xref: /freebsd/lib/libipsec/pfkey_dump.c (revision 2546665afcaf0d53dc2c7058fee96354b3680f5a) 
1 /*	$KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $	*/
2 
3 /*
4  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the project nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <netinet6/ipsec.h>
39 #include <net/pfkeyv2.h>
40 #include <netkey/key_var.h>
41 #include <netkey/key_debug.h>
42 
43 #include <netinet/in.h>
44 #include <netinet6/ipsec.h>
45 #include <arpa/inet.h>
46 
47 #include <stdlib.h>
48 #include <unistd.h>
49 #include <stdio.h>
50 #include <string.h>
51 #include <time.h>
52 #include <netdb.h>
53 
54 #include "ipsec_strerror.h"
55 #include "libpfkey.h"
56 
57 /* cope with old kame headers - ugly */
58 #ifndef SADB_X_AALG_MD5
59 #define SADB_X_AALG_MD5		SADB_AALG_MD5
60 #endif
61 #ifndef SADB_X_AALG_SHA
62 #define SADB_X_AALG_SHA		SADB_AALG_SHA
63 #endif
64 #ifndef SADB_X_AALG_NULL
65 #define SADB_X_AALG_NULL	SADB_AALG_NULL
66 #endif
67 
68 #ifndef SADB_X_EALG_BLOWFISHCBC
69 #define SADB_X_EALG_BLOWFISHCBC	SADB_EALG_BLOWFISHCBC
70 #endif
71 #ifndef SADB_X_EALG_CAST128CBC
72 #define SADB_X_EALG_CAST128CBC	SADB_EALG_CAST128CBC
73 #endif
74 #ifndef SADB_X_EALG_RC5CBC
75 #ifdef SADB_EALG_RC5CBC
76 #define SADB_X_EALG_RC5CBC	SADB_EALG_RC5CBC
77 #endif
78 #endif
79 
80 #define GETMSGSTR(str, num) \
81 do { \
82 	if (sizeof((str)[0]) == 0 \
83 	 || num >= sizeof(str)/sizeof((str)[0])) \
84 		printf("%u ", (num)); \
85 	else if (strlen((str)[(num)]) == 0) \
86 		printf("%u ", (num)); \
87 	else \
88 		printf("%s ", (str)[(num)]); \
89 } while (0)
90 
91 #define GETMSGV2S(v2s, num) \
92 do { \
93 	struct val2str *p;  \
94 	for (p = (v2s); p && p->str; p++) { \
95 		if (p->val == (num)) \
96 			break; \
97 	} \
98 	if (p && p->str) \
99 		printf("%s ", p->str); \
100 	else \
101 		printf("%u ", (num)); \
102 } while (0)
103 
104 static char *str_ipaddr(struct sockaddr *);
105 static char *str_prefport(u_int, u_int, u_int, u_int);
106 static void str_upperspec(u_int, u_int, u_int);
107 static char *str_time(time_t);
108 static void str_lifetime_byte(struct sadb_lifetime *, char *);
109 
110 struct val2str {
111 	int val;
112 	const char *str;
113 };
114 
115 /*
116  * Must to be re-written about following strings.
117  */
118 static char *str_satype[] = {
119 	"unspec",
120 	"unknown",
121 	"ah",
122 	"esp",
123 	"unknown",
124 	"rsvp",
125 	"ospfv2",
126 	"ripv2",
127 	"mip",
128 	"ipcomp",
129 	"policy",
130 	"tcp"
131 };
132 
133 static char *str_mode[] = {
134 	"any",
135 	"transport",
136 	"tunnel",
137 };
138 
139 static char *str_state[] = {
140 	"larval",
141 	"mature",
142 	"dying",
143 	"dead",
144 };
145 
146 static struct val2str str_alg_auth[] = {
147 	{ SADB_AALG_NONE, "none", },
148 	{ SADB_AALG_MD5HMAC, "hmac-md5", },
149 	{ SADB_AALG_SHA1HMAC, "hmac-sha1", },
150 	{ SADB_X_AALG_MD5, "md5", },
151 	{ SADB_X_AALG_SHA, "sha", },
152 	{ SADB_X_AALG_NULL, "null", },
153 	{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
154 #ifdef SADB_X_AALG_SHA2_256
155 	{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
156 #endif
157 #ifdef SADB_X_AALG_SHA2_384
158 	{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
159 #endif
160 #ifdef SADB_X_AALG_SHA2_512
161 	{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
162 #endif
163 #ifdef SADB_X_AALG_RIPEMD160HMAC
164 	{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
165 #endif
166 #ifdef SADB_X_AALG_AES_XCBC_MAC
167 	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
168 #endif
169 	{ -1, NULL, },
170 };
171 
172 static struct val2str str_alg_enc[] = {
173 	{ SADB_EALG_NONE, "none", },
174 	{ SADB_EALG_DESCBC, "des-cbc", },
175 	{ SADB_EALG_3DESCBC, "3des-cbc", },
176 	{ SADB_EALG_NULL, "null", },
177 #ifdef SADB_X_EALG_RC5CBC
178 	{ SADB_X_EALG_RC5CBC, "rc5-cbc", },
179 #endif
180 	{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
181 	{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
182 #ifdef SADB_X_EALG_RIJNDAELCBC
183 	{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
184 #endif
185 #ifdef SADB_X_EALG_TWOFISHCBC
186 	{ SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
187 #endif
188 #ifdef SADB_X_EALG_AESCTR
189 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
190 #endif
191 	{ -1, NULL, },
192 };
193 
194 static struct val2str str_alg_comp[] = {
195 	{ SADB_X_CALG_NONE, "none", },
196 	{ SADB_X_CALG_OUI, "oui", },
197 	{ SADB_X_CALG_DEFLATE, "deflate", },
198 	{ SADB_X_CALG_LZS, "lzs", },
199 	{ -1, NULL, },
200 };
201 
202 /*
203  * dump SADB_MSG formated.  For debugging, you should use kdebug_sadb().
204  */
205 void
206 pfkey_sadump(m)
207 	struct sadb_msg *m;
208 {
209 	caddr_t mhp[SADB_EXT_MAX + 1];
210 	struct sadb_sa *m_sa;
211 	struct sadb_x_sa2 *m_sa2;
212 	struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
213 	struct sadb_address *m_saddr, *m_daddr, *m_paddr;
214 	struct sadb_key *m_auth, *m_enc;
215 	struct sadb_ident *m_sid, *m_did;
216 	struct sadb_sens *m_sens;
217 
218 	/* check pfkey message. */
219 	if (pfkey_align(m, mhp)) {
220 		printf("%s\n", ipsec_strerror());
221 		return;
222 	}
223 	if (pfkey_check(mhp)) {
224 		printf("%s\n", ipsec_strerror());
225 		return;
226 	}
227 
228 	m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
229 	m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2];
230 	m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
231 	m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
232 	m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
233 	m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
234 	m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
235 	m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY];
236 	m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH];
237 	m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT];
238 	m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC];
239 	m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST];
240 	m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY];
241 
242 	/* source address */
243 	if (m_saddr == NULL) {
244 		printf("no ADDRESS_SRC extension.\n");
245 		return;
246 	}
247 	printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
248 
249 	/* destination address */
250 	if (m_daddr == NULL) {
251 		printf("no ADDRESS_DST extension.\n");
252 		return;
253 	}
254 	printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
255 
256 	/* SA type */
257 	if (m_sa == NULL) {
258 		printf("no SA extension.\n");
259 		return;
260 	}
261 	if (m_sa2 == NULL) {
262 		printf("no SA2 extension.\n");
263 		return;
264 	}
265 	printf("\n\t");
266 
267 	GETMSGSTR(str_satype, m->sadb_msg_satype);
268 
269 	printf("mode=");
270 	GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
271 
272 	printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
273 		(u_int32_t)ntohl(m_sa->sadb_sa_spi),
274 		(u_int32_t)ntohl(m_sa->sadb_sa_spi),
275 		(u_int32_t)m_sa2->sadb_x_sa2_reqid,
276 		(u_int32_t)m_sa2->sadb_x_sa2_reqid);
277 
278 	/* encryption key */
279 	if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
280 		printf("\tC: ");
281 		GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt);
282 	} else if (m->sadb_msg_satype == SADB_SATYPE_ESP) {
283 		if (m_enc != NULL) {
284 			printf("\tE: ");
285 			GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt);
286 			ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc),
287 				      m_enc->sadb_key_bits / 8);
288 			printf("\n");
289 		}
290 	}
291 
292 	/* authentication key */
293 	if (m_auth != NULL) {
294 		printf("\tA: ");
295 		GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth);
296 		ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth),
297 		              m_auth->sadb_key_bits / 8);
298 		printf("\n");
299 	}
300 
301 	/* replay windoe size & flags */
302 	printf("\tseq=0x%08x replay=%u flags=0x%08x ",
303 		m_sa2->sadb_x_sa2_sequence,
304 		m_sa->sadb_sa_replay,
305 		m_sa->sadb_sa_flags);
306 
307 	/* state */
308 	printf("state=");
309 	GETMSGSTR(str_state, m_sa->sadb_sa_state);
310 	printf("\n");
311 
312 	/* lifetime */
313 	if (m_lftc != NULL) {
314 		time_t tmp_time = time(0);
315 
316 		printf("\tcreated: %s",
317 			str_time(m_lftc->sadb_lifetime_addtime));
318 		printf("\tcurrent: %s\n", str_time(tmp_time));
319 		printf("\tdiff: %lu(s)",
320 			(u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
321 			0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
322 
323 		printf("\thard: %lu(s)",
324 			(u_long)(m_lfth == NULL ?
325 			0 : m_lfth->sadb_lifetime_addtime));
326 		printf("\tsoft: %lu(s)\n",
327 			(u_long)(m_lfts == NULL ?
328 			0 : m_lfts->sadb_lifetime_addtime));
329 
330 		printf("\tlast: %s",
331 			str_time(m_lftc->sadb_lifetime_usetime));
332 		printf("\thard: %lu(s)",
333 			(u_long)(m_lfth == NULL ?
334 			0 : m_lfth->sadb_lifetime_usetime));
335 		printf("\tsoft: %lu(s)\n",
336 			(u_long)(m_lfts == NULL ?
337 			0 : m_lfts->sadb_lifetime_usetime));
338 
339 		str_lifetime_byte(m_lftc, "current");
340 		str_lifetime_byte(m_lfth, "hard");
341 		str_lifetime_byte(m_lfts, "soft");
342 		printf("\n");
343 
344 		printf("\tallocated: %lu",
345 			(unsigned long)m_lftc->sadb_lifetime_allocations);
346 		printf("\thard: %lu",
347 			(u_long)(m_lfth == NULL ?
348 			0 : m_lfth->sadb_lifetime_allocations));
349 		printf("\tsoft: %lu\n",
350 			(u_long)(m_lfts == NULL ?
351 			0 : m_lfts->sadb_lifetime_allocations));
352 	}
353 
354 	printf("\tsadb_seq=%lu pid=%lu ",
355 		(u_long)m->sadb_msg_seq,
356 		(u_long)m->sadb_msg_pid);
357 
358 	/* XXX DEBUG */
359 	printf("refcnt=%u\n", m->sadb_msg_reserved);
360 
361 	return;
362 }
363 
364 void
365 pfkey_spdump(m)
366 	struct sadb_msg *m;
367 {
368 	char pbuf[NI_MAXSERV];
369 	caddr_t mhp[SADB_EXT_MAX + 1];
370 	struct sadb_address *m_saddr, *m_daddr;
371 	struct sadb_x_policy *m_xpl;
372 	struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
373 	struct sockaddr *sa;
374 	u_int16_t sport = 0, dport = 0;
375 
376 	/* check pfkey message. */
377 	if (pfkey_align(m, mhp)) {
378 		printf("%s\n", ipsec_strerror());
379 		return;
380 	}
381 	if (pfkey_check(mhp)) {
382 		printf("%s\n", ipsec_strerror());
383 		return;
384 	}
385 
386 	m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
387 	m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
388 	m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
389 	m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
390 	m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
391 
392 	if (m_saddr && m_daddr) {
393 		/* source address */
394 		sa = (struct sockaddr *)(m_saddr + 1);
395 		switch (sa->sa_family) {
396 		case AF_INET:
397 		case AF_INET6:
398 			if (getnameinfo(sa, sa->sa_len, NULL, 0,
399 			    pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
400 				sport = 0;	/*XXX*/
401 			else
402 				sport = atoi(pbuf);
403 			printf("%s%s ", str_ipaddr(sa),
404 				str_prefport(sa->sa_family,
405 				    m_saddr->sadb_address_prefixlen, sport,
406 				    m_saddr->sadb_address_proto));
407 			break;
408 		default:
409 			printf("unknown-af ");
410 			break;
411 		}
412 
413 		/* destination address */
414 		sa = (struct sockaddr *)(m_daddr + 1);
415 		switch (sa->sa_family) {
416 		case AF_INET:
417 		case AF_INET6:
418 			if (getnameinfo(sa, sa->sa_len, NULL, 0,
419 			    pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
420 				dport = 0;	/*XXX*/
421 			else
422 				dport = atoi(pbuf);
423 			printf("%s%s ", str_ipaddr(sa),
424 				str_prefport(sa->sa_family,
425 				    m_daddr->sadb_address_prefixlen, dport,
426 				    m_saddr->sadb_address_proto));
427 			break;
428 		default:
429 			printf("unknown-af ");
430 			break;
431 		}
432 
433 		/* upper layer protocol */
434 		if (m_saddr->sadb_address_proto !=
435 		    m_daddr->sadb_address_proto) {
436 			printf("upper layer protocol mismatched.\n");
437 			return;
438 		}
439 		str_upperspec(m_saddr->sadb_address_proto, sport, dport);
440 	}
441 	else
442 		printf("(no selector, probably per-socket policy) ");
443 
444 	/* policy */
445     {
446 	char *d_xpl;
447 
448 	if (m_xpl == NULL) {
449 		printf("no X_POLICY extension.\n");
450 		return;
451 	}
452 	d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t");
453 
454 	/* dump SPD */
455 	printf("\n\t%s\n", d_xpl);
456 	free(d_xpl);
457     }
458 
459 	/* lifetime */
460 	if (m_lftc) {
461 		printf("\tcreated: %s  ",
462 			str_time(m_lftc->sadb_lifetime_addtime));
463 		printf("lastused: %s\n",
464 			str_time(m_lftc->sadb_lifetime_usetime));
465 	}
466 	if (m_lfth) {
467 		printf("\tlifetime: %lu(s) ",
468 			(u_long)m_lfth->sadb_lifetime_addtime);
469 		printf("validtime: %lu(s)\n",
470 			(u_long)m_lfth->sadb_lifetime_usetime);
471 	}
472 
473 
474 	printf("\tspid=%ld seq=%ld pid=%ld\n",
475 		(u_long)m_xpl->sadb_x_policy_id,
476 		(u_long)m->sadb_msg_seq,
477 		(u_long)m->sadb_msg_pid);
478 
479 	/* XXX TEST */
480 	printf("\trefcnt=%u\n", m->sadb_msg_reserved);
481 
482 	return;
483 }
484 
485 /*
486  * set "ipaddress" to buffer.
487  */
488 static char *
489 str_ipaddr(sa)
490 	struct sockaddr *sa;
491 {
492 	static char buf[NI_MAXHOST];
493 	const int niflag = NI_NUMERICHOST;
494 
495 	if (sa == NULL)
496 		return "";
497 
498 	if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0)
499 		return buf;
500 	return NULL;
501 }
502 
503 /*
504  * set "/prefix[port number]" to buffer.
505  */
506 static char *
507 str_prefport(family, pref, port, ulp)
508 	u_int family, pref, port, ulp;
509 {
510 	static char buf[128];
511 	char prefbuf[128];
512 	char portbuf[128];
513 	int plen;
514 
515 	switch (family) {
516 	case AF_INET:
517 		plen = sizeof(struct in_addr) << 3;
518 		break;
519 	case AF_INET6:
520 		plen = sizeof(struct in6_addr) << 3;
521 		break;
522 	default:
523 		return "?";
524 	}
525 
526 	if (pref == plen)
527 		prefbuf[0] = '\0';
528 	else
529 		snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
530 
531 	if (ulp == IPPROTO_ICMPV6)
532 		memset(portbuf, 0, sizeof(portbuf));
533 	else {
534 		if (port == IPSEC_PORT_ANY)
535 			snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
536 		else
537 			snprintf(portbuf, sizeof(portbuf), "[%u]", port);
538 	}
539 
540 	snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
541 
542 	return buf;
543 }
544 
545 static void
546 str_upperspec(ulp, p1, p2)
547 	u_int ulp, p1, p2;
548 {
549 	if (ulp == IPSEC_ULPROTO_ANY)
550 		printf("any");
551 	else if (ulp == IPPROTO_ICMPV6) {
552 		printf("icmp6");
553 		if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY))
554 			printf(" %u,%u", p1, p2);
555 	} else {
556 		struct protoent *ent;
557 
558 		switch (ulp) {
559 		case IPPROTO_IPV4:
560 			printf("ip4");
561 			break;
562 		default:
563 			ent = getprotobynumber(ulp);
564 			if (ent)
565 				printf("%s", ent->p_name);
566 			else
567 				printf("%u", ulp);
568 
569 			endprotoent();
570 			break;
571 		}
572 	}
573 }
574 
575 /*
576  * set "Mon Day Time Year" to buffer
577  */
578 static char *
579 str_time(t)
580 	time_t t;
581 {
582 	static char buf[128];
583 
584 	if (t == 0) {
585 		int i = 0;
586 		for (;i < 20;) buf[i++] = ' ';
587 	} else {
588 		char *t0;
589 		t0 = ctime(&t);
590 		memcpy(buf, t0 + 4, 20);
591 	}
592 
593 	buf[20] = '\0';
594 
595 	return(buf);
596 }
597 
598 static void
599 str_lifetime_byte(x, str)
600 	struct sadb_lifetime *x;
601 	char *str;
602 {
603 	double y;
604 	char *unit;
605 	int w;
606 
607 	if (x == NULL) {
608 		printf("\t%s: 0(bytes)", str);
609 		return;
610 	}
611 
612 #if 0
613 	if ((x->sadb_lifetime_bytes) / 1024 / 1024) {
614 		y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024;
615 		unit = "M";
616 		w = 1;
617 	} else if ((x->sadb_lifetime_bytes) / 1024) {
618 		y = (x->sadb_lifetime_bytes) * 1.0 / 1024;
619 		unit = "K";
620 		w = 1;
621 	} else {
622 		y = (x->sadb_lifetime_bytes) * 1.0;
623 		unit = "";
624 		w = 0;
625 	}
626 #else
627 	y = (x->sadb_lifetime_bytes) * 1.0;
628 	unit = "";
629 	w = 0;
630 #endif
631 	printf("\t%s: %.*f(%sbytes)", str, w, y, unit);
632 }
633