 190105197Ssam 191105197Ssam while (len--) { 192105197Ssam printf("sadb_comb{ auth=%u encrypt=%u " 193105197Ssam "flags=0x%04x reserved=0x%08x\n", 194105197Ssam comb->sadb_comb_auth, comb->sadb_comb_encrypt, 195105197Ssam comb->sadb_comb_flags, comb->sadb_comb_reserved); 196105197Ssam 197105197Ssam printf(" auth_minbits=%u auth_maxbits=%u " 198105197Ssam "encrypt_minbits=%u encrypt_maxbits=%u\n", 199105197Ssam comb->sadb_comb_auth_minbits, 200105197Ssam comb->sadb_comb_auth_maxbits, 201105197Ssam comb->sadb_comb_encrypt_minbits, 202105197Ssam comb->sadb_comb_encrypt_maxbits); 203105197Ssam 204105197Ssam printf(" soft_alloc=%u hard_alloc=%u " 205105197Ssam "soft_bytes=%lu hard_bytes=%lu\n", 206105197Ssam comb->sadb_comb_soft_allocations, 207105197Ssam comb->sadb_comb_hard_allocations, 208105197Ssam (unsigned long)comb->sadb_comb_soft_bytes, 209105197Ssam (unsigned long)comb->sadb_comb_hard_bytes); 210105197Ssam 211105197Ssam printf(" soft_alloc=%lu hard_alloc=%lu " 212105197Ssam "soft_bytes=%lu hard_bytes=%lu }\n", 213105197Ssam (unsigned long)comb->sadb_comb_soft_addtime, 214105197Ssam (unsigned long)comb->sadb_comb_hard_addtime, 215105197Ssam (unsigned long)comb->sadb_comb_soft_usetime, 216105197Ssam (unsigned long)comb->sadb_comb_hard_usetime); 217105197Ssam comb++; 218105197Ssam } 219105197Ssam printf("}\n"); 220105197Ssam 221105197Ssam return; 222105197Ssam} 223105197Ssam 224105197Ssamstatic void 225105197Ssamkdebug_sadb_identity(ext) 226105197Ssam struct sadb_ext *ext; 227105197Ssam{ 228105197Ssam struct sadb_ident *id = (struct sadb_ident *)ext; 229105197Ssam int len; 230105197Ssam 231105197Ssam /* sanity check */ 232105197Ssam if (ext == NULL) 233120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 234105197Ssam 235105197Ssam len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 236105197Ssam printf("sadb_ident_%s{", 237105197Ssam id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 238105197Ssam switch (id->sadb_ident_type) { 239105197Ssam default: 240105197Ssam printf(" type=%d id=%lu", 241105197Ssam id->sadb_ident_type, (u_long)id->sadb_ident_id); 242105197Ssam if (len) { 243105197Ssam#ifdef _KERNEL 244105197Ssam ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 245105197Ssam#else 246105197Ssam char *p, *ep; 247105197Ssam printf("\n str=\""); 248105197Ssam p = (char *)(id + 1); 249105197Ssam ep = p + len; 250105197Ssam for (/*nothing*/; *p && p < ep; p++) { 251105197Ssam if (isprint(*p)) 252105197Ssam printf("%c", *p & 0xff); 253105197Ssam else 254105197Ssam printf("\\%03o", *p & 0xff); 255105197Ssam } 256105197Ssam#endif 257105197Ssam printf("\""); 258105197Ssam } 259105197Ssam break; 260105197Ssam } 261105197Ssam 262105197Ssam printf(" }\n"); 263105197Ssam 264105197Ssam return; 265105197Ssam} 266105197Ssam 267105197Ssamstatic void 268105197Ssamkdebug_sadb_supported(ext) 269105197Ssam struct sadb_ext *ext; 270105197Ssam{ 271105197Ssam struct sadb_supported *sup = (struct sadb_supported *)ext; 272105197Ssam struct sadb_alg *alg; 273105197Ssam int len; 274105197Ssam 275105197Ssam /* sanity check */ 276105197Ssam if (ext == NULL) 277120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 278105197Ssam 279105197Ssam len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 280105197Ssam / sizeof(*alg); 281105197Ssam alg = (struct sadb_alg *)(sup + 1); 282105197Ssam printf("sadb_sup{\n"); 283105197Ssam while (len--) { 284105197Ssam printf(" { id=%d ivlen=%d min=%d max=%d }\n", 285105197Ssam alg->sadb_alg_id, alg->sadb_alg_ivlen, 286105197Ssam alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 287105197Ssam alg++; 288105197Ssam } 289105197Ssam printf("}\n"); 290105197Ssam 291105197Ssam return; 292105197Ssam} 293105197Ssam 294105197Ssamstatic void 295105197Ssamkdebug_sadb_lifetime(ext) 296105197Ssam struct sadb_ext *ext; 297105197Ssam{ 298105197Ssam struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 299105197Ssam 300105197Ssam /* sanity check */ 301105197Ssam if (ext == NULL) 302176743Sbz panic("%s: NULL pointer was passed.\n", __func__); 303105197Ssam 304105197Ssam printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 305105197Ssam lft->sadb_lifetime_allocations, 306105197Ssam (u_int32_t)lft->sadb_lifetime_bytes); 307105197Ssam printf(" addtime=%u, usetime=%u }\n", 308105197Ssam (u_int32_t)lft->sadb_lifetime_addtime, 309105197Ssam (u_int32_t)lft->sadb_lifetime_usetime); 310105197Ssam 311105197Ssam return; 312105197Ssam} 313105197Ssam 314105197Ssamstatic void 315105197Ssamkdebug_sadb_sa(ext) 316105197Ssam struct sadb_ext *ext; 317105197Ssam{ 318105197Ssam struct sadb_sa *sa = (struct sadb_sa *)ext; 319105197Ssam 320105197Ssam /* sanity check */ 321105197Ssam if (ext == NULL) 322120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 323105197Ssam 324105197Ssam printf("sadb_sa{ spi=%u replay=%u state=%u\n", 325105197Ssam (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 326105197Ssam sa->sadb_sa_state); 327105197Ssam printf(" auth=%u encrypt=%u flags=0x%08x }\n", 328105197Ssam sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 329105197Ssam 330105197Ssam return; 331105197Ssam} 332105197Ssam 333105197Ssamstatic void 334105197Ssamkdebug_sadb_address(ext) 335105197Ssam struct sadb_ext *ext; 336105197Ssam{ 337105197Ssam struct sadb_address *addr = (struct sadb_address *)ext; 338105197Ssam 339105197Ssam /* sanity check */ 340105197Ssam if (ext == NULL) 341120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 342105197Ssam 343105197Ssam printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 344105197Ssam addr->sadb_address_proto, addr->sadb_address_prefixlen, 345105197Ssam ((u_char *)&addr->sadb_address_reserved)[0], 346105197Ssam ((u_char *)&addr->sadb_address_reserved)[1]); 347105197Ssam 348105197Ssam kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 349105197Ssam 350105197Ssam return; 351105197Ssam} 352105197Ssam 353105197Ssamstatic void 354105197Ssamkdebug_sadb_key(ext) 355105197Ssam struct sadb_ext *ext; 356105197Ssam{ 357105197Ssam struct sadb_key *key = (struct sadb_key *)ext; 358105197Ssam 359105197Ssam /* sanity check */ 360105197Ssam if (ext == NULL) 361120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 362105197Ssam 363105197Ssam printf("sadb_key{ bits=%u reserved=%u\n", 364105197Ssam key->sadb_key_bits, key->sadb_key_reserved); 365105197Ssam printf(" key="); 366105197Ssam 367105197Ssam /* sanity check 2 */ 368105197Ssam if ((key->sadb_key_bits >> 3) > 369105197Ssam (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 370120585Ssam printf("%s: key length mismatch, bit:%d len:%ld.\n", 371120585Ssam __func__, 372105197Ssam key->sadb_key_bits >> 3, 373105197Ssam (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 374105197Ssam } 375105197Ssam 376105197Ssam ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 377105197Ssam key->sadb_key_bits >> 3); 378105197Ssam printf(" }\n"); 379105197Ssam return; 380105197Ssam} 381105197Ssam 382105197Ssamstatic void 383105197Ssamkdebug_sadb_x_sa2(ext) 384105197Ssam struct sadb_ext *ext; 385105197Ssam{ 386105197Ssam struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 387105197Ssam 388105197Ssam /* sanity check */ 389105197Ssam if (ext == NULL) 390120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 391105197Ssam 392105197Ssam printf("sadb_x_sa2{ mode=%u reqid=%u\n", 393105197Ssam sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 394105197Ssam printf(" reserved1=%u reserved2=%u sequence=%u }\n", 395105197Ssam sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 396105197Ssam sa2->sadb_x_sa2_sequence); 397105197Ssam 398105197Ssam return; 399105197Ssam} 400105197Ssam 401105197Ssamvoid 402105197Ssamkdebug_sadb_x_policy(ext) 403105197Ssam struct sadb_ext *ext; 404105197Ssam{ 405105197Ssam struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 406105197Ssam struct sockaddr *addr; 407105197Ssam 408105197Ssam /* sanity check */ 409105197Ssam if (ext == NULL) 410120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 411105197Ssam 412105197Ssam printf("sadb_x_policy{ type=%u dir=%u id=%x }\n", 413105197Ssam xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 414105197Ssam xpl->sadb_x_policy_id); 415105197Ssam 416105197Ssam if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 417105197Ssam int tlen; 418105197Ssam struct sadb_x_ipsecrequest *xisr; 419105197Ssam 420105197Ssam tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 421105197Ssam xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 422105197Ssam 423105197Ssam while (tlen > 0) { 424105197Ssam printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 425105197Ssam xisr->sadb_x_ipsecrequest_len, 426105197Ssam xisr->sadb_x_ipsecrequest_proto, 427105197Ssam xisr->sadb_x_ipsecrequest_mode, 428105197Ssam xisr->sadb_x_ipsecrequest_level, 429105197Ssam xisr->sadb_x_ipsecrequest_reqid); 430105197Ssam 431105197Ssam if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 432105197Ssam addr = (struct sockaddr *)(xisr + 1); 433105197Ssam kdebug_sockaddr(addr); 434105197Ssam addr = (struct sockaddr *)((caddr_t)addr 435105197Ssam + addr->sa_len); 436105197Ssam kdebug_sockaddr(addr); 437105197Ssam } 438105197Ssam 439105197Ssam printf(" }\n"); 440105197Ssam 441105197Ssam /* prevent infinite loop */ 442105197Ssam if (xisr->sadb_x_ipsecrequest_len <= 0) { 443120585Ssam printf("%s: wrong policy struct.\n", __func__); 444105197Ssam return; 445105197Ssam } 446105197Ssam /* prevent overflow */ 447105197Ssam if (xisr->sadb_x_ipsecrequest_len > tlen) { 448120585Ssam printf("%s: invalid ipsec policy length " 449120585Ssam "(%u > %u)\n", __func__, 450120585Ssam xisr->sadb_x_ipsecrequest_len, tlen); 451105197Ssam return; 452105197Ssam } 453105197Ssam 454105197Ssam tlen -= xisr->sadb_x_ipsecrequest_len; 455105197Ssam 456105197Ssam xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 457105197Ssam + xisr->sadb_x_ipsecrequest_len); 458105197Ssam } 459105197Ssam 460105197Ssam if (tlen != 0) 461120585Ssam panic("%s: wrong policy struct.\n", __func__); 462105197Ssam } 463105197Ssam 464105197Ssam return; 465105197Ssam} 466105197Ssam 467105197Ssam#ifdef _KERNEL 468105197Ssam/* %%%: about SPD and SAD */ 469105197Ssamvoid 470105197Ssamkdebug_secpolicy(sp) 471105197Ssam struct secpolicy *sp; 472105197Ssam{ 473105197Ssam /* sanity check */ 474105197Ssam if (sp == NULL) 475120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 476105197Ssam 477105197Ssam printf("secpolicy{ refcnt=%u state=%u policy=%u\n", 478105197Ssam sp->refcnt, sp->state, sp->policy); 479105197Ssam 480105197Ssam kdebug_secpolicyindex(&sp->spidx); 481105197Ssam 482105197Ssam switch (sp->policy) { 483105197Ssam case IPSEC_POLICY_DISCARD: 484105197Ssam printf(" type=discard }\n"); 485105197Ssam break; 486105197Ssam case IPSEC_POLICY_NONE: 487105197Ssam printf(" type=none }\n"); 488105197Ssam break; 489105197Ssam case IPSEC_POLICY_IPSEC: 490105197Ssam { 491105197Ssam struct ipsecrequest *isr; 492105197Ssam for (isr = sp->req; isr != NULL; isr = isr->next) { 493105197Ssam 494105197Ssam printf(" level=%u\n", isr->level); 495105197Ssam kdebug_secasindex(&isr->saidx); 496105197Ssam 497105197Ssam if (isr->sav != NULL) 498105197Ssam kdebug_secasv(isr->sav); 499105197Ssam } 500105197Ssam printf(" }\n"); 501105197Ssam } 502105197Ssam break; 503105197Ssam case IPSEC_POLICY_BYPASS: 504105197Ssam printf(" type=bypass }\n"); 505105197Ssam break; 506105197Ssam case IPSEC_POLICY_ENTRUST: 507105197Ssam printf(" type=entrust }\n"); 508105197Ssam break; 509105197Ssam default: 510120585Ssam printf("%s: Invalid policy found. %d\n", __func__, sp->policy); 511105197Ssam break; 512105197Ssam } 513105197Ssam 514105197Ssam return; 515105197Ssam} 516105197Ssam 517105197Ssamvoid 518105197Ssamkdebug_secpolicyindex(spidx) 519105197Ssam struct secpolicyindex *spidx; 520105197Ssam{ 521105197Ssam /* sanity check */ 522105197Ssam if (spidx == NULL) 523120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 524105197Ssam 525105197Ssam printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n", 526105197Ssam spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto); 527105197Ssam 528105197Ssam ipsec_hexdump((caddr_t)&spidx->src, 529105197Ssam ((struct sockaddr *)&spidx->src)->sa_len); 530105197Ssam printf("\n"); 531105197Ssam ipsec_hexdump((caddr_t)&spidx->dst, 532105197Ssam ((struct sockaddr *)&spidx->dst)->sa_len); 533105197Ssam printf("}\n"); 534105197Ssam 535105197Ssam return; 536105197Ssam} 537105197Ssam 538105197Ssamvoid 539105197Ssamkdebug_secasindex(saidx) 540105197Ssam struct secasindex *saidx; 541105197Ssam{ 542105197Ssam /* sanity check */ 543105197Ssam if (saidx == NULL) 544120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 545105197Ssam 546105197Ssam printf("secasindex{ mode=%u proto=%u\n", 547105197Ssam saidx->mode, saidx->proto); 548105197Ssam 549105197Ssam ipsec_hexdump((caddr_t)&saidx->src, 550105197Ssam ((struct sockaddr *)&saidx->src)->sa_len); 551105197Ssam printf("\n"); 552105197Ssam ipsec_hexdump((caddr_t)&saidx->dst, 553105197Ssam ((struct sockaddr *)&saidx->dst)->sa_len); 554105197Ssam printf("\n"); 555105197Ssam 556105197Ssam return; 557105197Ssam} 558105197Ssam 559176743Sbzstatic void 560176743Sbzkdebug_sec_lifetime(struct seclifetime *lft) 561176743Sbz{ 562176743Sbz /* sanity check */ 563176743Sbz if (lft == NULL) 564176743Sbz panic("%s: NULL pointer was passed.\n", __func__); 565176743Sbz 566176743Sbz printf("sec_lifetime{ alloc=%u, bytes=%u\n", 567176743Sbz lft->allocations, (u_int32_t)lft->bytes); 568176743Sbz printf(" addtime=%u, usetime=%u }\n", 569176743Sbz (u_int32_t)lft->addtime, (u_int32_t)lft->usetime); 570176743Sbz 571176743Sbz return; 572176743Sbz} 573176743Sbz 574105197Ssamvoid 575105197Ssamkdebug_secasv(sav) 576105197Ssam struct secasvar *sav; 577105197Ssam{ 578105197Ssam /* sanity check */ 579105197Ssam if (sav == NULL) 580120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 581105197Ssam 582105197Ssam printf("secas{"); 583105197Ssam kdebug_secasindex(&sav->sah->saidx); 584105197Ssam 585105197Ssam printf(" refcnt=%u state=%u auth=%u enc=%u\n", 586105197Ssam sav->refcnt, sav->state, sav->alg_auth, sav->alg_enc); 587105197Ssam printf(" spi=%u flags=%u\n", 588105197Ssam (u_int32_t)ntohl(sav->spi), sav->flags); 589105197Ssam 590105197Ssam if (sav->key_auth != NULL) 591105197Ssam kdebug_sadb_key((struct sadb_ext *)sav->key_auth); 592105197Ssam if (sav->key_enc != NULL) 593105197Ssam kdebug_sadb_key((struct sadb_ext *)sav->key_enc); 594105197Ssam if (sav->iv != NULL) { 595105197Ssam printf(" iv="); 596105197Ssam ipsec_hexdump(sav->iv, sav->ivlen ? sav->ivlen : 8); 597105197Ssam printf("\n"); 598105197Ssam } 599105197Ssam 600105197Ssam if (sav->replay != NULL) 601105197Ssam kdebug_secreplay(sav->replay); 602105197Ssam if (sav->lft_c != NULL) 603176743Sbz kdebug_sec_lifetime(sav->lft_c); 604105197Ssam if (sav->lft_h != NULL) 605176743Sbz kdebug_sec_lifetime(sav->lft_h); 606105197Ssam if (sav->lft_s != NULL) 607176743Sbz kdebug_sec_lifetime(sav->lft_s); 608105197Ssam 609153110Sru#ifdef notyet 610105197Ssam /* XXX: misc[123] ? */ 611105197Ssam#endif 612105197Ssam 613105197Ssam return; 614105197Ssam} 615105197Ssam 616105197Ssamstatic void 617105197Ssamkdebug_secreplay(rpl) 618105197Ssam struct secreplay *rpl; 619105197Ssam{ 620105197Ssam int len, l; 621105197Ssam 622105197Ssam /* sanity check */ 623105197Ssam if (rpl == NULL) 624120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 625105197Ssam 626105197Ssam printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u", 627105197Ssam rpl->count, rpl->wsize, rpl->seq, rpl->lastseq); 628105197Ssam 629105197Ssam if (rpl->bitmap == NULL) { 630105197Ssam printf(" }\n"); 631105197Ssam return; 632105197Ssam } 633105197Ssam 634105197Ssam printf("\n bitmap { "); 635105197Ssam 636105197Ssam for (len = 0; len < rpl->wsize; len++) { 637105197Ssam for (l = 7; l >= 0; l--) 638105197Ssam printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 639105197Ssam } 640105197Ssam printf(" }\n"); 641105197Ssam 642105197Ssam return; 643105197Ssam} 644105197Ssam 645105197Ssamvoid 646105197Ssamkdebug_mbufhdr(m) 647105197Ssam struct mbuf *m; 648105197Ssam{ 649105197Ssam /* sanity check */ 650105197Ssam if (m == NULL) 651105197Ssam return; 652105197Ssam 653105197Ssam printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 654105197Ssam "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 655105197Ssam m, m->m_next, m->m_nextpkt, m->m_data, 656105197Ssam m->m_len, m->m_type, m->m_flags); 657105197Ssam 658105197Ssam if (m->m_flags & M_PKTHDR) { 659105197Ssam printf(" m_pkthdr{ len:%d rcvif:%p }\n", 660105197Ssam m->m_pkthdr.len, m->m_pkthdr.rcvif); 661105197Ssam } 662105197Ssam 663105197Ssam if (m->m_flags & M_EXT) { 664105197Ssam printf(" m_ext{ ext_buf:%p ext_free:%p " 665105197Ssam "ext_size:%u ref_cnt:%p }\n", 666105197Ssam m->m_ext.ext_buf, m->m_ext.ext_free, 667105197Ssam m->m_ext.ext_size, m->m_ext.ref_cnt); 668105197Ssam } 669105197Ssam 670105197Ssam return; 671105197Ssam} 672105197Ssam 673105197Ssamvoid 674105197Ssamkdebug_mbuf(m0) 675105197Ssam struct mbuf *m0; 676105197Ssam{ 677105197Ssam struct mbuf *m = m0; 678105197Ssam int i, j; 679105197Ssam 680105197Ssam for (j = 0; m; m = m->m_next) { 681105197Ssam kdebug_mbufhdr(m); 682105197Ssam printf(" m_data:\n"); 683105197Ssam for (i = 0; i < m->m_len; i++) { 684105197Ssam if (i && i % 32 == 0) 685105197Ssam printf("\n"); 686105197Ssam if (i % 4 == 0) 687105197Ssam printf(" "); 688105197Ssam printf("%02x", mtod(m, u_char *)[i]); 689105197Ssam j++; 690105197Ssam } 691105197Ssam printf("\n"); 692105197Ssam } 693105197Ssam 694105197Ssam return; 695105197Ssam} 696105197Ssam#endif /* _KERNEL */ 697105197Ssam 698105197Ssamvoid 699105197Ssamkdebug_sockaddr(addr) 700105197Ssam struct sockaddr *addr; 701105197Ssam{ 702105197Ssam struct sockaddr_in *sin4; 703105197Ssam#ifdef INET6 704105197Ssam struct sockaddr_in6 *sin6; 705105197Ssam#endif 706105197Ssam 707105197Ssam /* sanity check */ 708105197Ssam if (addr == NULL) 709120585Ssam panic("%s: NULL pointer was passed.\n", __func__); 710105197Ssam 711105197Ssam /* NOTE: We deal with port number as host byte order. */ 712105197Ssam printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family); 713105197Ssam 714105197Ssam switch (addr->sa_family) { 715105197Ssam case AF_INET: 716105197Ssam sin4 = (struct sockaddr_in *)addr; 717105197Ssam printf(" port=%u\n", ntohs(sin4->sin_port)); 718105197Ssam ipsec_hexdump((caddr_t)&sin4->sin_addr, sizeof(sin4->sin_addr)); 719105197Ssam break; 720105197Ssam#ifdef INET6 721105197Ssam case AF_INET6: 722105197Ssam sin6 = (struct sockaddr_in6 *)addr; 723105197Ssam printf(" port=%u\n", ntohs(sin6->sin6_port)); 724105197Ssam printf(" flowinfo=0x%08x, scope_id=0x%08x\n", 725105197Ssam sin6->sin6_flowinfo, sin6->sin6_scope_id); 726105197Ssam ipsec_hexdump((caddr_t)&sin6->sin6_addr, 727105197Ssam sizeof(sin6->sin6_addr)); 728105197Ssam break; 729105197Ssam#endif 730105197Ssam } 731105197Ssam 732105197Ssam printf(" }\n"); 733105197Ssam 734105197Ssam return; 735105197Ssam} 736105197Ssam 737105197Ssamvoid 738105197Ssamipsec_bindump(buf, len) 739105197Ssam caddr_t buf; 740105197Ssam int len; 741105197Ssam{ 742105197Ssam int i; 743105197Ssam 744105197Ssam for (i = 0; i < len; i++) 745105197Ssam printf("%c", (unsigned char)buf[i]); 746105197Ssam 747105197Ssam return; 748105197Ssam} 749105197Ssam 750105197Ssam 751105197Ssamvoid 752105197Ssamipsec_hexdump(buf, len) 753105197Ssam caddr_t buf; 754105197Ssam int len; 755105197Ssam{ 756105197Ssam int i; 757105197Ssam 758105197Ssam for (i = 0; i < len; i++) { 759105197Ssam if (i != 0 && i % 32 == 0) printf("\n"); 760105197Ssam if (i % 4 == 0) printf(" "); 761105197Ssam printf("%02x", (unsigned char)buf[i]); 762105197Ssam } 763105197Ssam#if 0 764105197Ssam if (i % 32 != 0) printf("\n"); 765105197Ssam#endif 766105197Ssam 767105197Ssam return; 768105197Ssam} 769