188768458SSam Leffler /* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 288768458SSam Leffler 3c398230bSWarner Losh /*- 451369649SPedro F. Giffuni * SPDX-License-Identifier: BSD-3-Clause 551369649SPedro F. Giffuni * 688768458SSam Leffler * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 788768458SSam Leffler * All rights reserved. 888768458SSam Leffler * 988768458SSam Leffler * Redistribution and use in source and binary forms, with or without 1088768458SSam Leffler * modification, are permitted provided that the following conditions 1188768458SSam Leffler * are met: 1288768458SSam Leffler * 1. Redistributions of source code must retain the above copyright 1388768458SSam Leffler * notice, this list of conditions and the following disclaimer. 1488768458SSam Leffler * 2. Redistributions in binary form must reproduce the above copyright 1588768458SSam Leffler * notice, this list of conditions and the following disclaimer in the 1688768458SSam Leffler * documentation and/or other materials provided with the distribution. 1788768458SSam Leffler * 3. Neither the name of the project nor the names of its contributors 1888768458SSam Leffler * may be used to endorse or promote products derived from this software 1988768458SSam Leffler * without specific prior written permission. 2088768458SSam Leffler * 2188768458SSam Leffler * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2288768458SSam Leffler * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2388768458SSam Leffler * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2488768458SSam Leffler * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2588768458SSam Leffler * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2688768458SSam Leffler * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2788768458SSam Leffler * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2888768458SSam Leffler * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2988768458SSam Leffler * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3088768458SSam Leffler * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3188768458SSam Leffler * SUCH DAMAGE. 3288768458SSam Leffler */ 3388768458SSam Leffler 3488768458SSam Leffler #ifdef _KERNEL 3588768458SSam Leffler #include "opt_inet.h" 3688768458SSam Leffler #include "opt_inet6.h" 3788768458SSam Leffler #include "opt_ipsec.h" 3888768458SSam Leffler #endif 3988768458SSam Leffler 4088768458SSam Leffler #include <sys/param.h> 4188768458SSam Leffler #ifdef _KERNEL 4288768458SSam Leffler #include <sys/systm.h> 4379b4dcadSEd Maste #include <sys/lock.h> 448ec07310SGleb Smirnoff #include <sys/malloc.h> 4588768458SSam Leffler #include <sys/mbuf.h> 4679b4dcadSEd Maste #include <sys/mutex.h> 4788768458SSam Leffler #include <sys/queue.h> 4888768458SSam Leffler #endif 4988768458SSam Leffler #include <sys/socket.h> 5088768458SSam Leffler 51eddfbb76SRobert Watson #include <net/vnet.h> 5288768458SSam Leffler 5388768458SSam Leffler #include <netipsec/key_var.h> 5488768458SSam Leffler #include <netipsec/key_debug.h> 5588768458SSam Leffler 5688768458SSam Leffler #include <netinet/in.h> 5788768458SSam Leffler #include <netipsec/ipsec.h> 58208b3a93SBjoern A. Zeeb #ifdef _KERNEL 59208b3a93SBjoern A. Zeeb #include <netipsec/keydb.h> 60fcf59617SAndrey V. Elsukov #include <netipsec/xform.h> 61208b3a93SBjoern A. Zeeb #endif 6288768458SSam Leffler 6388768458SSam Leffler #ifndef _KERNEL 6488768458SSam Leffler #include <ctype.h> 6588768458SSam Leffler #include <stdio.h> 6688768458SSam Leffler #include <stdlib.h> 674e0e8f31SAndrey V. Elsukov #include <arpa/inet.h> 6888768458SSam Leffler #endif /* !_KERNEL */ 6988768458SSam Leffler 7018961126SAndrey V. Elsukov static void kdebug_sadb_prop(struct sadb_ext *); 7118961126SAndrey V. Elsukov static void kdebug_sadb_identity(struct sadb_ext *); 7218961126SAndrey V. Elsukov static void kdebug_sadb_supported(struct sadb_ext *); 7318961126SAndrey V. Elsukov static void kdebug_sadb_lifetime(struct sadb_ext *); 7418961126SAndrey V. Elsukov static void kdebug_sadb_sa(struct sadb_ext *); 7518961126SAndrey V. Elsukov static void kdebug_sadb_address(struct sadb_ext *); 7618961126SAndrey V. Elsukov static void kdebug_sadb_key(struct sadb_ext *); 7718961126SAndrey V. Elsukov static void kdebug_sadb_x_sa2(struct sadb_ext *); 784e0e8f31SAndrey V. Elsukov static void kdebug_sadb_x_sa_replay(struct sadb_ext *); 794e0e8f31SAndrey V. Elsukov static void kdebug_sadb_x_natt(struct sadb_ext *); 8088768458SSam Leffler 8188768458SSam Leffler #ifndef _KERNEL 822cb64cb2SGeorge V. Neville-Neil #define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 8388768458SSam Leffler #endif 8488768458SSam Leffler 8588768458SSam Leffler /* NOTE: host byte order */ 8688768458SSam Leffler 875b2b45a4SEd Maste static const char* 8852b3619fSAndrey V. Elsukov kdebug_sadb_type(uint8_t type) 8952b3619fSAndrey V. Elsukov { 9052b3619fSAndrey V. Elsukov #define SADB_NAME(n) case SADB_ ## n: return (#n) 9152b3619fSAndrey V. Elsukov 9252b3619fSAndrey V. Elsukov switch (type) { 9352b3619fSAndrey V. Elsukov SADB_NAME(RESERVED); 9452b3619fSAndrey V. Elsukov SADB_NAME(GETSPI); 9552b3619fSAndrey V. Elsukov SADB_NAME(UPDATE); 9652b3619fSAndrey V. Elsukov SADB_NAME(ADD); 9752b3619fSAndrey V. Elsukov SADB_NAME(DELETE); 9852b3619fSAndrey V. Elsukov SADB_NAME(GET); 9952b3619fSAndrey V. Elsukov SADB_NAME(ACQUIRE); 10052b3619fSAndrey V. Elsukov SADB_NAME(REGISTER); 10152b3619fSAndrey V. Elsukov SADB_NAME(EXPIRE); 10252b3619fSAndrey V. Elsukov SADB_NAME(FLUSH); 10352b3619fSAndrey V. Elsukov SADB_NAME(DUMP); 10452b3619fSAndrey V. Elsukov SADB_NAME(X_PROMISC); 10552b3619fSAndrey V. Elsukov SADB_NAME(X_PCHANGE); 10652b3619fSAndrey V. Elsukov SADB_NAME(X_SPDUPDATE); 10752b3619fSAndrey V. Elsukov SADB_NAME(X_SPDADD); 10852b3619fSAndrey V. Elsukov SADB_NAME(X_SPDDELETE); 10952b3619fSAndrey V. Elsukov SADB_NAME(X_SPDGET); 11052b3619fSAndrey V. Elsukov SADB_NAME(X_SPDACQUIRE); 11152b3619fSAndrey V. Elsukov SADB_NAME(X_SPDDUMP); 11252b3619fSAndrey V. Elsukov SADB_NAME(X_SPDFLUSH); 11352b3619fSAndrey V. Elsukov SADB_NAME(X_SPDSETIDX); 11452b3619fSAndrey V. Elsukov SADB_NAME(X_SPDEXPIRE); 11552b3619fSAndrey V. Elsukov SADB_NAME(X_SPDDELETE2); 11652b3619fSAndrey V. Elsukov default: 11752b3619fSAndrey V. Elsukov return ("UNKNOWN"); 11852b3619fSAndrey V. Elsukov } 11952b3619fSAndrey V. Elsukov #undef SADB_NAME 12052b3619fSAndrey V. Elsukov } 12152b3619fSAndrey V. Elsukov 1225b2b45a4SEd Maste static const char* 12352b3619fSAndrey V. Elsukov kdebug_sadb_exttype(uint16_t type) 12452b3619fSAndrey V. Elsukov { 12552b3619fSAndrey V. Elsukov #define EXT_NAME(n) case SADB_EXT_ ## n: return (#n) 12652b3619fSAndrey V. Elsukov #define X_NAME(n) case SADB_X_EXT_ ## n: return (#n) 12752b3619fSAndrey V. Elsukov 12852b3619fSAndrey V. Elsukov switch (type) { 12952b3619fSAndrey V. Elsukov EXT_NAME(RESERVED); 13052b3619fSAndrey V. Elsukov EXT_NAME(SA); 13152b3619fSAndrey V. Elsukov EXT_NAME(LIFETIME_CURRENT); 13252b3619fSAndrey V. Elsukov EXT_NAME(LIFETIME_HARD); 13352b3619fSAndrey V. Elsukov EXT_NAME(LIFETIME_SOFT); 13452b3619fSAndrey V. Elsukov EXT_NAME(ADDRESS_SRC); 13552b3619fSAndrey V. Elsukov EXT_NAME(ADDRESS_DST); 13652b3619fSAndrey V. Elsukov EXT_NAME(ADDRESS_PROXY); 13752b3619fSAndrey V. Elsukov EXT_NAME(KEY_AUTH); 13852b3619fSAndrey V. Elsukov EXT_NAME(KEY_ENCRYPT); 13952b3619fSAndrey V. Elsukov EXT_NAME(IDENTITY_SRC); 14052b3619fSAndrey V. Elsukov EXT_NAME(IDENTITY_DST); 14152b3619fSAndrey V. Elsukov EXT_NAME(SENSITIVITY); 14252b3619fSAndrey V. Elsukov EXT_NAME(PROPOSAL); 14352b3619fSAndrey V. Elsukov EXT_NAME(SUPPORTED_AUTH); 14452b3619fSAndrey V. Elsukov EXT_NAME(SUPPORTED_ENCRYPT); 14552b3619fSAndrey V. Elsukov EXT_NAME(SPIRANGE); 14652b3619fSAndrey V. Elsukov X_NAME(KMPRIVATE); 14752b3619fSAndrey V. Elsukov X_NAME(POLICY); 14852b3619fSAndrey V. Elsukov X_NAME(SA2); 14952b3619fSAndrey V. Elsukov X_NAME(NAT_T_TYPE); 15052b3619fSAndrey V. Elsukov X_NAME(NAT_T_SPORT); 15152b3619fSAndrey V. Elsukov X_NAME(NAT_T_DPORT); 15252b3619fSAndrey V. Elsukov X_NAME(NAT_T_OAI); 15352b3619fSAndrey V. Elsukov X_NAME(NAT_T_OAR); 15452b3619fSAndrey V. Elsukov X_NAME(NAT_T_FRAG); 15552b3619fSAndrey V. Elsukov X_NAME(SA_REPLAY); 15652b3619fSAndrey V. Elsukov X_NAME(NEW_ADDRESS_SRC); 15752b3619fSAndrey V. Elsukov X_NAME(NEW_ADDRESS_DST); 158ef2a572bSKonstantin Belousov X_NAME(LFT_CUR_SW_OFFL); 159ef2a572bSKonstantin Belousov X_NAME(LFT_CUR_HW_OFFL); 16052b3619fSAndrey V. Elsukov default: 16152b3619fSAndrey V. Elsukov return ("UNKNOWN"); 16252b3619fSAndrey V. Elsukov }; 16352b3619fSAndrey V. Elsukov #undef EXT_NAME 16452b3619fSAndrey V. Elsukov #undef X_NAME 16552b3619fSAndrey V. Elsukov } 16652b3619fSAndrey V. Elsukov 16788768458SSam Leffler /* %%%: about struct sadb_msg */ 16888768458SSam Leffler void 1692e84e6eaSAndrey V. Elsukov kdebug_sadb(struct sadb_msg *base) 17088768458SSam Leffler { 17188768458SSam Leffler struct sadb_ext *ext; 17288768458SSam Leffler int tlen, extlen; 17388768458SSam Leffler 17488768458SSam Leffler /* sanity check */ 17588768458SSam Leffler if (base == NULL) 1769ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 17788768458SSam Leffler 17852b3619fSAndrey V. Elsukov printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n", 17988768458SSam Leffler base->sadb_msg_version, base->sadb_msg_type, 18052b3619fSAndrey V. Elsukov kdebug_sadb_type(base->sadb_msg_type), 18188768458SSam Leffler base->sadb_msg_errno, base->sadb_msg_satype); 18288768458SSam Leffler printf(" len=%u reserved=%u seq=%u pid=%u\n", 18388768458SSam Leffler base->sadb_msg_len, base->sadb_msg_reserved, 18488768458SSam Leffler base->sadb_msg_seq, base->sadb_msg_pid); 18588768458SSam Leffler 18688768458SSam Leffler tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 18788768458SSam Leffler ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 18888768458SSam Leffler 18988768458SSam Leffler while (tlen > 0) { 19052b3619fSAndrey V. Elsukov printf("sadb_ext{ len=%u type=%u(%s) }\n", 19152b3619fSAndrey V. Elsukov ext->sadb_ext_len, ext->sadb_ext_type, 19252b3619fSAndrey V. Elsukov kdebug_sadb_exttype(ext->sadb_ext_type)); 19388768458SSam Leffler 194*0dab2124STobias Heider extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 195*0dab2124STobias Heider if (extlen == 0) { 1969ffa9677SSam Leffler printf("%s: invalid ext_len=0 was passed.\n", __func__); 19788768458SSam Leffler return; 19888768458SSam Leffler } 199*0dab2124STobias Heider if (extlen > tlen) { 2009ffa9677SSam Leffler printf("%s: ext_len too big (%u > %u).\n", 2019ffa9677SSam Leffler __func__, ext->sadb_ext_len, tlen); 20288768458SSam Leffler return; 20388768458SSam Leffler } 20488768458SSam Leffler 20588768458SSam Leffler switch (ext->sadb_ext_type) { 20688768458SSam Leffler case SADB_EXT_SA: 20788768458SSam Leffler kdebug_sadb_sa(ext); 20888768458SSam Leffler break; 20988768458SSam Leffler case SADB_EXT_LIFETIME_CURRENT: 21088768458SSam Leffler case SADB_EXT_LIFETIME_HARD: 21188768458SSam Leffler case SADB_EXT_LIFETIME_SOFT: 21288768458SSam Leffler kdebug_sadb_lifetime(ext); 21388768458SSam Leffler break; 21488768458SSam Leffler case SADB_EXT_ADDRESS_SRC: 21588768458SSam Leffler case SADB_EXT_ADDRESS_DST: 21688768458SSam Leffler case SADB_EXT_ADDRESS_PROXY: 2174e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NAT_T_OAI: 2184e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NAT_T_OAR: 2194e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NEW_ADDRESS_SRC: 2204e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NEW_ADDRESS_DST: 22188768458SSam Leffler kdebug_sadb_address(ext); 22288768458SSam Leffler break; 22388768458SSam Leffler case SADB_EXT_KEY_AUTH: 22488768458SSam Leffler case SADB_EXT_KEY_ENCRYPT: 22588768458SSam Leffler kdebug_sadb_key(ext); 22688768458SSam Leffler break; 22788768458SSam Leffler case SADB_EXT_IDENTITY_SRC: 22888768458SSam Leffler case SADB_EXT_IDENTITY_DST: 22988768458SSam Leffler kdebug_sadb_identity(ext); 23088768458SSam Leffler break; 23188768458SSam Leffler case SADB_EXT_SENSITIVITY: 23288768458SSam Leffler break; 23388768458SSam Leffler case SADB_EXT_PROPOSAL: 23488768458SSam Leffler kdebug_sadb_prop(ext); 23588768458SSam Leffler break; 23688768458SSam Leffler case SADB_EXT_SUPPORTED_AUTH: 23788768458SSam Leffler case SADB_EXT_SUPPORTED_ENCRYPT: 23888768458SSam Leffler kdebug_sadb_supported(ext); 23988768458SSam Leffler break; 24088768458SSam Leffler case SADB_EXT_SPIRANGE: 24188768458SSam Leffler case SADB_X_EXT_KMPRIVATE: 24288768458SSam Leffler break; 24388768458SSam Leffler case SADB_X_EXT_POLICY: 24488768458SSam Leffler kdebug_sadb_x_policy(ext); 24588768458SSam Leffler break; 24688768458SSam Leffler case SADB_X_EXT_SA2: 24788768458SSam Leffler kdebug_sadb_x_sa2(ext); 24888768458SSam Leffler break; 2494e0e8f31SAndrey V. Elsukov case SADB_X_EXT_SA_REPLAY: 2504e0e8f31SAndrey V. Elsukov kdebug_sadb_x_sa_replay(ext); 2514e0e8f31SAndrey V. Elsukov break; 2524e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NAT_T_TYPE: 2534e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NAT_T_SPORT: 2544e0e8f31SAndrey V. Elsukov case SADB_X_EXT_NAT_T_DPORT: 2554e0e8f31SAndrey V. Elsukov kdebug_sadb_x_natt(ext); 2564e0e8f31SAndrey V. Elsukov break; 257ef2a572bSKonstantin Belousov case SADB_X_EXT_LFT_CUR_SW_OFFL: 258ef2a572bSKonstantin Belousov case SADB_X_EXT_LFT_CUR_HW_OFFL: 259ef2a572bSKonstantin Belousov kdebug_sadb_lifetime(ext); 26088768458SSam Leffler default: 2619ffa9677SSam Leffler printf("%s: invalid ext_type %u\n", __func__, 26288768458SSam Leffler ext->sadb_ext_type); 26388768458SSam Leffler return; 26488768458SSam Leffler } 26588768458SSam Leffler 26688768458SSam Leffler tlen -= extlen; 26788768458SSam Leffler ext = (struct sadb_ext *)((caddr_t)ext + extlen); 26888768458SSam Leffler } 26988768458SSam Leffler 27088768458SSam Leffler return; 27188768458SSam Leffler } 27288768458SSam Leffler 27388768458SSam Leffler static void 2742e84e6eaSAndrey V. Elsukov kdebug_sadb_prop(struct sadb_ext *ext) 27588768458SSam Leffler { 27688768458SSam Leffler struct sadb_prop *prop = (struct sadb_prop *)ext; 27788768458SSam Leffler struct sadb_comb *comb; 27888768458SSam Leffler int len; 27988768458SSam Leffler 28088768458SSam Leffler /* sanity check */ 28188768458SSam Leffler if (ext == NULL) 2829ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 28388768458SSam Leffler 28488768458SSam Leffler len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 28588768458SSam Leffler / sizeof(*comb); 28688768458SSam Leffler comb = (struct sadb_comb *)(prop + 1); 28788768458SSam Leffler printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 28888768458SSam Leffler 28988768458SSam Leffler while (len--) { 29088768458SSam Leffler printf("sadb_comb{ auth=%u encrypt=%u " 29188768458SSam Leffler "flags=0x%04x reserved=0x%08x\n", 29288768458SSam Leffler comb->sadb_comb_auth, comb->sadb_comb_encrypt, 29388768458SSam Leffler comb->sadb_comb_flags, comb->sadb_comb_reserved); 29488768458SSam Leffler 29588768458SSam Leffler printf(" auth_minbits=%u auth_maxbits=%u " 29688768458SSam Leffler "encrypt_minbits=%u encrypt_maxbits=%u\n", 29788768458SSam Leffler comb->sadb_comb_auth_minbits, 29888768458SSam Leffler comb->sadb_comb_auth_maxbits, 29988768458SSam Leffler comb->sadb_comb_encrypt_minbits, 30088768458SSam Leffler comb->sadb_comb_encrypt_maxbits); 30188768458SSam Leffler 30288768458SSam Leffler printf(" soft_alloc=%u hard_alloc=%u " 30388768458SSam Leffler "soft_bytes=%lu hard_bytes=%lu\n", 30488768458SSam Leffler comb->sadb_comb_soft_allocations, 30588768458SSam Leffler comb->sadb_comb_hard_allocations, 30688768458SSam Leffler (unsigned long)comb->sadb_comb_soft_bytes, 30788768458SSam Leffler (unsigned long)comb->sadb_comb_hard_bytes); 30888768458SSam Leffler 30988768458SSam Leffler printf(" soft_alloc=%lu hard_alloc=%lu " 31088768458SSam Leffler "soft_bytes=%lu hard_bytes=%lu }\n", 31188768458SSam Leffler (unsigned long)comb->sadb_comb_soft_addtime, 31288768458SSam Leffler (unsigned long)comb->sadb_comb_hard_addtime, 31388768458SSam Leffler (unsigned long)comb->sadb_comb_soft_usetime, 31488768458SSam Leffler (unsigned long)comb->sadb_comb_hard_usetime); 31588768458SSam Leffler comb++; 31688768458SSam Leffler } 31788768458SSam Leffler printf("}\n"); 31888768458SSam Leffler 31988768458SSam Leffler return; 32088768458SSam Leffler } 32188768458SSam Leffler 32288768458SSam Leffler static void 3232e84e6eaSAndrey V. Elsukov kdebug_sadb_identity(struct sadb_ext *ext) 32488768458SSam Leffler { 32588768458SSam Leffler struct sadb_ident *id = (struct sadb_ident *)ext; 32688768458SSam Leffler int len; 32788768458SSam Leffler 32888768458SSam Leffler /* sanity check */ 32988768458SSam Leffler if (ext == NULL) 3309ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 33188768458SSam Leffler 33288768458SSam Leffler len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 33388768458SSam Leffler printf("sadb_ident_%s{", 33488768458SSam Leffler id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 33588768458SSam Leffler switch (id->sadb_ident_type) { 33688768458SSam Leffler default: 33788768458SSam Leffler printf(" type=%d id=%lu", 33888768458SSam Leffler id->sadb_ident_type, (u_long)id->sadb_ident_id); 33988768458SSam Leffler if (len) { 34088768458SSam Leffler #ifdef _KERNEL 34188768458SSam Leffler ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 34288768458SSam Leffler #else 34388768458SSam Leffler char *p, *ep; 34488768458SSam Leffler printf("\n str=\""); 34588768458SSam Leffler p = (char *)(id + 1); 34688768458SSam Leffler ep = p + len; 34788768458SSam Leffler for (/*nothing*/; *p && p < ep; p++) { 34888768458SSam Leffler if (isprint(*p)) 34988768458SSam Leffler printf("%c", *p & 0xff); 35088768458SSam Leffler else 35188768458SSam Leffler printf("\\%03o", *p & 0xff); 35288768458SSam Leffler } 35388768458SSam Leffler #endif 35488768458SSam Leffler printf("\""); 35588768458SSam Leffler } 35688768458SSam Leffler break; 35788768458SSam Leffler } 35888768458SSam Leffler 35988768458SSam Leffler printf(" }\n"); 36088768458SSam Leffler 36188768458SSam Leffler return; 36288768458SSam Leffler } 36388768458SSam Leffler 36488768458SSam Leffler static void 3652e84e6eaSAndrey V. Elsukov kdebug_sadb_supported(struct sadb_ext *ext) 36688768458SSam Leffler { 36788768458SSam Leffler struct sadb_supported *sup = (struct sadb_supported *)ext; 36888768458SSam Leffler struct sadb_alg *alg; 36988768458SSam Leffler int len; 37088768458SSam Leffler 37188768458SSam Leffler /* sanity check */ 37288768458SSam Leffler if (ext == NULL) 3739ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 37488768458SSam Leffler 37588768458SSam Leffler len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 37688768458SSam Leffler / sizeof(*alg); 37788768458SSam Leffler alg = (struct sadb_alg *)(sup + 1); 37888768458SSam Leffler printf("sadb_sup{\n"); 37988768458SSam Leffler while (len--) { 38088768458SSam Leffler printf(" { id=%d ivlen=%d min=%d max=%d }\n", 38188768458SSam Leffler alg->sadb_alg_id, alg->sadb_alg_ivlen, 38288768458SSam Leffler alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 38388768458SSam Leffler alg++; 38488768458SSam Leffler } 38588768458SSam Leffler printf("}\n"); 38688768458SSam Leffler 38788768458SSam Leffler return; 38888768458SSam Leffler } 38988768458SSam Leffler 39088768458SSam Leffler static void 3912e84e6eaSAndrey V. Elsukov kdebug_sadb_lifetime(struct sadb_ext *ext) 39288768458SSam Leffler { 39388768458SSam Leffler struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 39488768458SSam Leffler 39588768458SSam Leffler /* sanity check */ 39688768458SSam Leffler if (ext == NULL) 397208b3a93SBjoern A. Zeeb panic("%s: NULL pointer was passed.\n", __func__); 39888768458SSam Leffler 39988768458SSam Leffler printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 40088768458SSam Leffler lft->sadb_lifetime_allocations, 40188768458SSam Leffler (u_int32_t)lft->sadb_lifetime_bytes); 40288768458SSam Leffler printf(" addtime=%u, usetime=%u }\n", 40388768458SSam Leffler (u_int32_t)lft->sadb_lifetime_addtime, 40488768458SSam Leffler (u_int32_t)lft->sadb_lifetime_usetime); 40588768458SSam Leffler 40688768458SSam Leffler return; 40788768458SSam Leffler } 40888768458SSam Leffler 40988768458SSam Leffler static void 4102e84e6eaSAndrey V. Elsukov kdebug_sadb_sa(struct sadb_ext *ext) 41188768458SSam Leffler { 41288768458SSam Leffler struct sadb_sa *sa = (struct sadb_sa *)ext; 41388768458SSam Leffler 41488768458SSam Leffler /* sanity check */ 41588768458SSam Leffler if (ext == NULL) 4169ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 41788768458SSam Leffler 41888768458SSam Leffler printf("sadb_sa{ spi=%u replay=%u state=%u\n", 41988768458SSam Leffler (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 42088768458SSam Leffler sa->sadb_sa_state); 42188768458SSam Leffler printf(" auth=%u encrypt=%u flags=0x%08x }\n", 42288768458SSam Leffler sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 42388768458SSam Leffler 42488768458SSam Leffler return; 42588768458SSam Leffler } 42688768458SSam Leffler 42788768458SSam Leffler static void 4282e84e6eaSAndrey V. Elsukov kdebug_sadb_address(struct sadb_ext *ext) 42988768458SSam Leffler { 43088768458SSam Leffler struct sadb_address *addr = (struct sadb_address *)ext; 43188768458SSam Leffler 43288768458SSam Leffler /* sanity check */ 43388768458SSam Leffler if (ext == NULL) 4349ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 43588768458SSam Leffler 43688768458SSam Leffler printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 43788768458SSam Leffler addr->sadb_address_proto, addr->sadb_address_prefixlen, 43888768458SSam Leffler ((u_char *)&addr->sadb_address_reserved)[0], 43988768458SSam Leffler ((u_char *)&addr->sadb_address_reserved)[1]); 44088768458SSam Leffler 44188768458SSam Leffler kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 44288768458SSam Leffler } 44388768458SSam Leffler 44488768458SSam Leffler static void 4452e84e6eaSAndrey V. Elsukov kdebug_sadb_key(struct sadb_ext *ext) 44688768458SSam Leffler { 44788768458SSam Leffler struct sadb_key *key = (struct sadb_key *)ext; 44888768458SSam Leffler 44988768458SSam Leffler /* sanity check */ 45088768458SSam Leffler if (ext == NULL) 4519ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 45288768458SSam Leffler 45388768458SSam Leffler printf("sadb_key{ bits=%u reserved=%u\n", 45488768458SSam Leffler key->sadb_key_bits, key->sadb_key_reserved); 45588768458SSam Leffler printf(" key="); 45688768458SSam Leffler 45788768458SSam Leffler /* sanity check 2 */ 45888768458SSam Leffler if ((key->sadb_key_bits >> 3) > 45988768458SSam Leffler (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 4609ffa9677SSam Leffler printf("%s: key length mismatch, bit:%d len:%ld.\n", 4619ffa9677SSam Leffler __func__, 46288768458SSam Leffler key->sadb_key_bits >> 3, 46388768458SSam Leffler (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 46488768458SSam Leffler } 46588768458SSam Leffler 46688768458SSam Leffler ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 46788768458SSam Leffler key->sadb_key_bits >> 3); 46888768458SSam Leffler printf(" }\n"); 46988768458SSam Leffler return; 47088768458SSam Leffler } 47188768458SSam Leffler 47288768458SSam Leffler static void 4732e84e6eaSAndrey V. Elsukov kdebug_sadb_x_sa2(struct sadb_ext *ext) 47488768458SSam Leffler { 47588768458SSam Leffler struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 47688768458SSam Leffler 47788768458SSam Leffler /* sanity check */ 47888768458SSam Leffler if (ext == NULL) 4799ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 48088768458SSam Leffler 48188768458SSam Leffler printf("sadb_x_sa2{ mode=%u reqid=%u\n", 48288768458SSam Leffler sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 48388768458SSam Leffler printf(" reserved1=%u reserved2=%u sequence=%u }\n", 48488768458SSam Leffler sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 48588768458SSam Leffler sa2->sadb_x_sa2_sequence); 48688768458SSam Leffler 48788768458SSam Leffler return; 48888768458SSam Leffler } 48988768458SSam Leffler 4904e0e8f31SAndrey V. Elsukov static void 4914e0e8f31SAndrey V. Elsukov kdebug_sadb_x_sa_replay(struct sadb_ext *ext) 4924e0e8f31SAndrey V. Elsukov { 4934e0e8f31SAndrey V. Elsukov struct sadb_x_sa_replay *replay; 4944e0e8f31SAndrey V. Elsukov 4954e0e8f31SAndrey V. Elsukov /* sanity check */ 4964e0e8f31SAndrey V. Elsukov if (ext == NULL) 4974e0e8f31SAndrey V. Elsukov panic("%s: NULL pointer was passed.\n", __func__); 4984e0e8f31SAndrey V. Elsukov 4994e0e8f31SAndrey V. Elsukov replay = (struct sadb_x_sa_replay *)ext; 5004e0e8f31SAndrey V. Elsukov printf("sadb_x_sa_replay{ replay=%u }\n", 5014e0e8f31SAndrey V. Elsukov replay->sadb_x_sa_replay_replay); 5024e0e8f31SAndrey V. Elsukov } 5034e0e8f31SAndrey V. Elsukov 5044e0e8f31SAndrey V. Elsukov static void 5054e0e8f31SAndrey V. Elsukov kdebug_sadb_x_natt(struct sadb_ext *ext) 5064e0e8f31SAndrey V. Elsukov { 5074e0e8f31SAndrey V. Elsukov struct sadb_x_nat_t_type *type; 5084e0e8f31SAndrey V. Elsukov struct sadb_x_nat_t_port *port; 5094e0e8f31SAndrey V. Elsukov 5104e0e8f31SAndrey V. Elsukov /* sanity check */ 5114e0e8f31SAndrey V. Elsukov if (ext == NULL) 5124e0e8f31SAndrey V. Elsukov panic("%s: NULL pointer was passed.\n", __func__); 5134e0e8f31SAndrey V. Elsukov 5144e0e8f31SAndrey V. Elsukov if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) { 5154e0e8f31SAndrey V. Elsukov type = (struct sadb_x_nat_t_type *)ext; 5164e0e8f31SAndrey V. Elsukov printf("sadb_x_nat_t_type{ type=%u }\n", 5174e0e8f31SAndrey V. Elsukov type->sadb_x_nat_t_type_type); 5184e0e8f31SAndrey V. Elsukov } else { 5194e0e8f31SAndrey V. Elsukov port = (struct sadb_x_nat_t_port *)ext; 5204e0e8f31SAndrey V. Elsukov printf("sadb_x_nat_t_port{ port=%u }\n", 5214e0e8f31SAndrey V. Elsukov ntohs(port->sadb_x_nat_t_port_port)); 5224e0e8f31SAndrey V. Elsukov } 5234e0e8f31SAndrey V. Elsukov } 5244e0e8f31SAndrey V. Elsukov 52588768458SSam Leffler void 5262e84e6eaSAndrey V. Elsukov kdebug_sadb_x_policy(struct sadb_ext *ext) 52788768458SSam Leffler { 52888768458SSam Leffler struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 52988768458SSam Leffler struct sockaddr *addr; 53088768458SSam Leffler 53188768458SSam Leffler /* sanity check */ 53288768458SSam Leffler if (ext == NULL) 5339ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 53488768458SSam Leffler 5354e0e8f31SAndrey V. Elsukov printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n", 53688768458SSam Leffler xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 5374e0e8f31SAndrey V. Elsukov xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope, 5384e0e8f31SAndrey V. Elsukov xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ? 5394e0e8f31SAndrey V. Elsukov "ifindex": "priority", xpl->sadb_x_policy_priority); 54088768458SSam Leffler 54188768458SSam Leffler if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 54288768458SSam Leffler int tlen; 54388768458SSam Leffler struct sadb_x_ipsecrequest *xisr; 54488768458SSam Leffler 54588768458SSam Leffler tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 54688768458SSam Leffler xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 54788768458SSam Leffler 54888768458SSam Leffler while (tlen > 0) { 54988768458SSam Leffler printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 55088768458SSam Leffler xisr->sadb_x_ipsecrequest_len, 55188768458SSam Leffler xisr->sadb_x_ipsecrequest_proto, 55288768458SSam Leffler xisr->sadb_x_ipsecrequest_mode, 55388768458SSam Leffler xisr->sadb_x_ipsecrequest_level, 55488768458SSam Leffler xisr->sadb_x_ipsecrequest_reqid); 55588768458SSam Leffler 55688768458SSam Leffler if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 55788768458SSam Leffler addr = (struct sockaddr *)(xisr + 1); 55888768458SSam Leffler kdebug_sockaddr(addr); 55988768458SSam Leffler addr = (struct sockaddr *)((caddr_t)addr 56088768458SSam Leffler + addr->sa_len); 56188768458SSam Leffler kdebug_sockaddr(addr); 56288768458SSam Leffler } 56388768458SSam Leffler 56488768458SSam Leffler printf(" }\n"); 56588768458SSam Leffler 56688768458SSam Leffler /* prevent infinite loop */ 56788768458SSam Leffler if (xisr->sadb_x_ipsecrequest_len <= 0) { 5689ffa9677SSam Leffler printf("%s: wrong policy struct.\n", __func__); 56988768458SSam Leffler return; 57088768458SSam Leffler } 57188768458SSam Leffler /* prevent overflow */ 57288768458SSam Leffler if (xisr->sadb_x_ipsecrequest_len > tlen) { 5739ffa9677SSam Leffler printf("%s: invalid ipsec policy length " 5749ffa9677SSam Leffler "(%u > %u)\n", __func__, 5759ffa9677SSam Leffler xisr->sadb_x_ipsecrequest_len, tlen); 57688768458SSam Leffler return; 57788768458SSam Leffler } 57888768458SSam Leffler 57988768458SSam Leffler tlen -= xisr->sadb_x_ipsecrequest_len; 58088768458SSam Leffler 58188768458SSam Leffler xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 58288768458SSam Leffler + xisr->sadb_x_ipsecrequest_len); 58388768458SSam Leffler } 58488768458SSam Leffler 58588768458SSam Leffler if (tlen != 0) 5869ffa9677SSam Leffler panic("%s: wrong policy struct.\n", __func__); 58788768458SSam Leffler } 58888768458SSam Leffler 58988768458SSam Leffler return; 59088768458SSam Leffler } 59188768458SSam Leffler 59288768458SSam Leffler #ifdef _KERNEL 59388768458SSam Leffler /* %%%: about SPD and SAD */ 594fcf59617SAndrey V. Elsukov const char* 595fcf59617SAndrey V. Elsukov kdebug_secpolicy_state(u_int state) 596fcf59617SAndrey V. Elsukov { 597fcf59617SAndrey V. Elsukov 598fcf59617SAndrey V. Elsukov switch (state) { 599fcf59617SAndrey V. Elsukov case IPSEC_SPSTATE_DEAD: 600fcf59617SAndrey V. Elsukov return ("dead"); 601fcf59617SAndrey V. Elsukov case IPSEC_SPSTATE_LARVAL: 602fcf59617SAndrey V. Elsukov return ("larval"); 603fcf59617SAndrey V. Elsukov case IPSEC_SPSTATE_ALIVE: 604fcf59617SAndrey V. Elsukov return ("alive"); 605fcf59617SAndrey V. Elsukov case IPSEC_SPSTATE_PCB: 606fcf59617SAndrey V. Elsukov return ("pcb"); 607fcf59617SAndrey V. Elsukov case IPSEC_SPSTATE_IFNET: 608fcf59617SAndrey V. Elsukov return ("ifnet"); 609fcf59617SAndrey V. Elsukov } 610fcf59617SAndrey V. Elsukov return ("unknown"); 611fcf59617SAndrey V. Elsukov } 612fcf59617SAndrey V. Elsukov 613fcf59617SAndrey V. Elsukov const char* 614fcf59617SAndrey V. Elsukov kdebug_secpolicy_policy(u_int policy) 615fcf59617SAndrey V. Elsukov { 616fcf59617SAndrey V. Elsukov 617fcf59617SAndrey V. Elsukov switch (policy) { 618fcf59617SAndrey V. Elsukov case IPSEC_POLICY_DISCARD: 619fcf59617SAndrey V. Elsukov return ("discard"); 620fcf59617SAndrey V. Elsukov case IPSEC_POLICY_NONE: 621fcf59617SAndrey V. Elsukov return ("none"); 622fcf59617SAndrey V. Elsukov case IPSEC_POLICY_IPSEC: 623fcf59617SAndrey V. Elsukov return ("ipsec"); 624fcf59617SAndrey V. Elsukov case IPSEC_POLICY_ENTRUST: 625fcf59617SAndrey V. Elsukov return ("entrust"); 626fcf59617SAndrey V. Elsukov case IPSEC_POLICY_BYPASS: 627fcf59617SAndrey V. Elsukov return ("bypass"); 628fcf59617SAndrey V. Elsukov } 629fcf59617SAndrey V. Elsukov return ("unknown"); 630fcf59617SAndrey V. Elsukov } 631fcf59617SAndrey V. Elsukov 632fcf59617SAndrey V. Elsukov const char* 633fcf59617SAndrey V. Elsukov kdebug_secpolicyindex_dir(u_int dir) 634fcf59617SAndrey V. Elsukov { 635fcf59617SAndrey V. Elsukov 636fcf59617SAndrey V. Elsukov switch (dir) { 637fcf59617SAndrey V. Elsukov case IPSEC_DIR_ANY: 638fcf59617SAndrey V. Elsukov return ("any"); 639fcf59617SAndrey V. Elsukov case IPSEC_DIR_INBOUND: 640fcf59617SAndrey V. Elsukov return ("in"); 641fcf59617SAndrey V. Elsukov case IPSEC_DIR_OUTBOUND: 642fcf59617SAndrey V. Elsukov return ("out"); 643fcf59617SAndrey V. Elsukov } 644fcf59617SAndrey V. Elsukov return ("unknown"); 645fcf59617SAndrey V. Elsukov } 646fcf59617SAndrey V. Elsukov 647fcf59617SAndrey V. Elsukov const char* 648fcf59617SAndrey V. Elsukov kdebug_ipsecrequest_level(u_int level) 649fcf59617SAndrey V. Elsukov { 650fcf59617SAndrey V. Elsukov 651fcf59617SAndrey V. Elsukov switch (level) { 652fcf59617SAndrey V. Elsukov case IPSEC_LEVEL_DEFAULT: 653fcf59617SAndrey V. Elsukov return ("default"); 654fcf59617SAndrey V. Elsukov case IPSEC_LEVEL_USE: 655fcf59617SAndrey V. Elsukov return ("use"); 656fcf59617SAndrey V. Elsukov case IPSEC_LEVEL_REQUIRE: 657fcf59617SAndrey V. Elsukov return ("require"); 658fcf59617SAndrey V. Elsukov case IPSEC_LEVEL_UNIQUE: 659fcf59617SAndrey V. Elsukov return ("unique"); 660fcf59617SAndrey V. Elsukov } 661fcf59617SAndrey V. Elsukov return ("unknown"); 662fcf59617SAndrey V. Elsukov } 663fcf59617SAndrey V. Elsukov 664fcf59617SAndrey V. Elsukov const char* 665fcf59617SAndrey V. Elsukov kdebug_secasindex_mode(u_int mode) 666fcf59617SAndrey V. Elsukov { 667fcf59617SAndrey V. Elsukov 668fcf59617SAndrey V. Elsukov switch (mode) { 669fcf59617SAndrey V. Elsukov case IPSEC_MODE_ANY: 670fcf59617SAndrey V. Elsukov return ("any"); 671fcf59617SAndrey V. Elsukov case IPSEC_MODE_TRANSPORT: 672fcf59617SAndrey V. Elsukov return ("transport"); 673fcf59617SAndrey V. Elsukov case IPSEC_MODE_TUNNEL: 674fcf59617SAndrey V. Elsukov return ("tunnel"); 675fcf59617SAndrey V. Elsukov case IPSEC_MODE_TCPMD5: 676fcf59617SAndrey V. Elsukov return ("tcp-md5"); 677fcf59617SAndrey V. Elsukov } 678fcf59617SAndrey V. Elsukov return ("unknown"); 679fcf59617SAndrey V. Elsukov } 680fcf59617SAndrey V. Elsukov 681fcf59617SAndrey V. Elsukov const char* 682fcf59617SAndrey V. Elsukov kdebug_secasv_state(u_int state) 683fcf59617SAndrey V. Elsukov { 684fcf59617SAndrey V. Elsukov 685fcf59617SAndrey V. Elsukov switch (state) { 686fcf59617SAndrey V. Elsukov case SADB_SASTATE_LARVAL: 687fcf59617SAndrey V. Elsukov return ("larval"); 688fcf59617SAndrey V. Elsukov case SADB_SASTATE_MATURE: 689fcf59617SAndrey V. Elsukov return ("mature"); 690fcf59617SAndrey V. Elsukov case SADB_SASTATE_DYING: 691fcf59617SAndrey V. Elsukov return ("dying"); 692fcf59617SAndrey V. Elsukov case SADB_SASTATE_DEAD: 693fcf59617SAndrey V. Elsukov return ("dead"); 694fcf59617SAndrey V. Elsukov } 695fcf59617SAndrey V. Elsukov return ("unknown"); 696fcf59617SAndrey V. Elsukov } 697fcf59617SAndrey V. Elsukov 698fcf59617SAndrey V. Elsukov static char* 699fcf59617SAndrey V. Elsukov kdebug_port2str(const struct sockaddr *sa, char *buf, size_t len) 700fcf59617SAndrey V. Elsukov { 701fcf59617SAndrey V. Elsukov uint16_t port; 702fcf59617SAndrey V. Elsukov 703fcf59617SAndrey V. Elsukov IPSEC_ASSERT(sa != NULL, ("null sa")); 704fcf59617SAndrey V. Elsukov switch (sa->sa_family) { 705fcf59617SAndrey V. Elsukov #ifdef INET 706fcf59617SAndrey V. Elsukov case AF_INET: 707fcf59617SAndrey V. Elsukov port = ntohs(((const struct sockaddr_in *)sa)->sin_port); 708fcf59617SAndrey V. Elsukov break; 709fcf59617SAndrey V. Elsukov #endif 710fcf59617SAndrey V. Elsukov #ifdef INET6 711fcf59617SAndrey V. Elsukov case AF_INET6: 712fcf59617SAndrey V. Elsukov port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port); 713fcf59617SAndrey V. Elsukov break; 714fcf59617SAndrey V. Elsukov #endif 715fcf59617SAndrey V. Elsukov default: 716fcf59617SAndrey V. Elsukov port = 0; 717fcf59617SAndrey V. Elsukov } 718fcf59617SAndrey V. Elsukov if (port == 0) 719fcf59617SAndrey V. Elsukov return ("*"); 720fcf59617SAndrey V. Elsukov snprintf(buf, len, "%u", port); 721fcf59617SAndrey V. Elsukov return (buf); 722fcf59617SAndrey V. Elsukov } 723fcf59617SAndrey V. Elsukov 72488768458SSam Leffler void 7252e84e6eaSAndrey V. Elsukov kdebug_secpolicy(struct secpolicy *sp) 72688768458SSam Leffler { 727fcf59617SAndrey V. Elsukov u_int idx; 72888768458SSam Leffler 729fcf59617SAndrey V. Elsukov IPSEC_ASSERT(sp != NULL, ("null sp")); 730fcf59617SAndrey V. Elsukov printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n", 731fcf59617SAndrey V. Elsukov sp->refcnt, sp->id, sp->priority, 732fcf59617SAndrey V. Elsukov kdebug_secpolicy_state(sp->state), 733fcf59617SAndrey V. Elsukov kdebug_secpolicy_policy(sp->policy)); 734fcf59617SAndrey V. Elsukov kdebug_secpolicyindex(&sp->spidx, " "); 735fcf59617SAndrey V. Elsukov for (idx = 0; idx < sp->tcount; idx++) { 736fcf59617SAndrey V. Elsukov printf(" req[%u]{ level=%s ", idx, 737fcf59617SAndrey V. Elsukov kdebug_ipsecrequest_level(sp->req[idx]->level)); 738fcf59617SAndrey V. Elsukov kdebug_secasindex(&sp->req[idx]->saidx, NULL); 739fcf59617SAndrey V. Elsukov printf(" }\n"); 74088768458SSam Leffler } 74188768458SSam Leffler printf("}\n"); 74288768458SSam Leffler } 74388768458SSam Leffler 744fcf59617SAndrey V. Elsukov void 745fcf59617SAndrey V. Elsukov kdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent) 746fcf59617SAndrey V. Elsukov { 747fcf59617SAndrey V. Elsukov char buf[IPSEC_ADDRSTRLEN]; 748fcf59617SAndrey V. Elsukov 749fcf59617SAndrey V. Elsukov IPSEC_ASSERT(spidx != NULL, ("null spidx")); 750fcf59617SAndrey V. Elsukov if (indent != NULL) 751fcf59617SAndrey V. Elsukov printf("%s", indent); 752fcf59617SAndrey V. Elsukov printf("spidx { dir=%s ul_proto=", 753fcf59617SAndrey V. Elsukov kdebug_secpolicyindex_dir(spidx->dir)); 754fcf59617SAndrey V. Elsukov if (spidx->ul_proto == IPSEC_ULPROTO_ANY) 755fcf59617SAndrey V. Elsukov printf("* "); 756fcf59617SAndrey V. Elsukov else 757fcf59617SAndrey V. Elsukov printf("%u ", spidx->ul_proto); 758fcf59617SAndrey V. Elsukov printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)), 759fcf59617SAndrey V. Elsukov spidx->prefs); 760fcf59617SAndrey V. Elsukov printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)), 761fcf59617SAndrey V. Elsukov spidx->prefd); 76288768458SSam Leffler } 76388768458SSam Leffler 76488768458SSam Leffler void 765fcf59617SAndrey V. Elsukov kdebug_secasindex(const struct secasindex *saidx, const char *indent) 76688768458SSam Leffler { 767fcf59617SAndrey V. Elsukov char buf[IPSEC_ADDRSTRLEN], port[6]; 7682ada524eSAndrey V. Elsukov 769fcf59617SAndrey V. Elsukov IPSEC_ASSERT(saidx != NULL, ("null saidx")); 770fcf59617SAndrey V. Elsukov if (indent != NULL) 771fcf59617SAndrey V. Elsukov printf("%s", indent); 772fcf59617SAndrey V. Elsukov printf("saidx { mode=%s proto=%u reqid=%u ", 773fcf59617SAndrey V. Elsukov kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid); 774fcf59617SAndrey V. Elsukov printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)), 775fcf59617SAndrey V. Elsukov kdebug_port2str(&saidx->src.sa, port, sizeof(port))); 776fcf59617SAndrey V. Elsukov printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)), 777fcf59617SAndrey V. Elsukov kdebug_port2str(&saidx->dst.sa, port, sizeof(port))); 77888768458SSam Leffler } 77988768458SSam Leffler 780208b3a93SBjoern A. Zeeb static void 781fcf59617SAndrey V. Elsukov kdebug_sec_lifetime(struct seclifetime *lft, const char *indent) 782208b3a93SBjoern A. Zeeb { 783208b3a93SBjoern A. Zeeb 784fcf59617SAndrey V. Elsukov IPSEC_ASSERT(lft != NULL, ("null lft")); 785fcf59617SAndrey V. Elsukov if (indent != NULL) 786fcf59617SAndrey V. Elsukov printf("%s", indent); 787fcf59617SAndrey V. Elsukov printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n", 788fcf59617SAndrey V. Elsukov lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime, 789fcf59617SAndrey V. Elsukov (uintmax_t)lft->usetime); 790208b3a93SBjoern A. Zeeb } 791208b3a93SBjoern A. Zeeb 79288768458SSam Leffler void 793fcf59617SAndrey V. Elsukov kdebug_secash(struct secashead *sah, const char *indent) 79488768458SSam Leffler { 79588768458SSam Leffler 796fcf59617SAndrey V. Elsukov IPSEC_ASSERT(sah != NULL, ("null sah")); 797fcf59617SAndrey V. Elsukov if (indent != NULL) 798fcf59617SAndrey V. Elsukov printf("%s", indent); 799fcf59617SAndrey V. Elsukov printf("SAH { refcnt=%u state=%s\n", sah->refcnt, 800fcf59617SAndrey V. Elsukov kdebug_secasv_state(sah->state)); 801fcf59617SAndrey V. Elsukov if (indent != NULL) 802fcf59617SAndrey V. Elsukov printf("%s", indent); 803fcf59617SAndrey V. Elsukov kdebug_secasindex(&sah->saidx, indent); 804fcf59617SAndrey V. Elsukov if (indent != NULL) 805fcf59617SAndrey V. Elsukov printf("%s", indent); 806fcf59617SAndrey V. Elsukov printf("}\n"); 80788768458SSam Leffler } 80888768458SSam Leffler 8098e5060a0SAndrey V. Elsukov #ifdef IPSEC_DEBUG 81088768458SSam Leffler static void 8112e84e6eaSAndrey V. Elsukov kdebug_secreplay(struct secreplay *rpl) 81288768458SSam Leffler { 81388768458SSam Leffler int len, l; 81488768458SSam Leffler 8150361f165SKristof Provost SECREPLAY_LOCK(rpl); 8160361f165SKristof Provost 817fcf59617SAndrey V. Elsukov IPSEC_ASSERT(rpl != NULL, ("null rpl")); 8188b7f3994SMarcin Wojtas printf(" secreplay{ count=%lu bitmap_size=%u wsize=%u last=%lu", 8198b7f3994SMarcin Wojtas rpl->count, rpl->bitmap_size, rpl->wsize, rpl->last); 82088768458SSam Leffler 82188768458SSam Leffler if (rpl->bitmap == NULL) { 82288768458SSam Leffler printf(" }\n"); 8230361f165SKristof Provost SECREPLAY_UNLOCK(rpl); 82488768458SSam Leffler return; 82588768458SSam Leffler } 82688768458SSam Leffler 82788768458SSam Leffler printf("\n bitmap { "); 828bf435626SFabien Thomas for (len = 0; len < rpl->bitmap_size*4; len++) { 82988768458SSam Leffler for (l = 7; l >= 0; l--) 83088768458SSam Leffler printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 83188768458SSam Leffler } 83288768458SSam Leffler printf(" }\n"); 8330361f165SKristof Provost SECREPLAY_UNLOCK(rpl); 834fcf59617SAndrey V. Elsukov } 8358e5060a0SAndrey V. Elsukov #endif /* IPSEC_DEBUG */ 83688768458SSam Leffler 837fcf59617SAndrey V. Elsukov static void 838fcf59617SAndrey V. Elsukov kdebug_secnatt(struct secnatt *natt) 839fcf59617SAndrey V. Elsukov { 840fcf59617SAndrey V. Elsukov char buf[IPSEC_ADDRSTRLEN]; 841fcf59617SAndrey V. Elsukov 842fcf59617SAndrey V. Elsukov IPSEC_ASSERT(natt != NULL, ("null natt")); 843fcf59617SAndrey V. Elsukov printf(" natt{ sport=%u dport=%u ", ntohs(natt->sport), 844fcf59617SAndrey V. Elsukov ntohs(natt->dport)); 845fcf59617SAndrey V. Elsukov if (natt->flags & IPSEC_NATT_F_OAI) 846fcf59617SAndrey V. Elsukov printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf))); 847fcf59617SAndrey V. Elsukov if (natt->flags & IPSEC_NATT_F_OAR) 848fcf59617SAndrey V. Elsukov printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf))); 849fcf59617SAndrey V. Elsukov printf("}\n"); 850fcf59617SAndrey V. Elsukov } 851fcf59617SAndrey V. Elsukov 852fcf59617SAndrey V. Elsukov void 853fcf59617SAndrey V. Elsukov kdebug_secasv(struct secasvar *sav) 854fcf59617SAndrey V. Elsukov { 855fcf59617SAndrey V. Elsukov struct seclifetime lft_c; 856fcf59617SAndrey V. Elsukov 857fcf59617SAndrey V. Elsukov IPSEC_ASSERT(sav != NULL, ("null sav")); 858fcf59617SAndrey V. Elsukov 859fcf59617SAndrey V. Elsukov printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n", 860fcf59617SAndrey V. Elsukov sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid, 861fcf59617SAndrey V. Elsukov sav->flags, kdebug_secasv_state(sav->state)); 862fcf59617SAndrey V. Elsukov kdebug_secash(sav->sah, " "); 863fcf59617SAndrey V. Elsukov 864fcf59617SAndrey V. Elsukov lft_c.addtime = sav->created; 865fcf59617SAndrey V. Elsukov lft_c.allocations = (uint32_t)counter_u64_fetch( 866fcf59617SAndrey V. Elsukov sav->lft_c_allocations); 867fcf59617SAndrey V. Elsukov lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 868fcf59617SAndrey V. Elsukov lft_c.usetime = sav->firstused; 869fcf59617SAndrey V. Elsukov kdebug_sec_lifetime(&lft_c, " c_"); 870fcf59617SAndrey V. Elsukov if (sav->lft_h != NULL) 871fcf59617SAndrey V. Elsukov kdebug_sec_lifetime(sav->lft_h, " h_"); 872fcf59617SAndrey V. Elsukov if (sav->lft_s != NULL) 873fcf59617SAndrey V. Elsukov kdebug_sec_lifetime(sav->lft_s, " s_"); 874fcf59617SAndrey V. Elsukov 875fcf59617SAndrey V. Elsukov if (sav->tdb_authalgxform != NULL) 876fcf59617SAndrey V. Elsukov printf(" alg_auth=%s\n", sav->tdb_authalgxform->name); 877fcf59617SAndrey V. Elsukov if (sav->key_auth != NULL) 878fcf59617SAndrey V. Elsukov KEYDBG(DUMP, 879fcf59617SAndrey V. Elsukov kdebug_sadb_key((struct sadb_ext *)sav->key_auth)); 880fcf59617SAndrey V. Elsukov if (sav->tdb_encalgxform != NULL) 881fcf59617SAndrey V. Elsukov printf(" alg_enc=%s\n", sav->tdb_encalgxform->name); 882fcf59617SAndrey V. Elsukov if (sav->key_enc != NULL) 883fcf59617SAndrey V. Elsukov KEYDBG(DUMP, 884fcf59617SAndrey V. Elsukov kdebug_sadb_key((struct sadb_ext *)sav->key_enc)); 885fcf59617SAndrey V. Elsukov if (sav->natt != NULL) 886fcf59617SAndrey V. Elsukov kdebug_secnatt(sav->natt); 887fcf59617SAndrey V. Elsukov if (sav->replay != NULL) { 888fcf59617SAndrey V. Elsukov KEYDBG(DUMP, 889b357d40fSJohn Baldwin SECASVAR_RLOCK_TRACKER; 890b357d40fSJohn Baldwin 891b357d40fSJohn Baldwin SECASVAR_RLOCK(sav); 892fcf59617SAndrey V. Elsukov kdebug_secreplay(sav->replay); 893b357d40fSJohn Baldwin SECASVAR_RUNLOCK(sav)); 894fcf59617SAndrey V. Elsukov } 895fcf59617SAndrey V. Elsukov printf("}\n"); 89688768458SSam Leffler } 89788768458SSam Leffler 89888768458SSam Leffler void 899efb10c3cSAndrey V. Elsukov kdebug_mbufhdr(const struct mbuf *m) 90088768458SSam Leffler { 90188768458SSam Leffler /* sanity check */ 90288768458SSam Leffler if (m == NULL) 90388768458SSam Leffler return; 90488768458SSam Leffler 90588768458SSam Leffler printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 90688768458SSam Leffler "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 90788768458SSam Leffler m, m->m_next, m->m_nextpkt, m->m_data, 90888768458SSam Leffler m->m_len, m->m_type, m->m_flags); 90988768458SSam Leffler 91088768458SSam Leffler if (m->m_flags & M_PKTHDR) { 91188768458SSam Leffler printf(" m_pkthdr{ len:%d rcvif:%p }\n", 91288768458SSam Leffler m->m_pkthdr.len, m->m_pkthdr.rcvif); 91388768458SSam Leffler } 91488768458SSam Leffler 91588768458SSam Leffler if (m->m_flags & M_EXT) { 91688768458SSam Leffler printf(" m_ext{ ext_buf:%p ext_free:%p " 917fcc34a23SGleb Smirnoff "ext_size:%u ext_cnt:%p }\n", 91888768458SSam Leffler m->m_ext.ext_buf, m->m_ext.ext_free, 919fcc34a23SGleb Smirnoff m->m_ext.ext_size, m->m_ext.ext_cnt); 92088768458SSam Leffler } 92188768458SSam Leffler 92288768458SSam Leffler return; 92388768458SSam Leffler } 92488768458SSam Leffler 92588768458SSam Leffler void 926efb10c3cSAndrey V. Elsukov kdebug_mbuf(const struct mbuf *m0) 92788768458SSam Leffler { 928efb10c3cSAndrey V. Elsukov const struct mbuf *m = m0; 929c01fdd7aSDimitry Andric int i; 93088768458SSam Leffler 931c01fdd7aSDimitry Andric for (; m; m = m->m_next) { 93288768458SSam Leffler kdebug_mbufhdr(m); 93388768458SSam Leffler printf(" m_data:\n"); 93488768458SSam Leffler for (i = 0; i < m->m_len; i++) { 93588768458SSam Leffler if (i && i % 32 == 0) 93688768458SSam Leffler printf("\n"); 93788768458SSam Leffler if (i % 4 == 0) 93888768458SSam Leffler printf(" "); 939efb10c3cSAndrey V. Elsukov printf("%02x", mtod(m, const u_char *)[i]); 94088768458SSam Leffler } 94188768458SSam Leffler printf("\n"); 94288768458SSam Leffler } 94388768458SSam Leffler 94488768458SSam Leffler return; 94588768458SSam Leffler } 946fcf59617SAndrey V. Elsukov 947fcf59617SAndrey V. Elsukov /* Return a printable string for the address. */ 948fcf59617SAndrey V. Elsukov char * 949fcf59617SAndrey V. Elsukov ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) 950fcf59617SAndrey V. Elsukov { 951fcf59617SAndrey V. Elsukov 952fcf59617SAndrey V. Elsukov switch (sa->sa.sa_family) { 953fcf59617SAndrey V. Elsukov #ifdef INET 954fcf59617SAndrey V. Elsukov case AF_INET: 955fcf59617SAndrey V. Elsukov return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); 956fcf59617SAndrey V. Elsukov #endif /* INET */ 957fcf59617SAndrey V. Elsukov #ifdef INET6 958fcf59617SAndrey V. Elsukov case AF_INET6: 959fcf59617SAndrey V. Elsukov if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { 960fcf59617SAndrey V. Elsukov snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, 961fcf59617SAndrey V. Elsukov &sa->sin6.sin6_addr, buf, size), 962fcf59617SAndrey V. Elsukov sa->sin6.sin6_scope_id); 963fcf59617SAndrey V. Elsukov return (buf); 964fcf59617SAndrey V. Elsukov } else 965fcf59617SAndrey V. Elsukov return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, 966fcf59617SAndrey V. Elsukov buf, size)); 967fcf59617SAndrey V. Elsukov #endif /* INET6 */ 968fcf59617SAndrey V. Elsukov case 0: 969fcf59617SAndrey V. Elsukov return ("*"); 970fcf59617SAndrey V. Elsukov default: 971fcf59617SAndrey V. Elsukov return ("(unknown address family)"); 972fcf59617SAndrey V. Elsukov } 973fcf59617SAndrey V. Elsukov } 974fcf59617SAndrey V. Elsukov 975fcf59617SAndrey V. Elsukov char * 976fcf59617SAndrey V. Elsukov ipsec_sa2str(struct secasvar *sav, char *buf, size_t size) 977fcf59617SAndrey V. Elsukov { 978fcf59617SAndrey V. Elsukov char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; 979fcf59617SAndrey V. Elsukov 980fcf59617SAndrey V. Elsukov snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", 981fcf59617SAndrey V. Elsukov (u_long)ntohl(sav->spi), 982fcf59617SAndrey V. Elsukov ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), 983fcf59617SAndrey V. Elsukov ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); 984fcf59617SAndrey V. Elsukov return (buf); 985fcf59617SAndrey V. Elsukov } 986fcf59617SAndrey V. Elsukov 98788768458SSam Leffler #endif /* _KERNEL */ 98888768458SSam Leffler 98988768458SSam Leffler void 9902e84e6eaSAndrey V. Elsukov kdebug_sockaddr(struct sockaddr *addr) 99188768458SSam Leffler { 9924e0e8f31SAndrey V. Elsukov char buf[IPSEC_ADDRSTRLEN]; 99388768458SSam Leffler 99488768458SSam Leffler /* sanity check */ 99588768458SSam Leffler if (addr == NULL) 9969ffa9677SSam Leffler panic("%s: NULL pointer was passed.\n", __func__); 99788768458SSam Leffler 99888768458SSam Leffler switch (addr->sa_family) { 9994e0e8f31SAndrey V. Elsukov #ifdef INET 10004e0e8f31SAndrey V. Elsukov case AF_INET: { 10014e0e8f31SAndrey V. Elsukov struct sockaddr_in *sin; 10024e0e8f31SAndrey V. Elsukov 10034e0e8f31SAndrey V. Elsukov sin = (struct sockaddr_in *)addr; 10044e0e8f31SAndrey V. Elsukov inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)); 100588768458SSam Leffler break; 100688768458SSam Leffler } 10074e0e8f31SAndrey V. Elsukov #endif 10084e0e8f31SAndrey V. Elsukov #ifdef INET6 10094e0e8f31SAndrey V. Elsukov case AF_INET6: { 10104e0e8f31SAndrey V. Elsukov struct sockaddr_in6 *sin6; 101188768458SSam Leffler 10124e0e8f31SAndrey V. Elsukov sin6 = (struct sockaddr_in6 *)addr; 10134e0e8f31SAndrey V. Elsukov if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 10144e0e8f31SAndrey V. Elsukov snprintf(buf, sizeof(buf), "%s%%%u", 10154e0e8f31SAndrey V. Elsukov inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 10164e0e8f31SAndrey V. Elsukov sizeof(buf)), sin6->sin6_scope_id); 10174e0e8f31SAndrey V. Elsukov } else 10184e0e8f31SAndrey V. Elsukov inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 10194e0e8f31SAndrey V. Elsukov sizeof(buf)); 10204e0e8f31SAndrey V. Elsukov break; 10214e0e8f31SAndrey V. Elsukov } 10224e0e8f31SAndrey V. Elsukov #endif 10234e0e8f31SAndrey V. Elsukov default: 10244e0e8f31SAndrey V. Elsukov sprintf(buf, "unknown"); 10254e0e8f31SAndrey V. Elsukov } 10264e0e8f31SAndrey V. Elsukov printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len, 10274e0e8f31SAndrey V. Elsukov addr->sa_family, buf); 102888768458SSam Leffler } 102988768458SSam Leffler 103088768458SSam Leffler void 10312e84e6eaSAndrey V. Elsukov ipsec_bindump(caddr_t buf, int len) 103288768458SSam Leffler { 103388768458SSam Leffler int i; 103488768458SSam Leffler 103588768458SSam Leffler for (i = 0; i < len; i++) 103688768458SSam Leffler printf("%c", (unsigned char)buf[i]); 103788768458SSam Leffler 103888768458SSam Leffler return; 103988768458SSam Leffler } 104088768458SSam Leffler 104188768458SSam Leffler void 10422e84e6eaSAndrey V. Elsukov ipsec_hexdump(caddr_t buf, int len) 104388768458SSam Leffler { 104488768458SSam Leffler int i; 104588768458SSam Leffler 104688768458SSam Leffler for (i = 0; i < len; i++) { 104788768458SSam Leffler if (i != 0 && i % 32 == 0) printf("\n"); 104888768458SSam Leffler if (i % 4 == 0) printf(" "); 104988768458SSam Leffler printf("%02x", (unsigned char)buf[i]); 105088768458SSam Leffler } 105188768458SSam Leffler #if 0 105288768458SSam Leffler if (i % 32 != 0) printf("\n"); 105388768458SSam Leffler #endif 105488768458SSam Leffler 105588768458SSam Leffler return; 105688768458SSam Leffler } 1057