xref: /freebsd/lib/libipsec/pfkey_dump.c (revision 43faedc1339a9624c7acedb7f3e5624e64da5b99)
1 /*	$KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $	*/
2 
3 /*
4  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the project nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <netipsec/ipsec.h>
39 #include <net/pfkeyv2.h>
40 #include <netipsec/key_var.h>
41 #include <netipsec/key_debug.h>
42 
43 #include <netinet/in.h>
44 #include <arpa/inet.h>
45 
46 #include <stdlib.h>
47 #include <unistd.h>
48 #include <stdio.h>
49 #include <string.h>
50 #include <time.h>
51 #include <netdb.h>
52 
53 #include "ipsec_strerror.h"
54 #include "libpfkey.h"
55 
56 /* cope with old kame headers - ugly */
57 #ifndef SADB_X_AALG_MD5
58 #define SADB_X_AALG_MD5		SADB_AALG_MD5
59 #endif
60 #ifndef SADB_X_AALG_SHA
61 #define SADB_X_AALG_SHA		SADB_AALG_SHA
62 #endif
63 #ifndef SADB_X_AALG_NULL
64 #define SADB_X_AALG_NULL	SADB_AALG_NULL
65 #endif
66 
67 #ifndef SADB_X_EALG_BLOWFISHCBC
68 #define SADB_X_EALG_BLOWFISHCBC	SADB_EALG_BLOWFISHCBC
69 #endif
70 #ifndef SADB_X_EALG_CAST128CBC
71 #define SADB_X_EALG_CAST128CBC	SADB_EALG_CAST128CBC
72 #endif
73 #ifndef SADB_X_EALG_RC5CBC
74 #ifdef SADB_EALG_RC5CBC
75 #define SADB_X_EALG_RC5CBC	SADB_EALG_RC5CBC
76 #endif
77 #endif
78 
79 #define GETMSGSTR(str, num) \
80 do { \
81 	if (sizeof((str)[0]) == 0 \
82 	 || num >= sizeof(str)/sizeof((str)[0])) \
83 		printf("%u ", (num)); \
84 	else if (strlen((str)[(num)]) == 0) \
85 		printf("%u ", (num)); \
86 	else \
87 		printf("%s ", (str)[(num)]); \
88 } while (0)
89 
90 #define GETMSGV2S(v2s, num) \
91 do { \
92 	struct val2str *p;  \
93 	for (p = (v2s); p && p->str; p++) { \
94 		if (p->val == (num)) \
95 			break; \
96 	} \
97 	if (p && p->str) \
98 		printf("%s ", p->str); \
99 	else \
100 		printf("%u ", (num)); \
101 } while (0)
102 
103 static char *str_ipaddr(struct sockaddr *);
104 static char *str_prefport(u_int, u_int, u_int, u_int);
105 static void str_upperspec(u_int, u_int, u_int);
106 static char *str_time(time_t);
107 static void str_lifetime_byte(struct sadb_lifetime *, char *);
108 
109 struct val2str {
110 	int val;
111 	const char *str;
112 };
113 
114 /*
115  * Must to be re-written about following strings.
116  */
117 static char *str_satype[] = {
118 	"unspec",
119 	"unknown",
120 	"ah",
121 	"esp",
122 	"unknown",
123 	"rsvp",
124 	"ospfv2",
125 	"ripv2",
126 	"mip",
127 	"ipcomp",
128 	"policy",
129 	"tcp"
130 };
131 
132 static char *str_mode[] = {
133 	"any",
134 	"transport",
135 	"tunnel",
136 };
137 
138 static char *str_state[] = {
139 	"larval",
140 	"mature",
141 	"dying",
142 	"dead",
143 };
144 
145 static struct val2str str_alg_auth[] = {
146 	{ SADB_AALG_NONE, "none", },
147 	{ SADB_AALG_MD5HMAC, "hmac-md5", },
148 	{ SADB_AALG_SHA1HMAC, "hmac-sha1", },
149 	{ SADB_X_AALG_MD5, "md5", },
150 	{ SADB_X_AALG_SHA, "sha", },
151 	{ SADB_X_AALG_NULL, "null", },
152 	{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
153 #ifdef SADB_X_AALG_SHA2_256
154 	{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
155 #endif
156 #ifdef SADB_X_AALG_SHA2_384
157 	{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
158 #endif
159 #ifdef SADB_X_AALG_SHA2_512
160 	{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
161 #endif
162 #ifdef SADB_X_AALG_RIPEMD160HMAC
163 	{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
164 #endif
165 #ifdef SADB_X_AALG_AES_XCBC_MAC
166 	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
167 #endif
168 	{ -1, NULL, },
169 };
170 
171 static struct val2str str_alg_enc[] = {
172 	{ SADB_EALG_NONE, "none", },
173 	{ SADB_EALG_DESCBC, "des-cbc", },
174 	{ SADB_EALG_3DESCBC, "3des-cbc", },
175 	{ SADB_EALG_NULL, "null", },
176 #ifdef SADB_X_EALG_RC5CBC
177 	{ SADB_X_EALG_RC5CBC, "rc5-cbc", },
178 #endif
179 	{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
180 	{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
181 #ifdef SADB_X_EALG_RIJNDAELCBC
182 	{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
183 #endif
184 #ifdef SADB_X_EALG_TWOFISHCBC
185 	{ SADB_X_EALG_TWOFISHCBC, "twofish-cbc", },
186 #endif
187 #ifdef SADB_X_EALG_AESCTR
188 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
189 #endif
190 #ifdef SADB_X_EALG_AESGCM16
191 	{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
192 #endif
193 #ifdef SADB_X_EALG_CAMELLIACBC
194 	{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
195 #endif
196 	{ -1, NULL, },
197 };
198 
199 static struct val2str str_alg_comp[] = {
200 	{ SADB_X_CALG_NONE, "none", },
201 	{ SADB_X_CALG_OUI, "oui", },
202 	{ SADB_X_CALG_DEFLATE, "deflate", },
203 	{ SADB_X_CALG_LZS, "lzs", },
204 	{ -1, NULL, },
205 };
206 
207 /*
208  * dump SADB_MSG formated.  For debugging, you should use kdebug_sadb().
209  */
210 void
211 pfkey_sadump(m)
212 	struct sadb_msg *m;
213 {
214 	caddr_t mhp[SADB_EXT_MAX + 1];
215 	struct sadb_sa *m_sa;
216 	struct sadb_x_sa2 *m_sa2;
217 	struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
218 	struct sadb_address *m_saddr, *m_daddr, *m_paddr;
219 	struct sadb_key *m_auth, *m_enc;
220 	struct sadb_ident *m_sid, *m_did;
221 	struct sadb_sens *m_sens;
222 
223 	/* check pfkey message. */
224 	if (pfkey_align(m, mhp)) {
225 		printf("%s\n", ipsec_strerror());
226 		return;
227 	}
228 	if (pfkey_check(mhp)) {
229 		printf("%s\n", ipsec_strerror());
230 		return;
231 	}
232 
233 	m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
234 	m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2];
235 	m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
236 	m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
237 	m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
238 	m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
239 	m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
240 	m_paddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_PROXY];
241 	m_auth = (struct sadb_key *)mhp[SADB_EXT_KEY_AUTH];
242 	m_enc = (struct sadb_key *)mhp[SADB_EXT_KEY_ENCRYPT];
243 	m_sid = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_SRC];
244 	m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST];
245 	m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY];
246 
247 	/* source address */
248 	if (m_saddr == NULL) {
249 		printf("no ADDRESS_SRC extension.\n");
250 		return;
251 	}
252 	printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
253 
254 	/* destination address */
255 	if (m_daddr == NULL) {
256 		printf("no ADDRESS_DST extension.\n");
257 		return;
258 	}
259 	printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
260 
261 	/* SA type */
262 	if (m_sa == NULL) {
263 		printf("no SA extension.\n");
264 		return;
265 	}
266 	if (m_sa2 == NULL) {
267 		printf("no SA2 extension.\n");
268 		return;
269 	}
270 	printf("\n\t");
271 
272 	GETMSGSTR(str_satype, m->sadb_msg_satype);
273 
274 	printf("mode=");
275 	GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
276 
277 	printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
278 		(u_int32_t)ntohl(m_sa->sadb_sa_spi),
279 		(u_int32_t)ntohl(m_sa->sadb_sa_spi),
280 		(u_int32_t)m_sa2->sadb_x_sa2_reqid,
281 		(u_int32_t)m_sa2->sadb_x_sa2_reqid);
282 
283 	/* encryption key */
284 	if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
285 		printf("\tC: ");
286 		GETMSGV2S(str_alg_comp, m_sa->sadb_sa_encrypt);
287 	} else if (m->sadb_msg_satype == SADB_SATYPE_ESP) {
288 		if (m_enc != NULL) {
289 			printf("\tE: ");
290 			GETMSGV2S(str_alg_enc, m_sa->sadb_sa_encrypt);
291 			ipsec_hexdump((caddr_t)m_enc + sizeof(*m_enc),
292 				      m_enc->sadb_key_bits / 8);
293 			printf("\n");
294 		}
295 	}
296 
297 	/* authentication key */
298 	if (m_auth != NULL) {
299 		printf("\tA: ");
300 		GETMSGV2S(str_alg_auth, m_sa->sadb_sa_auth);
301 		ipsec_hexdump((caddr_t)m_auth + sizeof(*m_auth),
302 		              m_auth->sadb_key_bits / 8);
303 		printf("\n");
304 	}
305 
306 	/* replay windoe size & flags */
307 	printf("\tseq=0x%08x replay=%u flags=0x%08x ",
308 		m_sa2->sadb_x_sa2_sequence,
309 		m_sa->sadb_sa_replay,
310 		m_sa->sadb_sa_flags);
311 
312 	/* state */
313 	printf("state=");
314 	GETMSGSTR(str_state, m_sa->sadb_sa_state);
315 	printf("\n");
316 
317 	/* lifetime */
318 	if (m_lftc != NULL) {
319 		time_t tmp_time = time(0);
320 
321 		printf("\tcreated: %s",
322 			str_time(m_lftc->sadb_lifetime_addtime));
323 		printf("\tcurrent: %s\n", str_time(tmp_time));
324 		printf("\tdiff: %lu(s)",
325 			(u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
326 			0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
327 
328 		printf("\thard: %lu(s)",
329 			(u_long)(m_lfth == NULL ?
330 			0 : m_lfth->sadb_lifetime_addtime));
331 		printf("\tsoft: %lu(s)\n",
332 			(u_long)(m_lfts == NULL ?
333 			0 : m_lfts->sadb_lifetime_addtime));
334 
335 		printf("\tlast: %s",
336 			str_time(m_lftc->sadb_lifetime_usetime));
337 		printf("\thard: %lu(s)",
338 			(u_long)(m_lfth == NULL ?
339 			0 : m_lfth->sadb_lifetime_usetime));
340 		printf("\tsoft: %lu(s)\n",
341 			(u_long)(m_lfts == NULL ?
342 			0 : m_lfts->sadb_lifetime_usetime));
343 
344 		str_lifetime_byte(m_lftc, "current");
345 		str_lifetime_byte(m_lfth, "hard");
346 		str_lifetime_byte(m_lfts, "soft");
347 		printf("\n");
348 
349 		printf("\tallocated: %lu",
350 			(unsigned long)m_lftc->sadb_lifetime_allocations);
351 		printf("\thard: %lu",
352 			(u_long)(m_lfth == NULL ?
353 			0 : m_lfth->sadb_lifetime_allocations));
354 		printf("\tsoft: %lu\n",
355 			(u_long)(m_lfts == NULL ?
356 			0 : m_lfts->sadb_lifetime_allocations));
357 	}
358 
359 	printf("\tsadb_seq=%lu pid=%lu ",
360 		(u_long)m->sadb_msg_seq,
361 		(u_long)m->sadb_msg_pid);
362 
363 	/* XXX DEBUG */
364 	printf("refcnt=%u\n", m->sadb_msg_reserved);
365 
366 	return;
367 }
368 
369 void
370 pfkey_spdump(m)
371 	struct sadb_msg *m;
372 {
373 	char pbuf[NI_MAXSERV];
374 	caddr_t mhp[SADB_EXT_MAX + 1];
375 	struct sadb_address *m_saddr, *m_daddr;
376 	struct sadb_x_policy *m_xpl;
377 	struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
378 	struct sockaddr *sa;
379 	u_int16_t sport = 0, dport = 0;
380 
381 	/* check pfkey message. */
382 	if (pfkey_align(m, mhp)) {
383 		printf("%s\n", ipsec_strerror());
384 		return;
385 	}
386 	if (pfkey_check(mhp)) {
387 		printf("%s\n", ipsec_strerror());
388 		return;
389 	}
390 
391 	m_saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
392 	m_daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
393 	m_xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
394 	m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
395 	m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
396 
397 	if (m_saddr && m_daddr) {
398 		/* source address */
399 		sa = (struct sockaddr *)(m_saddr + 1);
400 		switch (sa->sa_family) {
401 		case AF_INET:
402 		case AF_INET6:
403 			if (getnameinfo(sa, sa->sa_len, NULL, 0,
404 			    pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
405 				sport = 0;	/*XXX*/
406 			else
407 				sport = atoi(pbuf);
408 			printf("%s%s ", str_ipaddr(sa),
409 				str_prefport(sa->sa_family,
410 				    m_saddr->sadb_address_prefixlen, sport,
411 				    m_saddr->sadb_address_proto));
412 			break;
413 		default:
414 			printf("unknown-af ");
415 			break;
416 		}
417 
418 		/* destination address */
419 		sa = (struct sockaddr *)(m_daddr + 1);
420 		switch (sa->sa_family) {
421 		case AF_INET:
422 		case AF_INET6:
423 			if (getnameinfo(sa, sa->sa_len, NULL, 0,
424 			    pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0)
425 				dport = 0;	/*XXX*/
426 			else
427 				dport = atoi(pbuf);
428 			printf("%s%s ", str_ipaddr(sa),
429 				str_prefport(sa->sa_family,
430 				    m_daddr->sadb_address_prefixlen, dport,
431 				    m_saddr->sadb_address_proto));
432 			break;
433 		default:
434 			printf("unknown-af ");
435 			break;
436 		}
437 
438 		/* upper layer protocol */
439 		if (m_saddr->sadb_address_proto !=
440 		    m_daddr->sadb_address_proto) {
441 			printf("upper layer protocol mismatched.\n");
442 			return;
443 		}
444 		str_upperspec(m_saddr->sadb_address_proto, sport, dport);
445 	}
446 	else
447 		printf("(no selector, probably per-socket policy) ");
448 
449 	/* policy */
450     {
451 	char *d_xpl;
452 
453 	if (m_xpl == NULL) {
454 		printf("no X_POLICY extension.\n");
455 		return;
456 	}
457 	d_xpl = ipsec_dump_policy((char *)m_xpl, "\n\t");
458 
459 	/* dump SPD */
460 	printf("\n\t%s\n", d_xpl);
461 	free(d_xpl);
462     }
463 
464 	/* lifetime */
465 	if (m_lftc) {
466 		printf("\tcreated: %s  ",
467 			str_time(m_lftc->sadb_lifetime_addtime));
468 		printf("lastused: %s\n",
469 			str_time(m_lftc->sadb_lifetime_usetime));
470 	}
471 	if (m_lfth) {
472 		printf("\tlifetime: %lu(s) ",
473 			(u_long)m_lfth->sadb_lifetime_addtime);
474 		printf("validtime: %lu(s)\n",
475 			(u_long)m_lfth->sadb_lifetime_usetime);
476 	}
477 
478 
479 	printf("\tspid=%ld seq=%ld pid=%ld\n",
480 		(u_long)m_xpl->sadb_x_policy_id,
481 		(u_long)m->sadb_msg_seq,
482 		(u_long)m->sadb_msg_pid);
483 
484 	/* XXX TEST */
485 	printf("\trefcnt=%u\n", m->sadb_msg_reserved);
486 
487 	return;
488 }
489 
490 /*
491  * set "ipaddress" to buffer.
492  */
493 static char *
494 str_ipaddr(sa)
495 	struct sockaddr *sa;
496 {
497 	static char buf[NI_MAXHOST];
498 	const int niflag = NI_NUMERICHOST;
499 
500 	if (sa == NULL)
501 		return "";
502 
503 	if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0)
504 		return buf;
505 	return NULL;
506 }
507 
508 /*
509  * set "/prefix[port number]" to buffer.
510  */
511 static char *
512 str_prefport(family, pref, port, ulp)
513 	u_int family, pref, port, ulp;
514 {
515 	static char buf[128];
516 	char prefbuf[128];
517 	char portbuf[128];
518 	int plen;
519 
520 	switch (family) {
521 	case AF_INET:
522 		plen = sizeof(struct in_addr) << 3;
523 		break;
524 	case AF_INET6:
525 		plen = sizeof(struct in6_addr) << 3;
526 		break;
527 	default:
528 		return "?";
529 	}
530 
531 	if (pref == plen)
532 		prefbuf[0] = '\0';
533 	else
534 		snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
535 
536 	if (ulp == IPPROTO_ICMPV6)
537 		memset(portbuf, 0, sizeof(portbuf));
538 	else {
539 		if (port == IPSEC_PORT_ANY)
540 			snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
541 		else
542 			snprintf(portbuf, sizeof(portbuf), "[%u]", port);
543 	}
544 
545 	snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
546 
547 	return buf;
548 }
549 
550 static void
551 str_upperspec(ulp, p1, p2)
552 	u_int ulp, p1, p2;
553 {
554 	if (ulp == IPSEC_ULPROTO_ANY)
555 		printf("any");
556 	else if (ulp == IPPROTO_ICMPV6) {
557 		printf("icmp6");
558 		if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY))
559 			printf(" %u,%u", p1, p2);
560 	} else {
561 		struct protoent *ent;
562 
563 		switch (ulp) {
564 		case IPPROTO_IPV4:
565 			printf("ip4");
566 			break;
567 		default:
568 			ent = getprotobynumber(ulp);
569 			if (ent)
570 				printf("%s", ent->p_name);
571 			else
572 				printf("%u", ulp);
573 
574 			endprotoent();
575 			break;
576 		}
577 	}
578 }
579 
580 /*
581  * set "Mon Day Time Year" to buffer
582  */
583 static char *
584 str_time(t)
585 	time_t t;
586 {
587 	static char buf[128];
588 
589 	if (t == 0) {
590 		int i = 0;
591 		for (;i < 20;) buf[i++] = ' ';
592 	} else {
593 		char *t0;
594 		t0 = ctime(&t);
595 		memcpy(buf, t0 + 4, 20);
596 	}
597 
598 	buf[20] = '\0';
599 
600 	return(buf);
601 }
602 
603 static void
604 str_lifetime_byte(x, str)
605 	struct sadb_lifetime *x;
606 	char *str;
607 {
608 	double y;
609 	char *unit;
610 	int w;
611 
612 	if (x == NULL) {
613 		printf("\t%s: 0(bytes)", str);
614 		return;
615 	}
616 
617 #if 0
618 	if ((x->sadb_lifetime_bytes) / 1024 / 1024) {
619 		y = (x->sadb_lifetime_bytes) * 1.0 / 1024 / 1024;
620 		unit = "M";
621 		w = 1;
622 	} else if ((x->sadb_lifetime_bytes) / 1024) {
623 		y = (x->sadb_lifetime_bytes) * 1.0 / 1024;
624 		unit = "K";
625 		w = 1;
626 	} else {
627 		y = (x->sadb_lifetime_bytes) * 1.0;
628 		unit = "";
629 		w = 0;
630 	}
631 #else
632 	y = (x->sadb_lifetime_bytes) * 1.0;
633 	unit = "";
634 	w = 0;
635 #endif
636 	printf("\t%s: %.*f(%sbytes)", str, w, y, unit);
637 }
638