1 /* $FreeBSD$ */ 2 /* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #ifdef _KERNEL 34 #include "opt_inet.h" 35 #include "opt_inet6.h" 36 #include "opt_ipsec.h" 37 #endif 38 39 #include <sys/param.h> 40 #ifdef _KERNEL 41 #include <sys/systm.h> 42 #include <sys/lock.h> 43 #include <sys/malloc.h> 44 #include <sys/mbuf.h> 45 #include <sys/mutex.h> 46 #include <sys/queue.h> 47 #endif 48 #include <sys/socket.h> 49 50 #include <net/vnet.h> 51 52 #include <netipsec/key_var.h> 53 #include <netipsec/key_debug.h> 54 55 #include <netinet/in.h> 56 #include <netipsec/ipsec.h> 57 #ifdef _KERNEL 58 #include <netipsec/keydb.h> 59 #include <netipsec/xform.h> 60 #endif 61 62 #ifndef _KERNEL 63 #include <ctype.h> 64 #include <stdio.h> 65 #include <stdlib.h> 66 #include <arpa/inet.h> 67 #endif /* !_KERNEL */ 68 69 static void kdebug_sadb_prop(struct sadb_ext *); 70 static void kdebug_sadb_identity(struct sadb_ext *); 71 static void kdebug_sadb_supported(struct sadb_ext *); 72 static void kdebug_sadb_lifetime(struct sadb_ext *); 73 static void kdebug_sadb_sa(struct sadb_ext *); 74 static void kdebug_sadb_address(struct sadb_ext *); 75 static void kdebug_sadb_key(struct sadb_ext *); 76 static void kdebug_sadb_x_sa2(struct sadb_ext *); 77 static void kdebug_sadb_x_sa_replay(struct sadb_ext *); 78 static void kdebug_sadb_x_natt(struct sadb_ext *); 79 80 #ifdef _KERNEL 81 static void kdebug_secreplay(struct secreplay *); 82 #endif 83 84 #ifndef _KERNEL 85 #define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 86 #endif 87 88 /* NOTE: host byte order */ 89 90 /* %%%: about struct sadb_msg */ 91 void 92 kdebug_sadb(struct sadb_msg *base) 93 { 94 struct sadb_ext *ext; 95 int tlen, extlen; 96 97 /* sanity check */ 98 if (base == NULL) 99 panic("%s: NULL pointer was passed.\n", __func__); 100 101 printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n", 102 base->sadb_msg_version, base->sadb_msg_type, 103 base->sadb_msg_errno, base->sadb_msg_satype); 104 printf(" len=%u reserved=%u seq=%u pid=%u\n", 105 base->sadb_msg_len, base->sadb_msg_reserved, 106 base->sadb_msg_seq, base->sadb_msg_pid); 107 108 tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 109 ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 110 111 while (tlen > 0) { 112 printf("sadb_ext{ len=%u type=%u }\n", 113 ext->sadb_ext_len, ext->sadb_ext_type); 114 115 if (ext->sadb_ext_len == 0) { 116 printf("%s: invalid ext_len=0 was passed.\n", __func__); 117 return; 118 } 119 if (ext->sadb_ext_len > tlen) { 120 printf("%s: ext_len too big (%u > %u).\n", 121 __func__, ext->sadb_ext_len, tlen); 122 return; 123 } 124 125 switch (ext->sadb_ext_type) { 126 case SADB_EXT_SA: 127 kdebug_sadb_sa(ext); 128 break; 129 case SADB_EXT_LIFETIME_CURRENT: 130 case SADB_EXT_LIFETIME_HARD: 131 case SADB_EXT_LIFETIME_SOFT: 132 kdebug_sadb_lifetime(ext); 133 break; 134 case SADB_EXT_ADDRESS_SRC: 135 case SADB_EXT_ADDRESS_DST: 136 case SADB_EXT_ADDRESS_PROXY: 137 case SADB_X_EXT_NAT_T_OAI: 138 case SADB_X_EXT_NAT_T_OAR: 139 case SADB_X_EXT_NEW_ADDRESS_SRC: 140 case SADB_X_EXT_NEW_ADDRESS_DST: 141 kdebug_sadb_address(ext); 142 break; 143 case SADB_EXT_KEY_AUTH: 144 case SADB_EXT_KEY_ENCRYPT: 145 kdebug_sadb_key(ext); 146 break; 147 case SADB_EXT_IDENTITY_SRC: 148 case SADB_EXT_IDENTITY_DST: 149 kdebug_sadb_identity(ext); 150 break; 151 case SADB_EXT_SENSITIVITY: 152 break; 153 case SADB_EXT_PROPOSAL: 154 kdebug_sadb_prop(ext); 155 break; 156 case SADB_EXT_SUPPORTED_AUTH: 157 case SADB_EXT_SUPPORTED_ENCRYPT: 158 kdebug_sadb_supported(ext); 159 break; 160 case SADB_EXT_SPIRANGE: 161 case SADB_X_EXT_KMPRIVATE: 162 break; 163 case SADB_X_EXT_POLICY: 164 kdebug_sadb_x_policy(ext); 165 break; 166 case SADB_X_EXT_SA2: 167 kdebug_sadb_x_sa2(ext); 168 break; 169 case SADB_X_EXT_SA_REPLAY: 170 kdebug_sadb_x_sa_replay(ext); 171 break; 172 case SADB_X_EXT_NAT_T_TYPE: 173 case SADB_X_EXT_NAT_T_SPORT: 174 case SADB_X_EXT_NAT_T_DPORT: 175 kdebug_sadb_x_natt(ext); 176 break; 177 default: 178 printf("%s: invalid ext_type %u\n", __func__, 179 ext->sadb_ext_type); 180 return; 181 } 182 183 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 184 tlen -= extlen; 185 ext = (struct sadb_ext *)((caddr_t)ext + extlen); 186 } 187 188 return; 189 } 190 191 static void 192 kdebug_sadb_prop(struct sadb_ext *ext) 193 { 194 struct sadb_prop *prop = (struct sadb_prop *)ext; 195 struct sadb_comb *comb; 196 int len; 197 198 /* sanity check */ 199 if (ext == NULL) 200 panic("%s: NULL pointer was passed.\n", __func__); 201 202 len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 203 / sizeof(*comb); 204 comb = (struct sadb_comb *)(prop + 1); 205 printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 206 207 while (len--) { 208 printf("sadb_comb{ auth=%u encrypt=%u " 209 "flags=0x%04x reserved=0x%08x\n", 210 comb->sadb_comb_auth, comb->sadb_comb_encrypt, 211 comb->sadb_comb_flags, comb->sadb_comb_reserved); 212 213 printf(" auth_minbits=%u auth_maxbits=%u " 214 "encrypt_minbits=%u encrypt_maxbits=%u\n", 215 comb->sadb_comb_auth_minbits, 216 comb->sadb_comb_auth_maxbits, 217 comb->sadb_comb_encrypt_minbits, 218 comb->sadb_comb_encrypt_maxbits); 219 220 printf(" soft_alloc=%u hard_alloc=%u " 221 "soft_bytes=%lu hard_bytes=%lu\n", 222 comb->sadb_comb_soft_allocations, 223 comb->sadb_comb_hard_allocations, 224 (unsigned long)comb->sadb_comb_soft_bytes, 225 (unsigned long)comb->sadb_comb_hard_bytes); 226 227 printf(" soft_alloc=%lu hard_alloc=%lu " 228 "soft_bytes=%lu hard_bytes=%lu }\n", 229 (unsigned long)comb->sadb_comb_soft_addtime, 230 (unsigned long)comb->sadb_comb_hard_addtime, 231 (unsigned long)comb->sadb_comb_soft_usetime, 232 (unsigned long)comb->sadb_comb_hard_usetime); 233 comb++; 234 } 235 printf("}\n"); 236 237 return; 238 } 239 240 static void 241 kdebug_sadb_identity(struct sadb_ext *ext) 242 { 243 struct sadb_ident *id = (struct sadb_ident *)ext; 244 int len; 245 246 /* sanity check */ 247 if (ext == NULL) 248 panic("%s: NULL pointer was passed.\n", __func__); 249 250 len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 251 printf("sadb_ident_%s{", 252 id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 253 switch (id->sadb_ident_type) { 254 default: 255 printf(" type=%d id=%lu", 256 id->sadb_ident_type, (u_long)id->sadb_ident_id); 257 if (len) { 258 #ifdef _KERNEL 259 ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 260 #else 261 char *p, *ep; 262 printf("\n str=\""); 263 p = (char *)(id + 1); 264 ep = p + len; 265 for (/*nothing*/; *p && p < ep; p++) { 266 if (isprint(*p)) 267 printf("%c", *p & 0xff); 268 else 269 printf("\\%03o", *p & 0xff); 270 } 271 #endif 272 printf("\""); 273 } 274 break; 275 } 276 277 printf(" }\n"); 278 279 return; 280 } 281 282 static void 283 kdebug_sadb_supported(struct sadb_ext *ext) 284 { 285 struct sadb_supported *sup = (struct sadb_supported *)ext; 286 struct sadb_alg *alg; 287 int len; 288 289 /* sanity check */ 290 if (ext == NULL) 291 panic("%s: NULL pointer was passed.\n", __func__); 292 293 len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 294 / sizeof(*alg); 295 alg = (struct sadb_alg *)(sup + 1); 296 printf("sadb_sup{\n"); 297 while (len--) { 298 printf(" { id=%d ivlen=%d min=%d max=%d }\n", 299 alg->sadb_alg_id, alg->sadb_alg_ivlen, 300 alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 301 alg++; 302 } 303 printf("}\n"); 304 305 return; 306 } 307 308 static void 309 kdebug_sadb_lifetime(struct sadb_ext *ext) 310 { 311 struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 312 313 /* sanity check */ 314 if (ext == NULL) 315 panic("%s: NULL pointer was passed.\n", __func__); 316 317 printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 318 lft->sadb_lifetime_allocations, 319 (u_int32_t)lft->sadb_lifetime_bytes); 320 printf(" addtime=%u, usetime=%u }\n", 321 (u_int32_t)lft->sadb_lifetime_addtime, 322 (u_int32_t)lft->sadb_lifetime_usetime); 323 324 return; 325 } 326 327 static void 328 kdebug_sadb_sa(struct sadb_ext *ext) 329 { 330 struct sadb_sa *sa = (struct sadb_sa *)ext; 331 332 /* sanity check */ 333 if (ext == NULL) 334 panic("%s: NULL pointer was passed.\n", __func__); 335 336 printf("sadb_sa{ spi=%u replay=%u state=%u\n", 337 (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 338 sa->sadb_sa_state); 339 printf(" auth=%u encrypt=%u flags=0x%08x }\n", 340 sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 341 342 return; 343 } 344 345 static void 346 kdebug_sadb_address(struct sadb_ext *ext) 347 { 348 struct sadb_address *addr = (struct sadb_address *)ext; 349 350 /* sanity check */ 351 if (ext == NULL) 352 panic("%s: NULL pointer was passed.\n", __func__); 353 354 printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 355 addr->sadb_address_proto, addr->sadb_address_prefixlen, 356 ((u_char *)&addr->sadb_address_reserved)[0], 357 ((u_char *)&addr->sadb_address_reserved)[1]); 358 359 kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 360 } 361 362 static void 363 kdebug_sadb_key(struct sadb_ext *ext) 364 { 365 struct sadb_key *key = (struct sadb_key *)ext; 366 367 /* sanity check */ 368 if (ext == NULL) 369 panic("%s: NULL pointer was passed.\n", __func__); 370 371 printf("sadb_key{ bits=%u reserved=%u\n", 372 key->sadb_key_bits, key->sadb_key_reserved); 373 printf(" key="); 374 375 /* sanity check 2 */ 376 if ((key->sadb_key_bits >> 3) > 377 (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 378 printf("%s: key length mismatch, bit:%d len:%ld.\n", 379 __func__, 380 key->sadb_key_bits >> 3, 381 (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 382 } 383 384 ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 385 key->sadb_key_bits >> 3); 386 printf(" }\n"); 387 return; 388 } 389 390 static void 391 kdebug_sadb_x_sa2(struct sadb_ext *ext) 392 { 393 struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 394 395 /* sanity check */ 396 if (ext == NULL) 397 panic("%s: NULL pointer was passed.\n", __func__); 398 399 printf("sadb_x_sa2{ mode=%u reqid=%u\n", 400 sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 401 printf(" reserved1=%u reserved2=%u sequence=%u }\n", 402 sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 403 sa2->sadb_x_sa2_sequence); 404 405 return; 406 } 407 408 static void 409 kdebug_sadb_x_sa_replay(struct sadb_ext *ext) 410 { 411 struct sadb_x_sa_replay *replay; 412 413 /* sanity check */ 414 if (ext == NULL) 415 panic("%s: NULL pointer was passed.\n", __func__); 416 417 replay = (struct sadb_x_sa_replay *)ext; 418 printf("sadb_x_sa_replay{ replay=%u }\n", 419 replay->sadb_x_sa_replay_replay); 420 } 421 422 static void 423 kdebug_sadb_x_natt(struct sadb_ext *ext) 424 { 425 struct sadb_x_nat_t_type *type; 426 struct sadb_x_nat_t_port *port; 427 428 /* sanity check */ 429 if (ext == NULL) 430 panic("%s: NULL pointer was passed.\n", __func__); 431 432 if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) { 433 type = (struct sadb_x_nat_t_type *)ext; 434 printf("sadb_x_nat_t_type{ type=%u }\n", 435 type->sadb_x_nat_t_type_type); 436 } else { 437 port = (struct sadb_x_nat_t_port *)ext; 438 printf("sadb_x_nat_t_port{ port=%u }\n", 439 ntohs(port->sadb_x_nat_t_port_port)); 440 } 441 } 442 443 void 444 kdebug_sadb_x_policy(struct sadb_ext *ext) 445 { 446 struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 447 struct sockaddr *addr; 448 449 /* sanity check */ 450 if (ext == NULL) 451 panic("%s: NULL pointer was passed.\n", __func__); 452 453 printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n", 454 xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 455 xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope, 456 xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ? 457 "ifindex": "priority", xpl->sadb_x_policy_priority); 458 459 if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 460 int tlen; 461 struct sadb_x_ipsecrequest *xisr; 462 463 tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 464 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 465 466 while (tlen > 0) { 467 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 468 xisr->sadb_x_ipsecrequest_len, 469 xisr->sadb_x_ipsecrequest_proto, 470 xisr->sadb_x_ipsecrequest_mode, 471 xisr->sadb_x_ipsecrequest_level, 472 xisr->sadb_x_ipsecrequest_reqid); 473 474 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 475 addr = (struct sockaddr *)(xisr + 1); 476 kdebug_sockaddr(addr); 477 addr = (struct sockaddr *)((caddr_t)addr 478 + addr->sa_len); 479 kdebug_sockaddr(addr); 480 } 481 482 printf(" }\n"); 483 484 /* prevent infinite loop */ 485 if (xisr->sadb_x_ipsecrequest_len <= 0) { 486 printf("%s: wrong policy struct.\n", __func__); 487 return; 488 } 489 /* prevent overflow */ 490 if (xisr->sadb_x_ipsecrequest_len > tlen) { 491 printf("%s: invalid ipsec policy length " 492 "(%u > %u)\n", __func__, 493 xisr->sadb_x_ipsecrequest_len, tlen); 494 return; 495 } 496 497 tlen -= xisr->sadb_x_ipsecrequest_len; 498 499 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 500 + xisr->sadb_x_ipsecrequest_len); 501 } 502 503 if (tlen != 0) 504 panic("%s: wrong policy struct.\n", __func__); 505 } 506 507 return; 508 } 509 510 #ifdef _KERNEL 511 /* %%%: about SPD and SAD */ 512 const char* 513 kdebug_secpolicy_state(u_int state) 514 { 515 516 switch (state) { 517 case IPSEC_SPSTATE_DEAD: 518 return ("dead"); 519 case IPSEC_SPSTATE_LARVAL: 520 return ("larval"); 521 case IPSEC_SPSTATE_ALIVE: 522 return ("alive"); 523 case IPSEC_SPSTATE_PCB: 524 return ("pcb"); 525 case IPSEC_SPSTATE_IFNET: 526 return ("ifnet"); 527 } 528 return ("unknown"); 529 } 530 531 const char* 532 kdebug_secpolicy_policy(u_int policy) 533 { 534 535 switch (policy) { 536 case IPSEC_POLICY_DISCARD: 537 return ("discard"); 538 case IPSEC_POLICY_NONE: 539 return ("none"); 540 case IPSEC_POLICY_IPSEC: 541 return ("ipsec"); 542 case IPSEC_POLICY_ENTRUST: 543 return ("entrust"); 544 case IPSEC_POLICY_BYPASS: 545 return ("bypass"); 546 } 547 return ("unknown"); 548 } 549 550 const char* 551 kdebug_secpolicyindex_dir(u_int dir) 552 { 553 554 switch (dir) { 555 case IPSEC_DIR_ANY: 556 return ("any"); 557 case IPSEC_DIR_INBOUND: 558 return ("in"); 559 case IPSEC_DIR_OUTBOUND: 560 return ("out"); 561 } 562 return ("unknown"); 563 } 564 565 const char* 566 kdebug_ipsecrequest_level(u_int level) 567 { 568 569 switch (level) { 570 case IPSEC_LEVEL_DEFAULT: 571 return ("default"); 572 case IPSEC_LEVEL_USE: 573 return ("use"); 574 case IPSEC_LEVEL_REQUIRE: 575 return ("require"); 576 case IPSEC_LEVEL_UNIQUE: 577 return ("unique"); 578 } 579 return ("unknown"); 580 } 581 582 const char* 583 kdebug_secasindex_mode(u_int mode) 584 { 585 586 switch (mode) { 587 case IPSEC_MODE_ANY: 588 return ("any"); 589 case IPSEC_MODE_TRANSPORT: 590 return ("transport"); 591 case IPSEC_MODE_TUNNEL: 592 return ("tunnel"); 593 case IPSEC_MODE_TCPMD5: 594 return ("tcp-md5"); 595 } 596 return ("unknown"); 597 } 598 599 const char* 600 kdebug_secasv_state(u_int state) 601 { 602 603 switch (state) { 604 case SADB_SASTATE_LARVAL: 605 return ("larval"); 606 case SADB_SASTATE_MATURE: 607 return ("mature"); 608 case SADB_SASTATE_DYING: 609 return ("dying"); 610 case SADB_SASTATE_DEAD: 611 return ("dead"); 612 } 613 return ("unknown"); 614 } 615 616 static char* 617 kdebug_port2str(const struct sockaddr *sa, char *buf, size_t len) 618 { 619 uint16_t port; 620 621 IPSEC_ASSERT(sa != NULL, ("null sa")); 622 switch (sa->sa_family) { 623 #ifdef INET 624 case AF_INET: 625 port = ntohs(((const struct sockaddr_in *)sa)->sin_port); 626 break; 627 #endif 628 #ifdef INET6 629 case AF_INET6: 630 port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port); 631 break; 632 #endif 633 default: 634 port = 0; 635 } 636 if (port == 0) 637 return ("*"); 638 snprintf(buf, len, "%u", port); 639 return (buf); 640 } 641 642 void 643 kdebug_secpolicy(struct secpolicy *sp) 644 { 645 u_int idx; 646 647 IPSEC_ASSERT(sp != NULL, ("null sp")); 648 printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n", 649 sp->refcnt, sp->id, sp->priority, 650 kdebug_secpolicy_state(sp->state), 651 kdebug_secpolicy_policy(sp->policy)); 652 kdebug_secpolicyindex(&sp->spidx, " "); 653 for (idx = 0; idx < sp->tcount; idx++) { 654 printf(" req[%u]{ level=%s ", idx, 655 kdebug_ipsecrequest_level(sp->req[idx]->level)); 656 kdebug_secasindex(&sp->req[idx]->saidx, NULL); 657 printf(" }\n"); 658 } 659 printf("}\n"); 660 } 661 662 void 663 kdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent) 664 { 665 char buf[IPSEC_ADDRSTRLEN]; 666 667 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 668 if (indent != NULL) 669 printf("%s", indent); 670 printf("spidx { dir=%s ul_proto=", 671 kdebug_secpolicyindex_dir(spidx->dir)); 672 if (spidx->ul_proto == IPSEC_ULPROTO_ANY) 673 printf("* "); 674 else 675 printf("%u ", spidx->ul_proto); 676 printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)), 677 spidx->prefs); 678 printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)), 679 spidx->prefd); 680 } 681 682 void 683 kdebug_secasindex(const struct secasindex *saidx, const char *indent) 684 { 685 char buf[IPSEC_ADDRSTRLEN], port[6]; 686 687 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 688 if (indent != NULL) 689 printf("%s", indent); 690 printf("saidx { mode=%s proto=%u reqid=%u ", 691 kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid); 692 printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)), 693 kdebug_port2str(&saidx->src.sa, port, sizeof(port))); 694 printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)), 695 kdebug_port2str(&saidx->dst.sa, port, sizeof(port))); 696 } 697 698 static void 699 kdebug_sec_lifetime(struct seclifetime *lft, const char *indent) 700 { 701 702 IPSEC_ASSERT(lft != NULL, ("null lft")); 703 if (indent != NULL) 704 printf("%s", indent); 705 printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n", 706 lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime, 707 (uintmax_t)lft->usetime); 708 } 709 710 void 711 kdebug_secash(struct secashead *sah, const char *indent) 712 { 713 714 IPSEC_ASSERT(sah != NULL, ("null sah")); 715 if (indent != NULL) 716 printf("%s", indent); 717 printf("SAH { refcnt=%u state=%s\n", sah->refcnt, 718 kdebug_secasv_state(sah->state)); 719 if (indent != NULL) 720 printf("%s", indent); 721 kdebug_secasindex(&sah->saidx, indent); 722 if (indent != NULL) 723 printf("%s", indent); 724 printf("}\n"); 725 } 726 727 static void 728 kdebug_secreplay(struct secreplay *rpl) 729 { 730 int len, l; 731 732 IPSEC_ASSERT(rpl != NULL, ("null rpl")); 733 printf(" secreplay{ count=%u bitmap_size=%u wsize=%u seq=%u lastseq=%u", 734 rpl->count, rpl->bitmap_size, rpl->wsize, rpl->seq, rpl->lastseq); 735 736 if (rpl->bitmap == NULL) { 737 printf(" }\n"); 738 return; 739 } 740 741 printf("\n bitmap { "); 742 for (len = 0; len < rpl->bitmap_size*4; len++) { 743 for (l = 7; l >= 0; l--) 744 printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 745 } 746 printf(" }\n"); 747 } 748 749 static void 750 kdebug_secnatt(struct secnatt *natt) 751 { 752 char buf[IPSEC_ADDRSTRLEN]; 753 754 IPSEC_ASSERT(natt != NULL, ("null natt")); 755 printf(" natt{ sport=%u dport=%u ", ntohs(natt->sport), 756 ntohs(natt->dport)); 757 if (natt->flags & IPSEC_NATT_F_OAI) 758 printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf))); 759 if (natt->flags & IPSEC_NATT_F_OAR) 760 printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf))); 761 printf("}\n"); 762 } 763 764 void 765 kdebug_secasv(struct secasvar *sav) 766 { 767 struct seclifetime lft_c; 768 769 IPSEC_ASSERT(sav != NULL, ("null sav")); 770 771 printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n", 772 sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid, 773 sav->flags, kdebug_secasv_state(sav->state)); 774 kdebug_secash(sav->sah, " "); 775 776 lft_c.addtime = sav->created; 777 lft_c.allocations = (uint32_t)counter_u64_fetch( 778 sav->lft_c_allocations); 779 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 780 lft_c.usetime = sav->firstused; 781 kdebug_sec_lifetime(&lft_c, " c_"); 782 if (sav->lft_h != NULL) 783 kdebug_sec_lifetime(sav->lft_h, " h_"); 784 if (sav->lft_s != NULL) 785 kdebug_sec_lifetime(sav->lft_s, " s_"); 786 787 if (sav->tdb_authalgxform != NULL) 788 printf(" alg_auth=%s\n", sav->tdb_authalgxform->name); 789 if (sav->key_auth != NULL) 790 KEYDBG(DUMP, 791 kdebug_sadb_key((struct sadb_ext *)sav->key_auth)); 792 if (sav->tdb_encalgxform != NULL) 793 printf(" alg_enc=%s\n", sav->tdb_encalgxform->name); 794 if (sav->key_enc != NULL) 795 KEYDBG(DUMP, 796 kdebug_sadb_key((struct sadb_ext *)sav->key_enc)); 797 if (sav->natt != NULL) 798 kdebug_secnatt(sav->natt); 799 if (sav->replay != NULL) { 800 KEYDBG(DUMP, 801 SECASVAR_LOCK(sav); 802 kdebug_secreplay(sav->replay); 803 SECASVAR_UNLOCK(sav)); 804 } 805 printf("}\n"); 806 } 807 808 void 809 kdebug_mbufhdr(const struct mbuf *m) 810 { 811 /* sanity check */ 812 if (m == NULL) 813 return; 814 815 printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 816 "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 817 m, m->m_next, m->m_nextpkt, m->m_data, 818 m->m_len, m->m_type, m->m_flags); 819 820 if (m->m_flags & M_PKTHDR) { 821 printf(" m_pkthdr{ len:%d rcvif:%p }\n", 822 m->m_pkthdr.len, m->m_pkthdr.rcvif); 823 } 824 825 if (m->m_flags & M_EXT) { 826 printf(" m_ext{ ext_buf:%p ext_free:%p " 827 "ext_size:%u ext_cnt:%p }\n", 828 m->m_ext.ext_buf, m->m_ext.ext_free, 829 m->m_ext.ext_size, m->m_ext.ext_cnt); 830 } 831 832 return; 833 } 834 835 void 836 kdebug_mbuf(const struct mbuf *m0) 837 { 838 const struct mbuf *m = m0; 839 int i, j; 840 841 for (j = 0; m; m = m->m_next) { 842 kdebug_mbufhdr(m); 843 printf(" m_data:\n"); 844 for (i = 0; i < m->m_len; i++) { 845 if (i && i % 32 == 0) 846 printf("\n"); 847 if (i % 4 == 0) 848 printf(" "); 849 printf("%02x", mtod(m, const u_char *)[i]); 850 j++; 851 } 852 printf("\n"); 853 } 854 855 return; 856 } 857 858 /* Return a printable string for the address. */ 859 char * 860 ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) 861 { 862 863 switch (sa->sa.sa_family) { 864 #ifdef INET 865 case AF_INET: 866 return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); 867 #endif /* INET */ 868 #ifdef INET6 869 case AF_INET6: 870 if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { 871 snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, 872 &sa->sin6.sin6_addr, buf, size), 873 sa->sin6.sin6_scope_id); 874 return (buf); 875 } else 876 return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, 877 buf, size)); 878 #endif /* INET6 */ 879 case 0: 880 return ("*"); 881 default: 882 return ("(unknown address family)"); 883 } 884 } 885 886 char * 887 ipsec_sa2str(struct secasvar *sav, char *buf, size_t size) 888 { 889 char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; 890 891 snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", 892 (u_long)ntohl(sav->spi), 893 ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), 894 ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); 895 return (buf); 896 } 897 898 #endif /* _KERNEL */ 899 900 void 901 kdebug_sockaddr(struct sockaddr *addr) 902 { 903 char buf[IPSEC_ADDRSTRLEN]; 904 905 /* sanity check */ 906 if (addr == NULL) 907 panic("%s: NULL pointer was passed.\n", __func__); 908 909 switch (addr->sa_family) { 910 #ifdef INET 911 case AF_INET: { 912 struct sockaddr_in *sin; 913 914 sin = (struct sockaddr_in *)addr; 915 inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)); 916 break; 917 } 918 #endif 919 #ifdef INET6 920 case AF_INET6: { 921 struct sockaddr_in6 *sin6; 922 923 sin6 = (struct sockaddr_in6 *)addr; 924 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 925 snprintf(buf, sizeof(buf), "%s%%%u", 926 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 927 sizeof(buf)), sin6->sin6_scope_id); 928 } else 929 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 930 sizeof(buf)); 931 break; 932 } 933 #endif 934 default: 935 sprintf(buf, "unknown"); 936 } 937 printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len, 938 addr->sa_family, buf); 939 } 940 941 void 942 ipsec_bindump(caddr_t buf, int len) 943 { 944 int i; 945 946 for (i = 0; i < len; i++) 947 printf("%c", (unsigned char)buf[i]); 948 949 return; 950 } 951 952 953 void 954 ipsec_hexdump(caddr_t buf, int len) 955 { 956 int i; 957 958 for (i = 0; i < len; i++) { 959 if (i != 0 && i % 32 == 0) printf("\n"); 960 if (i % 4 == 0) printf(" "); 961 printf("%02x", (unsigned char)buf[i]); 962 } 963 #if 0 964 if (i % 32 != 0) printf("\n"); 965 #endif 966 967 return; 968 } 969