1 /* $FreeBSD$ */ 2 /* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #ifdef _KERNEL 36 #include "opt_inet.h" 37 #include "opt_inet6.h" 38 #include "opt_ipsec.h" 39 #endif 40 41 #include <sys/param.h> 42 #ifdef _KERNEL 43 #include <sys/systm.h> 44 #include <sys/lock.h> 45 #include <sys/malloc.h> 46 #include <sys/mbuf.h> 47 #include <sys/mutex.h> 48 #include <sys/queue.h> 49 #endif 50 #include <sys/socket.h> 51 52 #include <net/vnet.h> 53 54 #include <netipsec/key_var.h> 55 #include <netipsec/key_debug.h> 56 57 #include <netinet/in.h> 58 #include <netipsec/ipsec.h> 59 #ifdef _KERNEL 60 #include <netipsec/keydb.h> 61 #include <netipsec/xform.h> 62 #endif 63 64 #ifndef _KERNEL 65 #include <ctype.h> 66 #include <stdio.h> 67 #include <stdlib.h> 68 #include <arpa/inet.h> 69 #endif /* !_KERNEL */ 70 71 static void kdebug_sadb_prop(struct sadb_ext *); 72 static void kdebug_sadb_identity(struct sadb_ext *); 73 static void kdebug_sadb_supported(struct sadb_ext *); 74 static void kdebug_sadb_lifetime(struct sadb_ext *); 75 static void kdebug_sadb_sa(struct sadb_ext *); 76 static void kdebug_sadb_address(struct sadb_ext *); 77 static void kdebug_sadb_key(struct sadb_ext *); 78 static void kdebug_sadb_x_sa2(struct sadb_ext *); 79 static void kdebug_sadb_x_sa_replay(struct sadb_ext *); 80 static void kdebug_sadb_x_natt(struct sadb_ext *); 81 82 #ifndef _KERNEL 83 #define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 84 #endif 85 86 /* NOTE: host byte order */ 87 88 static const char* 89 kdebug_sadb_type(uint8_t type) 90 { 91 #define SADB_NAME(n) case SADB_ ## n: return (#n) 92 93 switch (type) { 94 SADB_NAME(RESERVED); 95 SADB_NAME(GETSPI); 96 SADB_NAME(UPDATE); 97 SADB_NAME(ADD); 98 SADB_NAME(DELETE); 99 SADB_NAME(GET); 100 SADB_NAME(ACQUIRE); 101 SADB_NAME(REGISTER); 102 SADB_NAME(EXPIRE); 103 SADB_NAME(FLUSH); 104 SADB_NAME(DUMP); 105 SADB_NAME(X_PROMISC); 106 SADB_NAME(X_PCHANGE); 107 SADB_NAME(X_SPDUPDATE); 108 SADB_NAME(X_SPDADD); 109 SADB_NAME(X_SPDDELETE); 110 SADB_NAME(X_SPDGET); 111 SADB_NAME(X_SPDACQUIRE); 112 SADB_NAME(X_SPDDUMP); 113 SADB_NAME(X_SPDFLUSH); 114 SADB_NAME(X_SPDSETIDX); 115 SADB_NAME(X_SPDEXPIRE); 116 SADB_NAME(X_SPDDELETE2); 117 default: 118 return ("UNKNOWN"); 119 } 120 #undef SADB_NAME 121 } 122 123 static const char* 124 kdebug_sadb_exttype(uint16_t type) 125 { 126 #define EXT_NAME(n) case SADB_EXT_ ## n: return (#n) 127 #define X_NAME(n) case SADB_X_EXT_ ## n: return (#n) 128 129 switch (type) { 130 EXT_NAME(RESERVED); 131 EXT_NAME(SA); 132 EXT_NAME(LIFETIME_CURRENT); 133 EXT_NAME(LIFETIME_HARD); 134 EXT_NAME(LIFETIME_SOFT); 135 EXT_NAME(ADDRESS_SRC); 136 EXT_NAME(ADDRESS_DST); 137 EXT_NAME(ADDRESS_PROXY); 138 EXT_NAME(KEY_AUTH); 139 EXT_NAME(KEY_ENCRYPT); 140 EXT_NAME(IDENTITY_SRC); 141 EXT_NAME(IDENTITY_DST); 142 EXT_NAME(SENSITIVITY); 143 EXT_NAME(PROPOSAL); 144 EXT_NAME(SUPPORTED_AUTH); 145 EXT_NAME(SUPPORTED_ENCRYPT); 146 EXT_NAME(SPIRANGE); 147 X_NAME(KMPRIVATE); 148 X_NAME(POLICY); 149 X_NAME(SA2); 150 X_NAME(NAT_T_TYPE); 151 X_NAME(NAT_T_SPORT); 152 X_NAME(NAT_T_DPORT); 153 X_NAME(NAT_T_OAI); 154 X_NAME(NAT_T_OAR); 155 X_NAME(NAT_T_FRAG); 156 X_NAME(SA_REPLAY); 157 X_NAME(NEW_ADDRESS_SRC); 158 X_NAME(NEW_ADDRESS_DST); 159 default: 160 return ("UNKNOWN"); 161 }; 162 #undef EXT_NAME 163 #undef X_NAME 164 } 165 166 167 /* %%%: about struct sadb_msg */ 168 void 169 kdebug_sadb(struct sadb_msg *base) 170 { 171 struct sadb_ext *ext; 172 int tlen, extlen; 173 174 /* sanity check */ 175 if (base == NULL) 176 panic("%s: NULL pointer was passed.\n", __func__); 177 178 printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n", 179 base->sadb_msg_version, base->sadb_msg_type, 180 kdebug_sadb_type(base->sadb_msg_type), 181 base->sadb_msg_errno, base->sadb_msg_satype); 182 printf(" len=%u reserved=%u seq=%u pid=%u\n", 183 base->sadb_msg_len, base->sadb_msg_reserved, 184 base->sadb_msg_seq, base->sadb_msg_pid); 185 186 tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 187 ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 188 189 while (tlen > 0) { 190 printf("sadb_ext{ len=%u type=%u(%s) }\n", 191 ext->sadb_ext_len, ext->sadb_ext_type, 192 kdebug_sadb_exttype(ext->sadb_ext_type)); 193 194 if (ext->sadb_ext_len == 0) { 195 printf("%s: invalid ext_len=0 was passed.\n", __func__); 196 return; 197 } 198 if (ext->sadb_ext_len > tlen) { 199 printf("%s: ext_len too big (%u > %u).\n", 200 __func__, ext->sadb_ext_len, tlen); 201 return; 202 } 203 204 switch (ext->sadb_ext_type) { 205 case SADB_EXT_SA: 206 kdebug_sadb_sa(ext); 207 break; 208 case SADB_EXT_LIFETIME_CURRENT: 209 case SADB_EXT_LIFETIME_HARD: 210 case SADB_EXT_LIFETIME_SOFT: 211 kdebug_sadb_lifetime(ext); 212 break; 213 case SADB_EXT_ADDRESS_SRC: 214 case SADB_EXT_ADDRESS_DST: 215 case SADB_EXT_ADDRESS_PROXY: 216 case SADB_X_EXT_NAT_T_OAI: 217 case SADB_X_EXT_NAT_T_OAR: 218 case SADB_X_EXT_NEW_ADDRESS_SRC: 219 case SADB_X_EXT_NEW_ADDRESS_DST: 220 kdebug_sadb_address(ext); 221 break; 222 case SADB_EXT_KEY_AUTH: 223 case SADB_EXT_KEY_ENCRYPT: 224 kdebug_sadb_key(ext); 225 break; 226 case SADB_EXT_IDENTITY_SRC: 227 case SADB_EXT_IDENTITY_DST: 228 kdebug_sadb_identity(ext); 229 break; 230 case SADB_EXT_SENSITIVITY: 231 break; 232 case SADB_EXT_PROPOSAL: 233 kdebug_sadb_prop(ext); 234 break; 235 case SADB_EXT_SUPPORTED_AUTH: 236 case SADB_EXT_SUPPORTED_ENCRYPT: 237 kdebug_sadb_supported(ext); 238 break; 239 case SADB_EXT_SPIRANGE: 240 case SADB_X_EXT_KMPRIVATE: 241 break; 242 case SADB_X_EXT_POLICY: 243 kdebug_sadb_x_policy(ext); 244 break; 245 case SADB_X_EXT_SA2: 246 kdebug_sadb_x_sa2(ext); 247 break; 248 case SADB_X_EXT_SA_REPLAY: 249 kdebug_sadb_x_sa_replay(ext); 250 break; 251 case SADB_X_EXT_NAT_T_TYPE: 252 case SADB_X_EXT_NAT_T_SPORT: 253 case SADB_X_EXT_NAT_T_DPORT: 254 kdebug_sadb_x_natt(ext); 255 break; 256 default: 257 printf("%s: invalid ext_type %u\n", __func__, 258 ext->sadb_ext_type); 259 return; 260 } 261 262 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 263 tlen -= extlen; 264 ext = (struct sadb_ext *)((caddr_t)ext + extlen); 265 } 266 267 return; 268 } 269 270 static void 271 kdebug_sadb_prop(struct sadb_ext *ext) 272 { 273 struct sadb_prop *prop = (struct sadb_prop *)ext; 274 struct sadb_comb *comb; 275 int len; 276 277 /* sanity check */ 278 if (ext == NULL) 279 panic("%s: NULL pointer was passed.\n", __func__); 280 281 len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 282 / sizeof(*comb); 283 comb = (struct sadb_comb *)(prop + 1); 284 printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 285 286 while (len--) { 287 printf("sadb_comb{ auth=%u encrypt=%u " 288 "flags=0x%04x reserved=0x%08x\n", 289 comb->sadb_comb_auth, comb->sadb_comb_encrypt, 290 comb->sadb_comb_flags, comb->sadb_comb_reserved); 291 292 printf(" auth_minbits=%u auth_maxbits=%u " 293 "encrypt_minbits=%u encrypt_maxbits=%u\n", 294 comb->sadb_comb_auth_minbits, 295 comb->sadb_comb_auth_maxbits, 296 comb->sadb_comb_encrypt_minbits, 297 comb->sadb_comb_encrypt_maxbits); 298 299 printf(" soft_alloc=%u hard_alloc=%u " 300 "soft_bytes=%lu hard_bytes=%lu\n", 301 comb->sadb_comb_soft_allocations, 302 comb->sadb_comb_hard_allocations, 303 (unsigned long)comb->sadb_comb_soft_bytes, 304 (unsigned long)comb->sadb_comb_hard_bytes); 305 306 printf(" soft_alloc=%lu hard_alloc=%lu " 307 "soft_bytes=%lu hard_bytes=%lu }\n", 308 (unsigned long)comb->sadb_comb_soft_addtime, 309 (unsigned long)comb->sadb_comb_hard_addtime, 310 (unsigned long)comb->sadb_comb_soft_usetime, 311 (unsigned long)comb->sadb_comb_hard_usetime); 312 comb++; 313 } 314 printf("}\n"); 315 316 return; 317 } 318 319 static void 320 kdebug_sadb_identity(struct sadb_ext *ext) 321 { 322 struct sadb_ident *id = (struct sadb_ident *)ext; 323 int len; 324 325 /* sanity check */ 326 if (ext == NULL) 327 panic("%s: NULL pointer was passed.\n", __func__); 328 329 len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 330 printf("sadb_ident_%s{", 331 id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 332 switch (id->sadb_ident_type) { 333 default: 334 printf(" type=%d id=%lu", 335 id->sadb_ident_type, (u_long)id->sadb_ident_id); 336 if (len) { 337 #ifdef _KERNEL 338 ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 339 #else 340 char *p, *ep; 341 printf("\n str=\""); 342 p = (char *)(id + 1); 343 ep = p + len; 344 for (/*nothing*/; *p && p < ep; p++) { 345 if (isprint(*p)) 346 printf("%c", *p & 0xff); 347 else 348 printf("\\%03o", *p & 0xff); 349 } 350 #endif 351 printf("\""); 352 } 353 break; 354 } 355 356 printf(" }\n"); 357 358 return; 359 } 360 361 static void 362 kdebug_sadb_supported(struct sadb_ext *ext) 363 { 364 struct sadb_supported *sup = (struct sadb_supported *)ext; 365 struct sadb_alg *alg; 366 int len; 367 368 /* sanity check */ 369 if (ext == NULL) 370 panic("%s: NULL pointer was passed.\n", __func__); 371 372 len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 373 / sizeof(*alg); 374 alg = (struct sadb_alg *)(sup + 1); 375 printf("sadb_sup{\n"); 376 while (len--) { 377 printf(" { id=%d ivlen=%d min=%d max=%d }\n", 378 alg->sadb_alg_id, alg->sadb_alg_ivlen, 379 alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 380 alg++; 381 } 382 printf("}\n"); 383 384 return; 385 } 386 387 static void 388 kdebug_sadb_lifetime(struct sadb_ext *ext) 389 { 390 struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 391 392 /* sanity check */ 393 if (ext == NULL) 394 panic("%s: NULL pointer was passed.\n", __func__); 395 396 printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 397 lft->sadb_lifetime_allocations, 398 (u_int32_t)lft->sadb_lifetime_bytes); 399 printf(" addtime=%u, usetime=%u }\n", 400 (u_int32_t)lft->sadb_lifetime_addtime, 401 (u_int32_t)lft->sadb_lifetime_usetime); 402 403 return; 404 } 405 406 static void 407 kdebug_sadb_sa(struct sadb_ext *ext) 408 { 409 struct sadb_sa *sa = (struct sadb_sa *)ext; 410 411 /* sanity check */ 412 if (ext == NULL) 413 panic("%s: NULL pointer was passed.\n", __func__); 414 415 printf("sadb_sa{ spi=%u replay=%u state=%u\n", 416 (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 417 sa->sadb_sa_state); 418 printf(" auth=%u encrypt=%u flags=0x%08x }\n", 419 sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 420 421 return; 422 } 423 424 static void 425 kdebug_sadb_address(struct sadb_ext *ext) 426 { 427 struct sadb_address *addr = (struct sadb_address *)ext; 428 429 /* sanity check */ 430 if (ext == NULL) 431 panic("%s: NULL pointer was passed.\n", __func__); 432 433 printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 434 addr->sadb_address_proto, addr->sadb_address_prefixlen, 435 ((u_char *)&addr->sadb_address_reserved)[0], 436 ((u_char *)&addr->sadb_address_reserved)[1]); 437 438 kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 439 } 440 441 static void 442 kdebug_sadb_key(struct sadb_ext *ext) 443 { 444 struct sadb_key *key = (struct sadb_key *)ext; 445 446 /* sanity check */ 447 if (ext == NULL) 448 panic("%s: NULL pointer was passed.\n", __func__); 449 450 printf("sadb_key{ bits=%u reserved=%u\n", 451 key->sadb_key_bits, key->sadb_key_reserved); 452 printf(" key="); 453 454 /* sanity check 2 */ 455 if ((key->sadb_key_bits >> 3) > 456 (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 457 printf("%s: key length mismatch, bit:%d len:%ld.\n", 458 __func__, 459 key->sadb_key_bits >> 3, 460 (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 461 } 462 463 ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 464 key->sadb_key_bits >> 3); 465 printf(" }\n"); 466 return; 467 } 468 469 static void 470 kdebug_sadb_x_sa2(struct sadb_ext *ext) 471 { 472 struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 473 474 /* sanity check */ 475 if (ext == NULL) 476 panic("%s: NULL pointer was passed.\n", __func__); 477 478 printf("sadb_x_sa2{ mode=%u reqid=%u\n", 479 sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 480 printf(" reserved1=%u reserved2=%u sequence=%u }\n", 481 sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 482 sa2->sadb_x_sa2_sequence); 483 484 return; 485 } 486 487 static void 488 kdebug_sadb_x_sa_replay(struct sadb_ext *ext) 489 { 490 struct sadb_x_sa_replay *replay; 491 492 /* sanity check */ 493 if (ext == NULL) 494 panic("%s: NULL pointer was passed.\n", __func__); 495 496 replay = (struct sadb_x_sa_replay *)ext; 497 printf("sadb_x_sa_replay{ replay=%u }\n", 498 replay->sadb_x_sa_replay_replay); 499 } 500 501 static void 502 kdebug_sadb_x_natt(struct sadb_ext *ext) 503 { 504 struct sadb_x_nat_t_type *type; 505 struct sadb_x_nat_t_port *port; 506 507 /* sanity check */ 508 if (ext == NULL) 509 panic("%s: NULL pointer was passed.\n", __func__); 510 511 if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) { 512 type = (struct sadb_x_nat_t_type *)ext; 513 printf("sadb_x_nat_t_type{ type=%u }\n", 514 type->sadb_x_nat_t_type_type); 515 } else { 516 port = (struct sadb_x_nat_t_port *)ext; 517 printf("sadb_x_nat_t_port{ port=%u }\n", 518 ntohs(port->sadb_x_nat_t_port_port)); 519 } 520 } 521 522 void 523 kdebug_sadb_x_policy(struct sadb_ext *ext) 524 { 525 struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 526 struct sockaddr *addr; 527 528 /* sanity check */ 529 if (ext == NULL) 530 panic("%s: NULL pointer was passed.\n", __func__); 531 532 printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n", 533 xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 534 xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope, 535 xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ? 536 "ifindex": "priority", xpl->sadb_x_policy_priority); 537 538 if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 539 int tlen; 540 struct sadb_x_ipsecrequest *xisr; 541 542 tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 543 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 544 545 while (tlen > 0) { 546 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 547 xisr->sadb_x_ipsecrequest_len, 548 xisr->sadb_x_ipsecrequest_proto, 549 xisr->sadb_x_ipsecrequest_mode, 550 xisr->sadb_x_ipsecrequest_level, 551 xisr->sadb_x_ipsecrequest_reqid); 552 553 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 554 addr = (struct sockaddr *)(xisr + 1); 555 kdebug_sockaddr(addr); 556 addr = (struct sockaddr *)((caddr_t)addr 557 + addr->sa_len); 558 kdebug_sockaddr(addr); 559 } 560 561 printf(" }\n"); 562 563 /* prevent infinite loop */ 564 if (xisr->sadb_x_ipsecrequest_len <= 0) { 565 printf("%s: wrong policy struct.\n", __func__); 566 return; 567 } 568 /* prevent overflow */ 569 if (xisr->sadb_x_ipsecrequest_len > tlen) { 570 printf("%s: invalid ipsec policy length " 571 "(%u > %u)\n", __func__, 572 xisr->sadb_x_ipsecrequest_len, tlen); 573 return; 574 } 575 576 tlen -= xisr->sadb_x_ipsecrequest_len; 577 578 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 579 + xisr->sadb_x_ipsecrequest_len); 580 } 581 582 if (tlen != 0) 583 panic("%s: wrong policy struct.\n", __func__); 584 } 585 586 return; 587 } 588 589 #ifdef _KERNEL 590 /* %%%: about SPD and SAD */ 591 const char* 592 kdebug_secpolicy_state(u_int state) 593 { 594 595 switch (state) { 596 case IPSEC_SPSTATE_DEAD: 597 return ("dead"); 598 case IPSEC_SPSTATE_LARVAL: 599 return ("larval"); 600 case IPSEC_SPSTATE_ALIVE: 601 return ("alive"); 602 case IPSEC_SPSTATE_PCB: 603 return ("pcb"); 604 case IPSEC_SPSTATE_IFNET: 605 return ("ifnet"); 606 } 607 return ("unknown"); 608 } 609 610 const char* 611 kdebug_secpolicy_policy(u_int policy) 612 { 613 614 switch (policy) { 615 case IPSEC_POLICY_DISCARD: 616 return ("discard"); 617 case IPSEC_POLICY_NONE: 618 return ("none"); 619 case IPSEC_POLICY_IPSEC: 620 return ("ipsec"); 621 case IPSEC_POLICY_ENTRUST: 622 return ("entrust"); 623 case IPSEC_POLICY_BYPASS: 624 return ("bypass"); 625 } 626 return ("unknown"); 627 } 628 629 const char* 630 kdebug_secpolicyindex_dir(u_int dir) 631 { 632 633 switch (dir) { 634 case IPSEC_DIR_ANY: 635 return ("any"); 636 case IPSEC_DIR_INBOUND: 637 return ("in"); 638 case IPSEC_DIR_OUTBOUND: 639 return ("out"); 640 } 641 return ("unknown"); 642 } 643 644 const char* 645 kdebug_ipsecrequest_level(u_int level) 646 { 647 648 switch (level) { 649 case IPSEC_LEVEL_DEFAULT: 650 return ("default"); 651 case IPSEC_LEVEL_USE: 652 return ("use"); 653 case IPSEC_LEVEL_REQUIRE: 654 return ("require"); 655 case IPSEC_LEVEL_UNIQUE: 656 return ("unique"); 657 } 658 return ("unknown"); 659 } 660 661 const char* 662 kdebug_secasindex_mode(u_int mode) 663 { 664 665 switch (mode) { 666 case IPSEC_MODE_ANY: 667 return ("any"); 668 case IPSEC_MODE_TRANSPORT: 669 return ("transport"); 670 case IPSEC_MODE_TUNNEL: 671 return ("tunnel"); 672 case IPSEC_MODE_TCPMD5: 673 return ("tcp-md5"); 674 } 675 return ("unknown"); 676 } 677 678 const char* 679 kdebug_secasv_state(u_int state) 680 { 681 682 switch (state) { 683 case SADB_SASTATE_LARVAL: 684 return ("larval"); 685 case SADB_SASTATE_MATURE: 686 return ("mature"); 687 case SADB_SASTATE_DYING: 688 return ("dying"); 689 case SADB_SASTATE_DEAD: 690 return ("dead"); 691 } 692 return ("unknown"); 693 } 694 695 static char* 696 kdebug_port2str(const struct sockaddr *sa, char *buf, size_t len) 697 { 698 uint16_t port; 699 700 IPSEC_ASSERT(sa != NULL, ("null sa")); 701 switch (sa->sa_family) { 702 #ifdef INET 703 case AF_INET: 704 port = ntohs(((const struct sockaddr_in *)sa)->sin_port); 705 break; 706 #endif 707 #ifdef INET6 708 case AF_INET6: 709 port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port); 710 break; 711 #endif 712 default: 713 port = 0; 714 } 715 if (port == 0) 716 return ("*"); 717 snprintf(buf, len, "%u", port); 718 return (buf); 719 } 720 721 void 722 kdebug_secpolicy(struct secpolicy *sp) 723 { 724 u_int idx; 725 726 IPSEC_ASSERT(sp != NULL, ("null sp")); 727 printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n", 728 sp->refcnt, sp->id, sp->priority, 729 kdebug_secpolicy_state(sp->state), 730 kdebug_secpolicy_policy(sp->policy)); 731 kdebug_secpolicyindex(&sp->spidx, " "); 732 for (idx = 0; idx < sp->tcount; idx++) { 733 printf(" req[%u]{ level=%s ", idx, 734 kdebug_ipsecrequest_level(sp->req[idx]->level)); 735 kdebug_secasindex(&sp->req[idx]->saidx, NULL); 736 printf(" }\n"); 737 } 738 printf("}\n"); 739 } 740 741 void 742 kdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent) 743 { 744 char buf[IPSEC_ADDRSTRLEN]; 745 746 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 747 if (indent != NULL) 748 printf("%s", indent); 749 printf("spidx { dir=%s ul_proto=", 750 kdebug_secpolicyindex_dir(spidx->dir)); 751 if (spidx->ul_proto == IPSEC_ULPROTO_ANY) 752 printf("* "); 753 else 754 printf("%u ", spidx->ul_proto); 755 printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)), 756 spidx->prefs); 757 printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)), 758 spidx->prefd); 759 } 760 761 void 762 kdebug_secasindex(const struct secasindex *saidx, const char *indent) 763 { 764 char buf[IPSEC_ADDRSTRLEN], port[6]; 765 766 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 767 if (indent != NULL) 768 printf("%s", indent); 769 printf("saidx { mode=%s proto=%u reqid=%u ", 770 kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid); 771 printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)), 772 kdebug_port2str(&saidx->src.sa, port, sizeof(port))); 773 printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)), 774 kdebug_port2str(&saidx->dst.sa, port, sizeof(port))); 775 } 776 777 static void 778 kdebug_sec_lifetime(struct seclifetime *lft, const char *indent) 779 { 780 781 IPSEC_ASSERT(lft != NULL, ("null lft")); 782 if (indent != NULL) 783 printf("%s", indent); 784 printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n", 785 lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime, 786 (uintmax_t)lft->usetime); 787 } 788 789 void 790 kdebug_secash(struct secashead *sah, const char *indent) 791 { 792 793 IPSEC_ASSERT(sah != NULL, ("null sah")); 794 if (indent != NULL) 795 printf("%s", indent); 796 printf("SAH { refcnt=%u state=%s\n", sah->refcnt, 797 kdebug_secasv_state(sah->state)); 798 if (indent != NULL) 799 printf("%s", indent); 800 kdebug_secasindex(&sah->saidx, indent); 801 if (indent != NULL) 802 printf("%s", indent); 803 printf("}\n"); 804 } 805 806 #ifdef IPSEC_DEBUG 807 static void 808 kdebug_secreplay(struct secreplay *rpl) 809 { 810 int len, l; 811 812 IPSEC_ASSERT(rpl != NULL, ("null rpl")); 813 printf(" secreplay{ count=%u bitmap_size=%u wsize=%u seq=%u lastseq=%u", 814 rpl->count, rpl->bitmap_size, rpl->wsize, rpl->seq, rpl->lastseq); 815 816 if (rpl->bitmap == NULL) { 817 printf(" }\n"); 818 return; 819 } 820 821 printf("\n bitmap { "); 822 for (len = 0; len < rpl->bitmap_size*4; len++) { 823 for (l = 7; l >= 0; l--) 824 printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 825 } 826 printf(" }\n"); 827 } 828 #endif /* IPSEC_DEBUG */ 829 830 static void 831 kdebug_secnatt(struct secnatt *natt) 832 { 833 char buf[IPSEC_ADDRSTRLEN]; 834 835 IPSEC_ASSERT(natt != NULL, ("null natt")); 836 printf(" natt{ sport=%u dport=%u ", ntohs(natt->sport), 837 ntohs(natt->dport)); 838 if (natt->flags & IPSEC_NATT_F_OAI) 839 printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf))); 840 if (natt->flags & IPSEC_NATT_F_OAR) 841 printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf))); 842 printf("}\n"); 843 } 844 845 void 846 kdebug_secasv(struct secasvar *sav) 847 { 848 struct seclifetime lft_c; 849 850 IPSEC_ASSERT(sav != NULL, ("null sav")); 851 852 printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n", 853 sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid, 854 sav->flags, kdebug_secasv_state(sav->state)); 855 kdebug_secash(sav->sah, " "); 856 857 lft_c.addtime = sav->created; 858 lft_c.allocations = (uint32_t)counter_u64_fetch( 859 sav->lft_c_allocations); 860 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 861 lft_c.usetime = sav->firstused; 862 kdebug_sec_lifetime(&lft_c, " c_"); 863 if (sav->lft_h != NULL) 864 kdebug_sec_lifetime(sav->lft_h, " h_"); 865 if (sav->lft_s != NULL) 866 kdebug_sec_lifetime(sav->lft_s, " s_"); 867 868 if (sav->tdb_authalgxform != NULL) 869 printf(" alg_auth=%s\n", sav->tdb_authalgxform->name); 870 if (sav->key_auth != NULL) 871 KEYDBG(DUMP, 872 kdebug_sadb_key((struct sadb_ext *)sav->key_auth)); 873 if (sav->tdb_encalgxform != NULL) 874 printf(" alg_enc=%s\n", sav->tdb_encalgxform->name); 875 if (sav->key_enc != NULL) 876 KEYDBG(DUMP, 877 kdebug_sadb_key((struct sadb_ext *)sav->key_enc)); 878 if (sav->natt != NULL) 879 kdebug_secnatt(sav->natt); 880 if (sav->replay != NULL) { 881 KEYDBG(DUMP, 882 SECASVAR_LOCK(sav); 883 kdebug_secreplay(sav->replay); 884 SECASVAR_UNLOCK(sav)); 885 } 886 printf("}\n"); 887 } 888 889 void 890 kdebug_mbufhdr(const struct mbuf *m) 891 { 892 /* sanity check */ 893 if (m == NULL) 894 return; 895 896 printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 897 "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 898 m, m->m_next, m->m_nextpkt, m->m_data, 899 m->m_len, m->m_type, m->m_flags); 900 901 if (m->m_flags & M_PKTHDR) { 902 printf(" m_pkthdr{ len:%d rcvif:%p }\n", 903 m->m_pkthdr.len, m->m_pkthdr.rcvif); 904 } 905 906 if (m->m_flags & M_EXT) { 907 printf(" m_ext{ ext_buf:%p ext_free:%p " 908 "ext_size:%u ext_cnt:%p }\n", 909 m->m_ext.ext_buf, m->m_ext.ext_free, 910 m->m_ext.ext_size, m->m_ext.ext_cnt); 911 } 912 913 return; 914 } 915 916 void 917 kdebug_mbuf(const struct mbuf *m0) 918 { 919 const struct mbuf *m = m0; 920 int i, j; 921 922 for (j = 0; m; m = m->m_next) { 923 kdebug_mbufhdr(m); 924 printf(" m_data:\n"); 925 for (i = 0; i < m->m_len; i++) { 926 if (i && i % 32 == 0) 927 printf("\n"); 928 if (i % 4 == 0) 929 printf(" "); 930 printf("%02x", mtod(m, const u_char *)[i]); 931 j++; 932 } 933 printf("\n"); 934 } 935 936 return; 937 } 938 939 /* Return a printable string for the address. */ 940 char * 941 ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) 942 { 943 944 switch (sa->sa.sa_family) { 945 #ifdef INET 946 case AF_INET: 947 return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); 948 #endif /* INET */ 949 #ifdef INET6 950 case AF_INET6: 951 if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { 952 snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, 953 &sa->sin6.sin6_addr, buf, size), 954 sa->sin6.sin6_scope_id); 955 return (buf); 956 } else 957 return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, 958 buf, size)); 959 #endif /* INET6 */ 960 case 0: 961 return ("*"); 962 default: 963 return ("(unknown address family)"); 964 } 965 } 966 967 char * 968 ipsec_sa2str(struct secasvar *sav, char *buf, size_t size) 969 { 970 char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; 971 972 snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", 973 (u_long)ntohl(sav->spi), 974 ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), 975 ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); 976 return (buf); 977 } 978 979 #endif /* _KERNEL */ 980 981 void 982 kdebug_sockaddr(struct sockaddr *addr) 983 { 984 char buf[IPSEC_ADDRSTRLEN]; 985 986 /* sanity check */ 987 if (addr == NULL) 988 panic("%s: NULL pointer was passed.\n", __func__); 989 990 switch (addr->sa_family) { 991 #ifdef INET 992 case AF_INET: { 993 struct sockaddr_in *sin; 994 995 sin = (struct sockaddr_in *)addr; 996 inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)); 997 break; 998 } 999 #endif 1000 #ifdef INET6 1001 case AF_INET6: { 1002 struct sockaddr_in6 *sin6; 1003 1004 sin6 = (struct sockaddr_in6 *)addr; 1005 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1006 snprintf(buf, sizeof(buf), "%s%%%u", 1007 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 1008 sizeof(buf)), sin6->sin6_scope_id); 1009 } else 1010 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 1011 sizeof(buf)); 1012 break; 1013 } 1014 #endif 1015 default: 1016 sprintf(buf, "unknown"); 1017 } 1018 printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len, 1019 addr->sa_family, buf); 1020 } 1021 1022 void 1023 ipsec_bindump(caddr_t buf, int len) 1024 { 1025 int i; 1026 1027 for (i = 0; i < len; i++) 1028 printf("%c", (unsigned char)buf[i]); 1029 1030 return; 1031 } 1032 1033 1034 void 1035 ipsec_hexdump(caddr_t buf, int len) 1036 { 1037 int i; 1038 1039 for (i = 0; i < len; i++) { 1040 if (i != 0 && i % 32 == 0) printf("\n"); 1041 if (i % 4 == 0) printf(" "); 1042 printf("%02x", (unsigned char)buf[i]); 1043 } 1044 #if 0 1045 if (i % 32 != 0) printf("\n"); 1046 #endif 1047 1048 return; 1049 } 1050