CoCalc -- key

GitHub Repository: freebsd/freebsd-src
Path: blob/main/sys/netipsec/key_debug.c
³⁹⁴⁷⁵ views
1
/*	$KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $	*/
2

3
/*-
4
 * SPDX-License-Identifier: BSD-3-Clause
5
 *
6
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7
 * All rights reserved.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
17
 * 3. Neither the name of the project nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
#ifdef _KERNEL
35
#include "opt_inet.h"
36
#include "opt_inet6.h"
37
#include "opt_ipsec.h"
38
#endif
39

40
#include <sys/param.h>
41
#ifdef _KERNEL
42
#include <sys/systm.h>
43
#include <sys/lock.h>
44
#include <sys/malloc.h>
45
#include <sys/mbuf.h>
46
#include <sys/mutex.h>
47
#include <sys/queue.h>
48
#endif
49
#include <sys/socket.h>
50

51
#include <net/vnet.h>
52

53
#include <netipsec/key_var.h>
54
#include <netipsec/key_debug.h>
55

56
#include <netinet/in.h>
57
#include <netipsec/ipsec.h>
58
#ifdef _KERNEL
59
#include <netipsec/keydb.h>
60
#include <netipsec/xform.h>
61
#endif
62

63
#ifndef _KERNEL
64
#include <ctype.h>
65
#include <stdio.h>
66
#include <stdlib.h>
67
#include <arpa/inet.h>
68
#endif /* !_KERNEL */
69

70
static void kdebug_sadb_prop(struct sadb_ext *);
71
static void kdebug_sadb_identity(struct sadb_ext *);
72
static void kdebug_sadb_supported(struct sadb_ext *);
73
static void kdebug_sadb_lifetime(struct sadb_ext *);
74
static void kdebug_sadb_sa(struct sadb_ext *);
75
static void kdebug_sadb_address(struct sadb_ext *);
76
static void kdebug_sadb_key(struct sadb_ext *);
77
static void kdebug_sadb_x_sa2(struct sadb_ext *);
78
static void kdebug_sadb_x_sa_replay(struct sadb_ext *);
79
static void kdebug_sadb_x_natt(struct sadb_ext *);
80

81
#ifndef _KERNEL
82
#define panic(fmt, ...)	{ printf(fmt, ## __VA_ARGS__); exit(-1); }
83
#endif
84

85
/* NOTE: host byte order */
86

87
static const char*
88
kdebug_sadb_type(uint8_t type)
89
{
90
#define	SADB_NAME(n)	case SADB_ ## n: return (#n)
91

92
	switch (type) {
93
	SADB_NAME(RESERVED);
94
	SADB_NAME(GETSPI);
95
	SADB_NAME(UPDATE);
96
	SADB_NAME(ADD);
97
	SADB_NAME(DELETE);
98
	SADB_NAME(GET);
99
	SADB_NAME(ACQUIRE);
100
	SADB_NAME(REGISTER);
101
	SADB_NAME(EXPIRE);
102
	SADB_NAME(FLUSH);
103
	SADB_NAME(DUMP);
104
	SADB_NAME(X_PROMISC);
105
	SADB_NAME(X_PCHANGE);
106
	SADB_NAME(X_SPDUPDATE);
107
	SADB_NAME(X_SPDADD);
108
	SADB_NAME(X_SPDDELETE);
109
	SADB_NAME(X_SPDGET);
110
	SADB_NAME(X_SPDACQUIRE);
111
	SADB_NAME(X_SPDDUMP);
112
	SADB_NAME(X_SPDFLUSH);
113
	SADB_NAME(X_SPDSETIDX);
114
	SADB_NAME(X_SPDEXPIRE);
115
	SADB_NAME(X_SPDDELETE2);
116
	default:
117
		return ("UNKNOWN");
118
	}
119
#undef SADB_NAME
120
}
121

122
static const char*
123
kdebug_sadb_exttype(uint16_t type)
124
{
125
#define	EXT_NAME(n)	case SADB_EXT_ ## n: return (#n)
126
#define	X_NAME(n)	case SADB_X_EXT_ ## n: return (#n)
127

128
	switch (type) {
129
	EXT_NAME(RESERVED);
130
	EXT_NAME(SA);
131
	EXT_NAME(LIFETIME_CURRENT);
132
	EXT_NAME(LIFETIME_HARD);
133
	EXT_NAME(LIFETIME_SOFT);
134
	EXT_NAME(ADDRESS_SRC);
135
	EXT_NAME(ADDRESS_DST);
136
	EXT_NAME(ADDRESS_PROXY);
137
	EXT_NAME(KEY_AUTH);
138
	EXT_NAME(KEY_ENCRYPT);
139
	EXT_NAME(IDENTITY_SRC);
140
	EXT_NAME(IDENTITY_DST);
141
	EXT_NAME(SENSITIVITY);
142
	EXT_NAME(PROPOSAL);
143
	EXT_NAME(SUPPORTED_AUTH);
144
	EXT_NAME(SUPPORTED_ENCRYPT);
145
	EXT_NAME(SPIRANGE);
146
	X_NAME(KMPRIVATE);
147
	X_NAME(POLICY);
148
	X_NAME(SA2);
149
	X_NAME(NAT_T_TYPE);
150
	X_NAME(NAT_T_SPORT);
151
	X_NAME(NAT_T_DPORT);
152
	X_NAME(NAT_T_OAI);
153
	X_NAME(NAT_T_OAR);
154
	X_NAME(NAT_T_FRAG);
155
	X_NAME(SA_REPLAY);
156
	X_NAME(NEW_ADDRESS_SRC);
157
	X_NAME(NEW_ADDRESS_DST);
158
	X_NAME(LFT_CUR_SW_OFFL);
159
	X_NAME(LFT_CUR_HW_OFFL);
160
	default:
161
		return ("UNKNOWN");
162
	};
163
#undef EXT_NAME
164
#undef X_NAME
165
}
166

167
/* %%%: about struct sadb_msg */
168
void
169
kdebug_sadb(struct sadb_msg *base)
170
{
171
	struct sadb_ext *ext;
172
	int tlen, extlen;
173

174
	/* sanity check */
175
	if (base == NULL)
176
		panic("%s: NULL pointer was passed.\n", __func__);
177

178
	printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n",
179
	    base->sadb_msg_version, base->sadb_msg_type,
180
	    kdebug_sadb_type(base->sadb_msg_type),
181
	    base->sadb_msg_errno, base->sadb_msg_satype);
182
	printf("  len=%u reserved=%u seq=%u pid=%u\n",
183
	    base->sadb_msg_len, base->sadb_msg_reserved,
184
	    base->sadb_msg_seq, base->sadb_msg_pid);
185

186
	tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
187
	ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg));
188

189
	while (tlen > 0) {
190
		printf("sadb_ext{ len=%u type=%u(%s) }\n",
191
		    ext->sadb_ext_len, ext->sadb_ext_type,
192
		    kdebug_sadb_exttype(ext->sadb_ext_type));
193

194
		extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
195
		if (extlen == 0) {
196
			printf("%s: invalid ext_len=0 was passed.\n", __func__);
197
			return;
198
		}
199
		if (extlen > tlen) {
200
			printf("%s: ext_len too big (%u > %u).\n",
201
				__func__, ext->sadb_ext_len, tlen);
202
			return;
203
		}
204

205
		switch (ext->sadb_ext_type) {
206
		case SADB_EXT_SA:
207
			kdebug_sadb_sa(ext);
208
			break;
209
		case SADB_EXT_LIFETIME_CURRENT:
210
		case SADB_EXT_LIFETIME_HARD:
211
		case SADB_EXT_LIFETIME_SOFT:
212
			kdebug_sadb_lifetime(ext);
213
			break;
214
		case SADB_EXT_ADDRESS_SRC:
215
		case SADB_EXT_ADDRESS_DST:
216
		case SADB_EXT_ADDRESS_PROXY:
217
		case SADB_X_EXT_NAT_T_OAI:
218
		case SADB_X_EXT_NAT_T_OAR:
219
		case SADB_X_EXT_NEW_ADDRESS_SRC:
220
		case SADB_X_EXT_NEW_ADDRESS_DST:
221
			kdebug_sadb_address(ext);
222
			break;
223
		case SADB_EXT_KEY_AUTH:
224
		case SADB_EXT_KEY_ENCRYPT:
225
			kdebug_sadb_key(ext);
226
			break;
227
		case SADB_EXT_IDENTITY_SRC:
228
		case SADB_EXT_IDENTITY_DST:
229
			kdebug_sadb_identity(ext);
230
			break;
231
		case SADB_EXT_SENSITIVITY:
232
			break;
233
		case SADB_EXT_PROPOSAL:
234
			kdebug_sadb_prop(ext);
235
			break;
236
		case SADB_EXT_SUPPORTED_AUTH:
237
		case SADB_EXT_SUPPORTED_ENCRYPT:
238
			kdebug_sadb_supported(ext);
239
			break;
240
		case SADB_EXT_SPIRANGE:
241
		case SADB_X_EXT_KMPRIVATE:
242
			break;
243
		case SADB_X_EXT_POLICY:
244
			kdebug_sadb_x_policy(ext);
245
			break;
246
		case SADB_X_EXT_SA2:
247
			kdebug_sadb_x_sa2(ext);
248
			break;
249
		case SADB_X_EXT_SA_REPLAY:
250
			kdebug_sadb_x_sa_replay(ext);
251
			break;
252
		case SADB_X_EXT_NAT_T_TYPE:
253
		case SADB_X_EXT_NAT_T_SPORT:
254
		case SADB_X_EXT_NAT_T_DPORT:
255
			kdebug_sadb_x_natt(ext);
256
			break;
257
		case SADB_X_EXT_LFT_CUR_SW_OFFL:
258
		case SADB_X_EXT_LFT_CUR_HW_OFFL:
259
			kdebug_sadb_lifetime(ext);
260
		default:
261
			printf("%s: invalid ext_type %u\n", __func__,
262
			    ext->sadb_ext_type);
263
			return;
264
		}
265

266
		tlen -= extlen;
267
		ext = (struct sadb_ext *)((caddr_t)ext + extlen);
268
	}
269

270
	return;
271
}
272

273
static void
274
kdebug_sadb_prop(struct sadb_ext *ext)
275
{
276
	struct sadb_prop *prop = (struct sadb_prop *)ext;
277
	struct sadb_comb *comb;
278
	int len;
279

280
	/* sanity check */
281
	if (ext == NULL)
282
		panic("%s: NULL pointer was passed.\n", __func__);
283

284
	len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop))
285
		/ sizeof(*comb);
286
	comb = (struct sadb_comb *)(prop + 1);
287
	printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay);
288

289
	while (len--) {
290
		printf("sadb_comb{ auth=%u encrypt=%u "
291
			"flags=0x%04x reserved=0x%08x\n",
292
			comb->sadb_comb_auth, comb->sadb_comb_encrypt,
293
			comb->sadb_comb_flags, comb->sadb_comb_reserved);
294

295
		printf("  auth_minbits=%u auth_maxbits=%u "
296
			"encrypt_minbits=%u encrypt_maxbits=%u\n",
297
			comb->sadb_comb_auth_minbits,
298
			comb->sadb_comb_auth_maxbits,
299
			comb->sadb_comb_encrypt_minbits,
300
			comb->sadb_comb_encrypt_maxbits);
301

302
		printf("  soft_alloc=%u hard_alloc=%u "
303
			"soft_bytes=%lu hard_bytes=%lu\n",
304
			comb->sadb_comb_soft_allocations,
305
			comb->sadb_comb_hard_allocations,
306
			(unsigned long)comb->sadb_comb_soft_bytes,
307
			(unsigned long)comb->sadb_comb_hard_bytes);
308

309
		printf("  soft_alloc=%lu hard_alloc=%lu "
310
			"soft_bytes=%lu hard_bytes=%lu }\n",
311
			(unsigned long)comb->sadb_comb_soft_addtime,
312
			(unsigned long)comb->sadb_comb_hard_addtime,
313
			(unsigned long)comb->sadb_comb_soft_usetime,
314
			(unsigned long)comb->sadb_comb_hard_usetime);
315
		comb++;
316
	}
317
	printf("}\n");
318

319
	return;
320
}
321

322
static void
323
kdebug_sadb_identity(struct sadb_ext *ext)
324
{
325
	struct sadb_ident *id = (struct sadb_ident *)ext;
326
	int len;
327

328
	/* sanity check */
329
	if (ext == NULL)
330
		panic("%s: NULL pointer was passed.\n", __func__);
331

332
	len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id);
333
	printf("sadb_ident_%s{",
334
	    id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst");
335
	switch (id->sadb_ident_type) {
336
	default:
337
		printf(" type=%d id=%lu",
338
			id->sadb_ident_type, (u_long)id->sadb_ident_id);
339
		if (len) {
340
#ifdef _KERNEL
341
			ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
342
#else
343
			char *p, *ep;
344
			printf("\n  str=\"");
345
			p = (char *)(id + 1);
346
			ep = p + len;
347
			for (/*nothing*/; *p && p < ep; p++) {
348
				if (isprint(*p))
349
					printf("%c", *p & 0xff);
350
				else
351
					printf("\\%03o", *p & 0xff);
352
			}
353
#endif
354
			printf("\"");
355
		}
356
		break;
357
	}
358

359
	printf(" }\n");
360

361
	return;
362
}
363

364
static void
365
kdebug_sadb_supported(struct sadb_ext *ext)
366
{
367
	struct sadb_supported *sup = (struct sadb_supported *)ext;
368
	struct sadb_alg *alg;
369
	int len;
370

371
	/* sanity check */
372
	if (ext == NULL)
373
		panic("%s: NULL pointer was passed.\n", __func__);
374

375
	len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup))
376
		/ sizeof(*alg);
377
	alg = (struct sadb_alg *)(sup + 1);
378
	printf("sadb_sup{\n");
379
	while (len--) {
380
		printf("  { id=%d ivlen=%d min=%d max=%d }\n",
381
			alg->sadb_alg_id, alg->sadb_alg_ivlen,
382
			alg->sadb_alg_minbits, alg->sadb_alg_maxbits);
383
		alg++;
384
	}
385
	printf("}\n");
386

387
	return;
388
}
389

390
static void
391
kdebug_sadb_lifetime(struct sadb_ext *ext)
392
{
393
	struct sadb_lifetime *lft = (struct sadb_lifetime *)ext;
394

395
	/* sanity check */
396
	if (ext == NULL)
397
		panic("%s: NULL pointer was passed.\n", __func__);
398

399
	printf("sadb_lifetime{ alloc=%u, bytes=%u\n",
400
		lft->sadb_lifetime_allocations,
401
		(u_int32_t)lft->sadb_lifetime_bytes);
402
	printf("  addtime=%u, usetime=%u }\n",
403
		(u_int32_t)lft->sadb_lifetime_addtime,
404
		(u_int32_t)lft->sadb_lifetime_usetime);
405

406
	return;
407
}
408

409
static void
410
kdebug_sadb_sa(struct sadb_ext *ext)
411
{
412
	struct sadb_sa *sa = (struct sadb_sa *)ext;
413

414
	/* sanity check */
415
	if (ext == NULL)
416
		panic("%s: NULL pointer was passed.\n", __func__);
417

418
	printf("sadb_sa{ spi=%u replay=%u state=%u\n",
419
	    (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay,
420
	    sa->sadb_sa_state);
421
	printf("  auth=%u encrypt=%u flags=0x%08x }\n",
422
	    sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags);
423

424
	return;
425
}
426

427
static void
428
kdebug_sadb_address(struct sadb_ext *ext)
429
{
430
	struct sadb_address *addr = (struct sadb_address *)ext;
431

432
	/* sanity check */
433
	if (ext == NULL)
434
		panic("%s: NULL pointer was passed.\n", __func__);
435

436
	printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n",
437
	    addr->sadb_address_proto, addr->sadb_address_prefixlen,
438
	    ((u_char *)&addr->sadb_address_reserved)[0],
439
	    ((u_char *)&addr->sadb_address_reserved)[1]);
440

441
	kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr)));
442
}
443

444
static void
445
kdebug_sadb_key(struct sadb_ext *ext)
446
{
447
	struct sadb_key *key = (struct sadb_key *)ext;
448

449
	/* sanity check */
450
	if (ext == NULL)
451
		panic("%s: NULL pointer was passed.\n", __func__);
452

453
	printf("sadb_key{ bits=%u reserved=%u\n",
454
	    key->sadb_key_bits, key->sadb_key_reserved);
455
	printf("  key=");
456

457
	/* sanity check 2 */
458
	if ((key->sadb_key_bits >> 3) >
459
		(PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) {
460
		printf("%s: key length mismatch, bit:%d len:%ld.\n",
461
			__func__,
462
			key->sadb_key_bits >> 3,
463
			(long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key));
464
	}
465

466
	ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key),
467
	              key->sadb_key_bits >> 3);
468
	printf(" }\n");
469
	return;
470
}
471

472
static void
473
kdebug_sadb_x_sa2(struct sadb_ext *ext)
474
{
475
	struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext;
476

477
	/* sanity check */
478
	if (ext == NULL)
479
		panic("%s: NULL pointer was passed.\n", __func__);
480

481
	printf("sadb_x_sa2{ mode=%u reqid=%u\n",
482
	    sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid);
483
	printf("  reserved1=%u reserved2=%u sequence=%u }\n",
484
	    sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2,
485
	    sa2->sadb_x_sa2_sequence);
486

487
	return;
488
}
489

490
static void
491
kdebug_sadb_x_sa_replay(struct sadb_ext *ext)
492
{
493
	struct sadb_x_sa_replay *replay;
494

495
	/* sanity check */
496
	if (ext == NULL)
497
		panic("%s: NULL pointer was passed.\n", __func__);
498

499
	replay = (struct sadb_x_sa_replay *)ext;
500
	printf("sadb_x_sa_replay{ replay=%u }\n",
501
	    replay->sadb_x_sa_replay_replay);
502
}
503

504
static void
505
kdebug_sadb_x_natt(struct sadb_ext *ext)
506
{
507
	struct sadb_x_nat_t_type *type;
508
	struct sadb_x_nat_t_port *port;
509

510
	/* sanity check */
511
	if (ext == NULL)
512
		panic("%s: NULL pointer was passed.\n", __func__);
513

514
	if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) {
515
		type = (struct sadb_x_nat_t_type *)ext;
516
		printf("sadb_x_nat_t_type{ type=%u }\n",
517
		    type->sadb_x_nat_t_type_type);
518
	} else {
519
		port = (struct sadb_x_nat_t_port *)ext;
520
		printf("sadb_x_nat_t_port{ port=%u }\n",
521
		    ntohs(port->sadb_x_nat_t_port_port));
522
	}
523
}
524

525
void
526
kdebug_sadb_x_policy(struct sadb_ext *ext)
527
{
528
	struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext;
529
	struct sockaddr *addr;
530

531
	/* sanity check */
532
	if (ext == NULL)
533
		panic("%s: NULL pointer was passed.\n", __func__);
534

535
	printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n",
536
		xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
537
		xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope,
538
		xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ?
539
		"ifindex": "priority", xpl->sadb_x_policy_priority);
540

541
	if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
542
		int tlen;
543
		struct sadb_x_ipsecrequest *xisr;
544

545
		tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl);
546
		xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
547

548
		while (tlen > 0) {
549
			printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n",
550
				xisr->sadb_x_ipsecrequest_len,
551
				xisr->sadb_x_ipsecrequest_proto,
552
				xisr->sadb_x_ipsecrequest_mode,
553
				xisr->sadb_x_ipsecrequest_level,
554
				xisr->sadb_x_ipsecrequest_reqid);
555

556
			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
557
				addr = (struct sockaddr *)(xisr + 1);
558
				kdebug_sockaddr(addr);
559
				addr = (struct sockaddr *)((caddr_t)addr
560
							+ addr->sa_len);
561
				kdebug_sockaddr(addr);
562
			}
563

564
			printf(" }\n");
565

566
			/* prevent infinite loop */
567
			if (xisr->sadb_x_ipsecrequest_len <= 0) {
568
				printf("%s: wrong policy struct.\n", __func__);
569
				return;
570
			}
571
			/* prevent overflow */
572
			if (xisr->sadb_x_ipsecrequest_len > tlen) {
573
				printf("%s: invalid ipsec policy length "
574
					"(%u > %u)\n", __func__,
575
					xisr->sadb_x_ipsecrequest_len, tlen);
576
				return;
577
			}
578

579
			tlen -= xisr->sadb_x_ipsecrequest_len;
580

581
			xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
582
			                + xisr->sadb_x_ipsecrequest_len);
583
		}
584

585
		if (tlen != 0)
586
			panic("%s: wrong policy struct.\n", __func__);
587
	}
588

589
	return;
590
}
591

592
#ifdef _KERNEL
593
/* %%%: about SPD and SAD */
594
const char*
595
kdebug_secpolicy_state(u_int state)
596
{
597

598
	switch (state) {
599
	case IPSEC_SPSTATE_DEAD:
600
		return ("dead");
601
	case IPSEC_SPSTATE_LARVAL:
602
		return ("larval");
603
	case IPSEC_SPSTATE_ALIVE:
604
		return ("alive");
605
	case IPSEC_SPSTATE_PCB:
606
		return ("pcb");
607
	case IPSEC_SPSTATE_IFNET:
608
		return ("ifnet");
609
	}
610
	return ("unknown");
611
}
612

613
const char*
614
kdebug_secpolicy_policy(u_int policy)
615
{
616

617
	switch (policy) {
618
	case IPSEC_POLICY_DISCARD:
619
		return ("discard");
620
	case IPSEC_POLICY_NONE:
621
		return ("none");
622
	case IPSEC_POLICY_IPSEC:
623
		return ("ipsec");
624
	case IPSEC_POLICY_ENTRUST:
625
		return ("entrust");
626
	case IPSEC_POLICY_BYPASS:
627
		return ("bypass");
628
	}
629
	return ("unknown");
630
}
631

632
const char*
633
kdebug_secpolicyindex_dir(u_int dir)
634
{
635

636
	switch (dir) {
637
	case IPSEC_DIR_ANY:
638
		return ("any");
639
	case IPSEC_DIR_INBOUND:
640
		return ("in");
641
	case IPSEC_DIR_OUTBOUND:
642
		return ("out");
643
	}
644
	return ("unknown");
645
}
646

647
const char*
648
kdebug_ipsecrequest_level(u_int level)
649
{
650

651
	switch (level) {
652
	case IPSEC_LEVEL_DEFAULT:
653
		return ("default");
654
	case IPSEC_LEVEL_USE:
655
		return ("use");
656
	case IPSEC_LEVEL_REQUIRE:
657
		return ("require");
658
	case IPSEC_LEVEL_UNIQUE:
659
		return ("unique");
660
	}
661
	return ("unknown");
662
}
663

664
const char*
665
kdebug_secasindex_mode(u_int mode)
666
{
667

668
	switch (mode) {
669
	case IPSEC_MODE_ANY:
670
		return ("any");
671
	case IPSEC_MODE_TRANSPORT:
672
		return ("transport");
673
	case IPSEC_MODE_TUNNEL:
674
		return ("tunnel");
675
	case IPSEC_MODE_TCPMD5:
676
		return ("tcp-md5");
677
	}
678
	return ("unknown");
679
}
680

681
const char*
682
kdebug_secasv_state(u_int state)
683
{
684

685
	switch (state) {
686
	case SADB_SASTATE_LARVAL:
687
		return ("larval");
688
	case SADB_SASTATE_MATURE:
689
		return ("mature");
690
	case SADB_SASTATE_DYING:
691
		return ("dying");
692
	case SADB_SASTATE_DEAD:
693
		return ("dead");
694
	}
695
	return ("unknown");
696
}
697

698
static char*
699
kdebug_port2str(const struct sockaddr *sa, char *buf, size_t len)
700
{
701
	uint16_t port;
702

703
	IPSEC_ASSERT(sa != NULL, ("null sa"));
704
	switch (sa->sa_family) {
705
#ifdef INET
706
	case AF_INET:
707
		port = ntohs(((const struct sockaddr_in *)sa)->sin_port);
708
		break;
709
#endif
710
#ifdef INET6
711
	case AF_INET6:
712
		port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port);
713
		break;
714
#endif
715
	default:
716
		port = 0;
717
	}
718
	if (port == 0)
719
		return ("*");
720
	snprintf(buf, len, "%u", port);
721
	return (buf);
722
}
723

724
void
725
kdebug_secpolicy(struct secpolicy *sp)
726
{
727
	u_int idx;
728

729
	IPSEC_ASSERT(sp != NULL, ("null sp"));
730
	printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n",
731
	    sp->refcnt, sp->id, sp->priority,
732
	    kdebug_secpolicy_state(sp->state),
733
	    kdebug_secpolicy_policy(sp->policy));
734
	kdebug_secpolicyindex(&sp->spidx, "  ");
735
	for (idx = 0; idx < sp->tcount; idx++) {
736
		printf("  req[%u]{ level=%s ", idx,
737
		    kdebug_ipsecrequest_level(sp->req[idx]->level));
738
		kdebug_secasindex(&sp->req[idx]->saidx, NULL);
739
		printf("  }\n");
740
	}
741
	printf("}\n");
742
}
743

744
void
745
kdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent)
746
{
747
	char buf[IPSEC_ADDRSTRLEN];
748

749
	IPSEC_ASSERT(spidx != NULL, ("null spidx"));
750
	if (indent != NULL)
751
		printf("%s", indent);
752
	printf("spidx { dir=%s ul_proto=",
753
	    kdebug_secpolicyindex_dir(spidx->dir));
754
	if (spidx->ul_proto == IPSEC_ULPROTO_ANY)
755
		printf("* ");
756
	else
757
		printf("%u ", spidx->ul_proto);
758
	printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)),
759
	    spidx->prefs);
760
	printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)),
761
	    spidx->prefd);
762
}
763

764
void
765
kdebug_secasindex(const struct secasindex *saidx, const char *indent)
766
{
767
	char buf[IPSEC_ADDRSTRLEN], port[6];
768

769
	IPSEC_ASSERT(saidx != NULL, ("null saidx"));
770
	if (indent != NULL)
771
		printf("%s", indent);
772
	printf("saidx { mode=%s proto=%u reqid=%u ",
773
	    kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid);
774
	printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)),
775
	    kdebug_port2str(&saidx->src.sa, port, sizeof(port)));
776
	printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)),
777
	    kdebug_port2str(&saidx->dst.sa, port, sizeof(port)));
778
}
779

780
static void
781
kdebug_sec_lifetime(struct seclifetime *lft, const char *indent)
782
{
783

784
	IPSEC_ASSERT(lft != NULL, ("null lft"));
785
	if (indent != NULL)
786
		printf("%s", indent);
787
	printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n",
788
	    lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime,
789
	    (uintmax_t)lft->usetime);
790
}
791

792
void
793
kdebug_secash(struct secashead *sah, const char *indent)
794
{
795

796
	IPSEC_ASSERT(sah != NULL, ("null sah"));
797
	if (indent != NULL)
798
		printf("%s", indent);
799
	printf("SAH { refcnt=%u state=%s\n", sah->refcnt,
800
	    kdebug_secasv_state(sah->state));
801
	if (indent != NULL)
802
		printf("%s", indent);
803
	kdebug_secasindex(&sah->saidx, indent);
804
	if (indent != NULL)
805
		printf("%s", indent);
806
	printf("}\n");
807
}
808

809
#ifdef IPSEC_DEBUG
810
static void
811
kdebug_secreplay(struct secreplay *rpl)
812
{
813
	int len, l;
814

815
	SECREPLAY_LOCK(rpl);
816

817
	IPSEC_ASSERT(rpl != NULL, ("null rpl"));
818
	printf(" secreplay{ count=%lu bitmap_size=%u wsize=%u last=%lu",
819
	    rpl->count, rpl->bitmap_size, rpl->wsize, rpl->last);
820

821
	if (rpl->bitmap == NULL) {
822
		printf("  }\n");
823
		SECREPLAY_UNLOCK(rpl);
824
		return;
825
	}
826

827
	printf("\n    bitmap { ");
828
	for (len = 0; len < rpl->bitmap_size*4; len++) {
829
		for (l = 7; l >= 0; l--)
830
			printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0);
831
	}
832
	printf("    }\n");
833
	SECREPLAY_UNLOCK(rpl);
834
}
835
#endif /* IPSEC_DEBUG */
836

837
static void
838
kdebug_secnatt(struct secnatt *natt)
839
{
840
	char buf[IPSEC_ADDRSTRLEN];
841

842
	IPSEC_ASSERT(natt != NULL, ("null natt"));
843
	printf("  natt{ sport=%u dport=%u ", ntohs(natt->sport),
844
	    ntohs(natt->dport));
845
	if (natt->flags & IPSEC_NATT_F_OAI)
846
		printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf)));
847
	if (natt->flags & IPSEC_NATT_F_OAR)
848
		printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf)));
849
	printf("}\n");
850
}
851

852
void
853
kdebug_secasv(struct secasvar *sav)
854
{
855
	struct seclifetime lft_c;
856

857
	IPSEC_ASSERT(sav != NULL, ("null sav"));
858

859
	printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n",
860
	    sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid,
861
	    sav->flags, kdebug_secasv_state(sav->state));
862
	kdebug_secash(sav->sah, "  ");
863

864
	lft_c.addtime = sav->created;
865
	lft_c.allocations = (uint32_t)counter_u64_fetch(
866
	    sav->lft_c_allocations);
867
	lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes);
868
	lft_c.usetime = sav->firstused;
869
	kdebug_sec_lifetime(&lft_c, "  c_");
870
	if (sav->lft_h != NULL)
871
		kdebug_sec_lifetime(sav->lft_h, "  h_");
872
	if (sav->lft_s != NULL)
873
		kdebug_sec_lifetime(sav->lft_s, "  s_");
874

875
	if (sav->tdb_authalgxform != NULL)
876
		printf("  alg_auth=%s\n", sav->tdb_authalgxform->name);
877
	if (sav->key_auth != NULL)
878
		KEYDBG(DUMP,
879
		    kdebug_sadb_key((struct sadb_ext *)sav->key_auth));
880
	if (sav->tdb_encalgxform != NULL)
881
		printf("  alg_enc=%s\n", sav->tdb_encalgxform->name);
882
	if (sav->key_enc != NULL)
883
		KEYDBG(DUMP,
884
		    kdebug_sadb_key((struct sadb_ext *)sav->key_enc));
885
	if (sav->natt != NULL)
886
		kdebug_secnatt(sav->natt);
887
	if (sav->replay != NULL) {
888
		KEYDBG(DUMP,
889
		    SECASVAR_RLOCK_TRACKER;
890

891
		    SECASVAR_RLOCK(sav);
892
		    kdebug_secreplay(sav->replay);
893
		    SECASVAR_RUNLOCK(sav));
894
	}
895
	printf("}\n");
896
}
897

898
void
899
kdebug_mbufhdr(const struct mbuf *m)
900
{
901
	/* sanity check */
902
	if (m == NULL)
903
		return;
904

905
	printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
906
	       "m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
907
		m, m->m_next, m->m_nextpkt, m->m_data,
908
		m->m_len, m->m_type, m->m_flags);
909

910
	if (m->m_flags & M_PKTHDR) {
911
		printf("  m_pkthdr{ len:%d rcvif:%p }\n",
912
		    m->m_pkthdr.len, m->m_pkthdr.rcvif);
913
	}
914

915
	if (m->m_flags & M_EXT) {
916
		printf("  m_ext{ ext_buf:%p ext_free:%p "
917
		       "ext_size:%u ext_cnt:%p }\n",
918
			m->m_ext.ext_buf, m->m_ext.ext_free,
919
			m->m_ext.ext_size, m->m_ext.ext_cnt);
920
	}
921

922
	return;
923
}
924

925
void
926
kdebug_mbuf(const struct mbuf *m0)
927
{
928
	const struct mbuf *m = m0;
929
	int i;
930

931
	for (; m; m = m->m_next) {
932
		kdebug_mbufhdr(m);
933
		printf("  m_data:\n");
934
		for (i = 0; i < m->m_len; i++) {
935
			if (i && i % 32 == 0)
936
				printf("\n");
937
			if (i % 4 == 0)
938
				printf(" ");
939
			printf("%02x", mtod(m, const u_char *)[i]);
940
		}
941
		printf("\n");
942
	}
943

944
	return;
945
}
946

947
/* Return a printable string for the address. */
948
char *
949
ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size)
950
{
951

952
	switch (sa->sa.sa_family) {
953
#ifdef INET
954
	case AF_INET:
955
		return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size));
956
#endif /* INET */
957
#ifdef INET6
958
	case AF_INET6:
959
		if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) {
960
			snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6,
961
			    &sa->sin6.sin6_addr, buf, size),
962
			    sa->sin6.sin6_scope_id);
963
			return (buf);
964
		} else
965
			return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr,
966
			    buf, size));
967
#endif /* INET6 */
968
	case 0:
969
		return ("*");
970
	default:
971
		return ("(unknown address family)");
972
	}
973
}
974

975
char *
976
ipsec_sa2str(struct secasvar *sav, char *buf, size_t size)
977
{
978
	char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
979

980
	snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)",
981
	    (u_long)ntohl(sav->spi),
982
	    ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)),
983
	    ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf)));
984
	return (buf);
985
}
986

987
#endif /* _KERNEL */
988

989
void
990
kdebug_sockaddr(struct sockaddr *addr)
991
{
992
	char buf[IPSEC_ADDRSTRLEN];
993

994
	/* sanity check */
995
	if (addr == NULL)
996
		panic("%s: NULL pointer was passed.\n", __func__);
997

998
	switch (addr->sa_family) {
999
#ifdef INET
1000
	case AF_INET: {
1001
		struct sockaddr_in *sin;
1002

1003
		sin = (struct sockaddr_in *)addr;
1004
		inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf));
1005
		break;
1006
	}
1007
#endif
1008
#ifdef INET6
1009
	case AF_INET6: {
1010
		struct sockaddr_in6 *sin6;
1011

1012
		sin6 = (struct sockaddr_in6 *)addr;
1013
		if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
1014
			snprintf(buf, sizeof(buf), "%s%%%u",
1015
			    inet_ntop(AF_INET6, &sin6->sin6_addr, buf,
1016
			    sizeof(buf)), sin6->sin6_scope_id);
1017
		} else
1018
			inet_ntop(AF_INET6, &sin6->sin6_addr, buf,
1019
			    sizeof(buf));
1020
		break;
1021
	}
1022
#endif
1023
	default:
1024
		sprintf(buf, "unknown");
1025
	}
1026
	printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len,
1027
	    addr->sa_family, buf);
1028
}
1029

1030
void
1031
ipsec_bindump(caddr_t buf, int len)
1032
{
1033
	int i;
1034

1035
	for (i = 0; i < len; i++)
1036
		printf("%c", (unsigned char)buf[i]);
1037

1038
	return;
1039
}
1040

1041
void
1042
ipsec_hexdump(caddr_t buf, int len)
1043
{
1044
	int i;
1045

1046
	for (i = 0; i < len; i++) {
1047
		if (i != 0 && i % 32 == 0) printf("\n");
1048
		if (i % 4 == 0) printf(" ");
1049
		printf("%02x", (unsigned char)buf[i]);
1050
	}
1051
#if 0
1052
	if (i % 32 != 0) printf("\n");
1053
#endif
1054

1055
	return;
1056
}
1057

1058
Product

Resources

Company
