xref: /freebsd/lib/libipsec/pfkey_dump.c (revision 39beb93c3f8bdbf72a61fda42300b5ebed7390c8)
1 /*	$KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $	*/
2 
3 /*
4  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the project nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <netipsec/ipsec.h>
39 #include <net/pfkeyv2.h>
40 #include <netipsec/key_var.h>
41 #include <netipsec/key_debug.h>
42 
43 #include <netinet/in.h>
44 #include <arpa/inet.h>
45 
46 #include <stdlib.h>
47 #include <unistd.h>
48 #include <stdio.h>
49 #include <string.h>
50 #include <time.h>
51 #include <netdb.h>
52 
53 #include "ipsec_strerror.h"
54 #include "libpfkey.h"
55 
56 /* cope with old kame headers - ugly */
57 #ifndef SADB_X_AALG_MD5
58 #define SADB_X_AALG_MD5		SADB_AALG_MD5
59 #endif
60 #ifndef SADB_X_AALG_SHA
61 #define SADB_X_AALG_SHA		SADB_AALG_SHA
62 #endif
63 #ifndef SADB_X_AALG_NULL
64 #define SADB_X_AALG_NULL	SADB_AALG_NULL
65 #endif
66 
67 #ifndef SADB_X_EALG_BLOWFISHCBC
68 #define SADB_X_EALG_BLOWFISHCBC	SADB_EALG_BLOWFISHCBC
69 #endif
70 #ifndef SADB_X_EALG_CAST128CBC
71 #define SADB_X_EALG_CAST128CBC	SADB_EALG_CAST128CBC
72 #endif
73 #ifndef SADB_X_EALG_RC5CBC
74 #ifdef SADB_EALG_RC5CBC
75 #define SADB_X_EALG_RC5CBC	SADB_EALG_RC5CBC
76 #endif
77 #endif
78 
79 #define GETMSGSTR(str, num) \
80 do { \
81 	if (sizeof((str)[0]) == 0 \
82 	 || num >= sizeof(str)/sizeof((str)[0])) \
83 		printf("%u ", (num)); \
84 	else if (strlen((str)[(num)]) == 0) \
85 		printf("%u ", (num)); \
86 	else \
87 		printf("%s ", (str)[(num)]); \
88 } while (0)
89 
90 #define GETMSGV2S(v2s, num) \
91 do { \
92 	struct val2str *p;  \
93 	for (p = (v2s); p && p->str; p++) { \
94 		if (p->val == (num)) \
95 			break; \
96 	} \
97 	if (p && p->str) \
98 		printf("%s ", p->str); \
99 	else \
100 		printf("%u ", (num)); \
101 } while (0)
102 
103 static char *str_ipaddr(struct sockaddr *);
104 static char *str_prefport(u_int, u_int, u_int, u_int);
105 static void str_upperspec(u_int, u_int, u_int);
106 static char *str_time(time_t);
107 static void str_lifetime_byte(struct sadb_lifetime *, char *);
108 
109 struct val2str {
110 	int val;
111 	const char *str;
112 };
113 
114 /*
115  * Must to be re-written about following strings.
116  */
117 static char *str_satype[] = {
118 	"unspec",
119 	"unknown",
120 	"ah",
121 	"esp",
122 	"unknown",
123 	"rsvp",
124 	"ospfv2",
125 	"ripv2",
126 	"mip",
127 	"ipcomp",
128 	"policy",
129 	"tcp"
130 };
131 
132 static char *str_mode[] = {
133 	"any",
134 	"transport",
135 	"tunnel",
136 };
137 
138 static char *str_state[] = {
139 	"larval",
140 	"mature",
141 	"dying",
142 	"dead",
143 };
144 
145 static struct val2str str_alg_auth[] = {
146 	{ SADB_AALG_NONE, "none", },
147 	{ SADB_AALG_MD5HMAC, "hmac-md5", },
148 	{ SADB_AALG_SHA1HMAC, "hmac-sha1", },
149 	{ SADB_X_AALG_MD5, "md5", },
150 	{ SADB_X_AALG_SHA, "sha", },
151 	{ SADB_X_AALG_NULL, "null", },
152 	{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
153 #ifdef SADB_X_AALG_SHA2_256
154 	{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
155 #endif
156 #ifdef SADB_X_AALG_SHA2_384
157 	{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
158 #endif
159 #ifdef SADB_X_AALG_SHA2_512
160 	{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
161 #endif
162 #ifdef SADB_X_AALG_RIPEMD160HMAC
163 	{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
164 #endif
165 #ifdef SADB_X_AALG_AES_XCBC_MAC
166 	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
167 #endif
168 	{ -1, NULL, },
169 };
170 
171 static struct val2str str_alg_enc[] = {
172 	{ SADB_EALG_NONE, "none", },
173 	{ SADB_EALG_DESCBC, "des-cbc", },
174 	{ SADB_EALG_3DESCBC, "3des-cbc", },
175 	{ SADB_EALG_NULL, "null", },
176 #ifdef SADB_X_EALG_RC5CBC
177 	{ SADB_X_EALG_RC5CBC, "rc5-cbc", },
178 #endif
179 	{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
180 	{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
181 #ifdef SADB_X_EALG_RIJNDAELCBC
182 	{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
183 #endif
184 #ifdef SADB_X_EALG_TWOFISHCBC
185 	{ SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
186 #endif
187 #ifdef SADB_X_EALG_AESCTR
188 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
189 #endif
190 #ifdef SADB_X_EALG_CAMELLIACBC
191 	{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
192 #endif
193 	{ -1, NULL, },
194 };
195 
196 static struct val2str str_alg_comp[] = {
197 	{ SADB_X_CALG_NONE, "none", },
198 	{ SADB_X_CALG_OUI, "oui", },
199 	{ SADB_X_CALG_DEFLATE, "deflate", },
200 	{ SADB_X_CALG_LZS, "lzs", },
201 	{ -1, NULL, },
202 };
203 
204 /*
205  * dump SADB_MSG formated.  For debugging, you should use kdebug_sadb().
206  */
207 void
208 pfkey_sadump(m)
209 	struct sadb_msg *m;
210 {
211 	caddr_t mhp[SADB_EXT_MAX + 1];
212 	struct sadb_sa *m_sa;
213 	struct sadb_x_sa2 *m_sa2;
214 	struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
215 	struct sadb_address *m_saddr, *m_daddr, *m_paddr;
216 	struct sadb_key *m_auth, *m_enc;
217 	struct sadb_ident *m_sid, *m_did;
218 	struct sadb_sens *m_sens;
219 
220 	/* check pfkey message. */
221 	if (pfkey_align(m, mhp)) {
222 		printf("%s\n", ipsec_strerror());
223 		return;
224 	}
225 	if (pfkey_check(mhp)) {
226 		printf("%s\n", ipsec_strerror());
227 		return;
228 	}
229 
230 	m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
231 	m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2];
232 	m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
233 	m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
234 	m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
235 	m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
236 	m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
237 	m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY];
238 	m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH];
239 	m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT];
240 	m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC];
241 	m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST];
242 	m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY];
243 
244 	/* source address */
245 	if (m_saddr == NULL) {
246 		printf("no ADDRESS_SRC extension.\n");
247 		return;
248 	}
249 	printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
250 
251 	/* destination address */
252 	if (m_daddr == NULL) {
253 		printf("no ADDRESS_DST extension.\n");
254 		return;
255 	}
256 	printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
257 
258 	/* SA type */
259 	if (m_sa == NULL) {
260 		printf("no SA extension.\n");
261 		return;
262 	}
263 	if (m_sa2 == NULL) {
264 		printf("no SA2 extension.\n");
265 		return;
266 	}
267 	printf("\n\t");
268 
269 	GETMSGSTR(str_satype, m->sadb_msg_satype);
270 
271 	printf("mode=");
272 	GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
273 
274 	printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
275 		(u_int32_t)ntohl(m_sa->sadb_sa_spi),
276 		(u_int32_t)ntohl(m_sa->sadb_sa_spi),
277 		(u_int32_t)m_sa2->sadb_x_sa2_reqid,
278 		(u_int32_t)m_sa2->sadb_x_sa2_reqid);
279 
280 	/* encryption key */
281 	if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
282 		printf("\tC: ");
283 		GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt);
284 	} else if (m->sadb_msg_satype == SADB_SATYPE_ESP) {
285 		if (m_enc != NULL) {
286 			printf("\tE: ");
287 			GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt);
288 			ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc),
289 				      m_enc->sadb_key_bits / 8);
290 			printf("\n");
291 		}
292 	}
293 
294 	/* authentication key */
295 	if (m_auth != NULL) {
296 		printf("\tA: ");
297 		GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth);
298 		ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth),
299 		              m_auth->sadb_key_bits / 8);
300 		printf("\n");
301 	}
302 
303 	/* replay windoe size & flags */
304 	printf("\tseq=0x%08x replay=%u flags=0x%08x ",
305 		m_sa2->sadb_x_sa2_sequence,
306 		m_sa->sadb_sa_replay,
307 		m_sa->sadb_sa_flags);
308 
309 	/* state */
310 	printf("state=");
311 	GETMSGSTR(str_state, m_sa->sadb_sa_state);
312 	printf("\n");
313 
314 	/* lifetime */
315 	if (m_lftc != NULL) {
316 		time_t tmp_time = time(0);
317 
318 		printf("\tcreated: %s",
319 			str_time(m_lftc->sadb_lifetime_addtime));
320 		printf("\tcurrent: %s\n", str_time(tmp_time));
321 		printf("\tdiff: %lu(s)",
322 			(u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
323 			0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
324 
325 		printf("\thard: %lu(s)",
326 			(u_long)(m_lfth == NULL ?
327 			0 : m_lfth->sadb_lifetime_addtime));
328 		printf("\tsoft: %lu(s)\n",
329 			(u_long)(m_lfts == NULL ?
330 			0 : m_lfts->sadb_lifetime_addtime));
331 
332 		printf("\tlast: %s",
333 			str_time(m_lftc->sadb_lifetime_usetime));
334 		printf("\thard: %lu(s)",
335 			(u_long)(m_lfth == NULL ?
336 			0 : m_lfth->sadb_lifetime_usetime));
337 		printf("\tsoft: %lu(s)\n",
338 			(u_long)(m_lfts == NULL ?
339 			0 : m_lfts->sadb_lifetime_usetime));
340 
341 		str_lifetime_byte(m_lftc, "current");
342 		str_lifetime_byte(m_lfth, "hard");
343 		str_lifetime_byte(m_lfts, "soft");
344 		printf("\n");
345 
346 		printf("\tallocated: %lu",
347 			(unsigned long)m_lftc->sadb_lifetime_allocations);
348 		printf("\thard: %lu",
349 			(u_long)(m_lfth == NULL ?
350 			0 : m_lfth->sadb_lifetime_allocations));
351 		printf("\tsoft: %lu\n",
352 			(u_long)(m_lfts == NULL ?
353 			0 : m_lfts->sadb_lifetime_allocations));
354 	}
355 
356 	printf("\tsadb_seq=%lu pid=%lu ",
357 		(u_long)m->sadb_msg_seq,
358 		(u_long)m->sadb_msg_pid);
359 
360 	/* XXX DEBUG */
361 	printf("refcnt=%u\n", m->sadb_msg_reserved);
362 
363 	return;
364 }
365 
366 void
367 pfkey_spdump(m)
368 	struct sadb_msg *m;
369 {
370 	char pbuf[NI_MAXSERV];
371 	caddr_t mhp[SADB_EXT_MAX + 1];
372 	struct sadb_address *m_saddr, *m_daddr;
373 	struct sadb_x_policy *m_xpl;
374 	struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
375 	struct sockaddr *sa;
376 	u_int16_t sport = 0, dport = 0;
377 
378 	/* check pfkey message. */
379 	if (pfkey_align(m, mhp)) {
380 		printf("%s\n", ipsec_strerror());
381 		return;
382 	}
383 	if (pfkey_check(mhp)) {
384 		printf("%s\n", ipsec_strerror());
385 		return;
386 	}
387 
388 	m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
389 	m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
390 	m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
391 	m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
392 	m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
393 
394 	if (m_saddr && m_daddr) {
395 		/* source address */
396 		sa = (struct sockaddr *)(m_saddr + 1);
397 		switch (sa->sa_family) {
398 		case AF_INET:
399 		case AF_INET6:
400 			if (getnameinfo(sa, sa->sa_len, NULL, 0,
401 			    pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
402 				sport = 0;	/*XXX*/
403 			else
404 				sport = atoi(pbuf);
405 			printf("%s%s ", str_ipaddr(sa),
406 				str_prefport(sa->sa_family,
407 				    m_saddr->sadb_address_prefixlen, sport,
408 				    m_saddr->sadb_address_proto));
409 			break;
410 		default:
411 			printf("unknown-af ");
412 			break;
413 		}
414 
415 		/* destination address */
416 		sa = (struct sockaddr *)(m_daddr + 1);
417 		switch (sa->sa_family) {
418 		case AF_INET:
419 		case AF_INET6:
420 			if (getnameinfo(sa, sa->sa_len, NULL, 0,
421 			    pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
422 				dport = 0;	/*XXX*/
423 			else
424 				dport = atoi(pbuf);
425 			printf("%s%s ", str_ipaddr(sa),
426 				str_prefport(sa->sa_family,
427 				    m_daddr->sadb_address_prefixlen, dport,
428 				    m_saddr->sadb_address_proto));
429 			break;
430 		default:
431 			printf("unknown-af ");
432 			break;
433 		}
434 
435 		/* upper layer protocol */
436 		if (m_saddr->sadb_address_proto !=
437 		    m_daddr->sadb_address_proto) {
438 			printf("upper layer protocol mismatched.\n");
439 			return;
440 		}
441 		str_upperspec(m_saddr->sadb_address_proto, sport, dport);
442 	}
443 	else
444 		printf("(no selector, probably per-socket policy) ");
445 
446 	/* policy */
447     {
448 	char *d_xpl;
449 
450 	if (m_xpl == NULL) {
451 		printf("no X_POLICY extension.\n");
452 		return;
453 	}
454 	d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t");
455 
456 	/* dump SPD */
457 	printf("\n\t%s\n", d_xpl);
458 	free(d_xpl);
459     }
460 
461 	/* lifetime */
462 	if (m_lftc) {
463 		printf("\tcreated: %s  ",
464 			str_time(m_lftc->sadb_lifetime_addtime));
465 		printf("lastused: %s\n",
466 			str_time(m_lftc->sadb_lifetime_usetime));
467 	}
468 	if (m_lfth) {
469 		printf("\tlifetime: %lu(s) ",
470 			(u_long)m_lfth->sadb_lifetime_addtime);
471 		printf("validtime: %lu(s)\n",
472 			(u_long)m_lfth->sadb_lifetime_usetime);
473 	}
474 
475 
476 	printf("\tspid=%ld seq=%ld pid=%ld\n",
477 		(u_long)m_xpl->sadb_x_policy_id,
478 		(u_long)m->sadb_msg_seq,
479 		(u_long)m->sadb_msg_pid);
480 
481 	/* XXX TEST */
482 	printf("\trefcnt=%u\n", m->sadb_msg_reserved);
483 
484 	return;
485 }
486 
487 /*
488  * set "ipaddress" to buffer.
489  */
490 static char *
491 str_ipaddr(sa)
492 	struct sockaddr *sa;
493 {
494 	static char buf[NI_MAXHOST];
495 	const int niflag = NI_NUMERICHOST;
496 
497 	if (sa == NULL)
498 		return "";
499 
500 	if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0)
501 		return buf;
502 	return NULL;
503 }
504 
505 /*
506  * set "/prefix[port number]" to buffer.
507  */
508 static char *
509 str_prefport(family, pref, port, ulp)
510 	u_int family, pref, port, ulp;
511 {
512 	static char buf[128];
513 	char prefbuf[128];
514 	char portbuf[128];
515 	int plen;
516 
517 	switch (family) {
518 	case AF_INET:
519 		plen = sizeof(struct in_addr) << 3;
520 		break;
521 	case AF_INET6:
522 		plen = sizeof(struct in6_addr) << 3;
523 		break;
524 	default:
525 		return "?";
526 	}
527 
528 	if (pref == plen)
529 		prefbuf[0] = '\0';
530 	else
531 		snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
532 
533 	if (ulp == IPPROTO_ICMPV6)
534 		memset(portbuf, 0, sizeof(portbuf));
535 	else {
536 		if (port == IPSEC_PORT_ANY)
537 			snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
538 		else
539 			snprintf(portbuf, sizeof(portbuf), "[%u]", port);
540 	}
541 
542 	snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
543 
544 	return buf;
545 }
546 
547 static void
548 str_upperspec(ulp, p1, p2)
549 	u_int ulp, p1, p2;
550 {
551 	if (ulp == IPSEC_ULPROTO_ANY)
552 		printf("any");
553 	else if (ulp == IPPROTO_ICMPV6) {
554 		printf("icmp6");
555 		if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY))
556 			printf(" %u,%u", p1, p2);
557 	} else {
558 		struct protoent *ent;
559 
560 		switch (ulp) {
561 		case IPPROTO_IPV4:
562 			printf("ip4");
563 			break;
564 		default:
565 			ent = getprotobynumber(ulp);
566 			if (ent)
567 				printf("%s", ent->p_name);
568 			else
569 				printf("%u", ulp);
570 
571 			endprotoent();
572 			break;
573 		}
574 	}
575 }
576 
577 /*
578  * set "Mon Day Time Year" to buffer
579  */
580 static char *
581 str_time(t)
582 	time_t t;
583 {
584 	static char buf[128];
585 
586 	if (t == 0) {
587 		int i = 0;
588 		for (;i < 20;) buf[i++] = ' ';
589 	} else {
590 		char *t0;
591 		t0 = ctime(&t);
592 		memcpy(buf, t0 + 4, 20);
593 	}
594 
595 	buf[20] = '\0';
596 
597 	return(buf);
598 }
599 
600 static void
601 str_lifetime_byte(x, str)
602 	struct sadb_lifetime *x;
603 	char *str;
604 {
605 	double y;
606 	char *unit;
607 	int w;
608 
609 	if (x == NULL) {
610 		printf("\t%s: 0(bytes)", str);
611 		return;
612 	}
613 
614 #if 0
615 	if ((x->sadb_lifetime_bytes) / 1024 / 1024) {
616 		y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024;
617 		unit = "M";
618 		w = 1;
619 	} else if ((x->sadb_lifetime_bytes) / 1024) {
620 		y = (x->sadb_lifetime_bytes) * 1.0 / 1024;
621 		unit = "K";
622 		w = 1;
623 	} else {
624 		y = (x->sadb_lifetime_bytes) * 1.0;
625 		unit = "";
626 		w = 0;
627 	}
628 #else
629 	y = (x->sadb_lifetime_bytes) * 1.0;
630 	unit = "";
631 	w = 0;
632 #endif
633 	printf("\t%s: %.*f(%sbytes)", str, w, y, unit);
634 }
635