1 /* $FreeBSD$ */ 2 /* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #ifdef _KERNEL 36 #include "opt_inet.h" 37 #include "opt_inet6.h" 38 #include "opt_ipsec.h" 39 #endif 40 41 #include <sys/param.h> 42 #ifdef _KERNEL 43 #include <sys/systm.h> 44 #include <sys/lock.h> 45 #include <sys/malloc.h> 46 #include <sys/mbuf.h> 47 #include <sys/mutex.h> 48 #include <sys/queue.h> 49 #endif 50 #include <sys/socket.h> 51 52 #include <net/vnet.h> 53 54 #include <netipsec/key_var.h> 55 #include <netipsec/key_debug.h> 56 57 #include <netinet/in.h> 58 #include <netipsec/ipsec.h> 59 #ifdef _KERNEL 60 #include <netipsec/keydb.h> 61 #include <netipsec/xform.h> 62 #endif 63 64 #ifndef _KERNEL 65 #include <ctype.h> 66 #include <stdio.h> 67 #include <stdlib.h> 68 #include <arpa/inet.h> 69 #endif /* !_KERNEL */ 70 71 static void kdebug_sadb_prop(struct sadb_ext *); 72 static void kdebug_sadb_identity(struct sadb_ext *); 73 static void kdebug_sadb_supported(struct sadb_ext *); 74 static void kdebug_sadb_lifetime(struct sadb_ext *); 75 static void kdebug_sadb_sa(struct sadb_ext *); 76 static void kdebug_sadb_address(struct sadb_ext *); 77 static void kdebug_sadb_key(struct sadb_ext *); 78 static void kdebug_sadb_x_sa2(struct sadb_ext *); 79 static void kdebug_sadb_x_sa_replay(struct sadb_ext *); 80 static void kdebug_sadb_x_natt(struct sadb_ext *); 81 82 #ifndef _KERNEL 83 #define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 84 #endif 85 86 /* NOTE: host byte order */ 87 88 static const char* 89 kdebug_sadb_type(uint8_t type) 90 { 91 #define SADB_NAME(n) case SADB_ ## n: return (#n) 92 93 switch (type) { 94 SADB_NAME(RESERVED); 95 SADB_NAME(GETSPI); 96 SADB_NAME(UPDATE); 97 SADB_NAME(ADD); 98 SADB_NAME(DELETE); 99 SADB_NAME(GET); 100 SADB_NAME(ACQUIRE); 101 SADB_NAME(REGISTER); 102 SADB_NAME(EXPIRE); 103 SADB_NAME(FLUSH); 104 SADB_NAME(DUMP); 105 SADB_NAME(X_PROMISC); 106 SADB_NAME(X_PCHANGE); 107 SADB_NAME(X_SPDUPDATE); 108 SADB_NAME(X_SPDADD); 109 SADB_NAME(X_SPDDELETE); 110 SADB_NAME(X_SPDGET); 111 SADB_NAME(X_SPDACQUIRE); 112 SADB_NAME(X_SPDDUMP); 113 SADB_NAME(X_SPDFLUSH); 114 SADB_NAME(X_SPDSETIDX); 115 SADB_NAME(X_SPDEXPIRE); 116 SADB_NAME(X_SPDDELETE2); 117 default: 118 return ("UNKNOWN"); 119 } 120 #undef SADB_NAME 121 } 122 123 static const char* 124 kdebug_sadb_exttype(uint16_t type) 125 { 126 #define EXT_NAME(n) case SADB_EXT_ ## n: return (#n) 127 #define X_NAME(n) case SADB_X_EXT_ ## n: return (#n) 128 129 switch (type) { 130 EXT_NAME(RESERVED); 131 EXT_NAME(SA); 132 EXT_NAME(LIFETIME_CURRENT); 133 EXT_NAME(LIFETIME_HARD); 134 EXT_NAME(LIFETIME_SOFT); 135 EXT_NAME(ADDRESS_SRC); 136 EXT_NAME(ADDRESS_DST); 137 EXT_NAME(ADDRESS_PROXY); 138 EXT_NAME(KEY_AUTH); 139 EXT_NAME(KEY_ENCRYPT); 140 EXT_NAME(IDENTITY_SRC); 141 EXT_NAME(IDENTITY_DST); 142 EXT_NAME(SENSITIVITY); 143 EXT_NAME(PROPOSAL); 144 EXT_NAME(SUPPORTED_AUTH); 145 EXT_NAME(SUPPORTED_ENCRYPT); 146 EXT_NAME(SPIRANGE); 147 X_NAME(KMPRIVATE); 148 X_NAME(POLICY); 149 X_NAME(SA2); 150 X_NAME(NAT_T_TYPE); 151 X_NAME(NAT_T_SPORT); 152 X_NAME(NAT_T_DPORT); 153 X_NAME(NAT_T_OAI); 154 X_NAME(NAT_T_OAR); 155 X_NAME(NAT_T_FRAG); 156 X_NAME(SA_REPLAY); 157 X_NAME(NEW_ADDRESS_SRC); 158 X_NAME(NEW_ADDRESS_DST); 159 default: 160 return ("UNKNOWN"); 161 }; 162 #undef EXT_NAME 163 #undef X_NAME 164 } 165 166 /* %%%: about struct sadb_msg */ 167 void 168 kdebug_sadb(struct sadb_msg *base) 169 { 170 struct sadb_ext *ext; 171 int tlen, extlen; 172 173 /* sanity check */ 174 if (base == NULL) 175 panic("%s: NULL pointer was passed.\n", __func__); 176 177 printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n", 178 base->sadb_msg_version, base->sadb_msg_type, 179 kdebug_sadb_type(base->sadb_msg_type), 180 base->sadb_msg_errno, base->sadb_msg_satype); 181 printf(" len=%u reserved=%u seq=%u pid=%u\n", 182 base->sadb_msg_len, base->sadb_msg_reserved, 183 base->sadb_msg_seq, base->sadb_msg_pid); 184 185 tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 186 ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 187 188 while (tlen > 0) { 189 printf("sadb_ext{ len=%u type=%u(%s) }\n", 190 ext->sadb_ext_len, ext->sadb_ext_type, 191 kdebug_sadb_exttype(ext->sadb_ext_type)); 192 193 if (ext->sadb_ext_len == 0) { 194 printf("%s: invalid ext_len=0 was passed.\n", __func__); 195 return; 196 } 197 if (ext->sadb_ext_len > tlen) { 198 printf("%s: ext_len too big (%u > %u).\n", 199 __func__, ext->sadb_ext_len, tlen); 200 return; 201 } 202 203 switch (ext->sadb_ext_type) { 204 case SADB_EXT_SA: 205 kdebug_sadb_sa(ext); 206 break; 207 case SADB_EXT_LIFETIME_CURRENT: 208 case SADB_EXT_LIFETIME_HARD: 209 case SADB_EXT_LIFETIME_SOFT: 210 kdebug_sadb_lifetime(ext); 211 break; 212 case SADB_EXT_ADDRESS_SRC: 213 case SADB_EXT_ADDRESS_DST: 214 case SADB_EXT_ADDRESS_PROXY: 215 case SADB_X_EXT_NAT_T_OAI: 216 case SADB_X_EXT_NAT_T_OAR: 217 case SADB_X_EXT_NEW_ADDRESS_SRC: 218 case SADB_X_EXT_NEW_ADDRESS_DST: 219 kdebug_sadb_address(ext); 220 break; 221 case SADB_EXT_KEY_AUTH: 222 case SADB_EXT_KEY_ENCRYPT: 223 kdebug_sadb_key(ext); 224 break; 225 case SADB_EXT_IDENTITY_SRC: 226 case SADB_EXT_IDENTITY_DST: 227 kdebug_sadb_identity(ext); 228 break; 229 case SADB_EXT_SENSITIVITY: 230 break; 231 case SADB_EXT_PROPOSAL: 232 kdebug_sadb_prop(ext); 233 break; 234 case SADB_EXT_SUPPORTED_AUTH: 235 case SADB_EXT_SUPPORTED_ENCRYPT: 236 kdebug_sadb_supported(ext); 237 break; 238 case SADB_EXT_SPIRANGE: 239 case SADB_X_EXT_KMPRIVATE: 240 break; 241 case SADB_X_EXT_POLICY: 242 kdebug_sadb_x_policy(ext); 243 break; 244 case SADB_X_EXT_SA2: 245 kdebug_sadb_x_sa2(ext); 246 break; 247 case SADB_X_EXT_SA_REPLAY: 248 kdebug_sadb_x_sa_replay(ext); 249 break; 250 case SADB_X_EXT_NAT_T_TYPE: 251 case SADB_X_EXT_NAT_T_SPORT: 252 case SADB_X_EXT_NAT_T_DPORT: 253 kdebug_sadb_x_natt(ext); 254 break; 255 default: 256 printf("%s: invalid ext_type %u\n", __func__, 257 ext->sadb_ext_type); 258 return; 259 } 260 261 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 262 tlen -= extlen; 263 ext = (struct sadb_ext *)((caddr_t)ext + extlen); 264 } 265 266 return; 267 } 268 269 static void 270 kdebug_sadb_prop(struct sadb_ext *ext) 271 { 272 struct sadb_prop *prop = (struct sadb_prop *)ext; 273 struct sadb_comb *comb; 274 int len; 275 276 /* sanity check */ 277 if (ext == NULL) 278 panic("%s: NULL pointer was passed.\n", __func__); 279 280 len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 281 / sizeof(*comb); 282 comb = (struct sadb_comb *)(prop + 1); 283 printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 284 285 while (len--) { 286 printf("sadb_comb{ auth=%u encrypt=%u " 287 "flags=0x%04x reserved=0x%08x\n", 288 comb->sadb_comb_auth, comb->sadb_comb_encrypt, 289 comb->sadb_comb_flags, comb->sadb_comb_reserved); 290 291 printf(" auth_minbits=%u auth_maxbits=%u " 292 "encrypt_minbits=%u encrypt_maxbits=%u\n", 293 comb->sadb_comb_auth_minbits, 294 comb->sadb_comb_auth_maxbits, 295 comb->sadb_comb_encrypt_minbits, 296 comb->sadb_comb_encrypt_maxbits); 297 298 printf(" soft_alloc=%u hard_alloc=%u " 299 "soft_bytes=%lu hard_bytes=%lu\n", 300 comb->sadb_comb_soft_allocations, 301 comb->sadb_comb_hard_allocations, 302 (unsigned long)comb->sadb_comb_soft_bytes, 303 (unsigned long)comb->sadb_comb_hard_bytes); 304 305 printf(" soft_alloc=%lu hard_alloc=%lu " 306 "soft_bytes=%lu hard_bytes=%lu }\n", 307 (unsigned long)comb->sadb_comb_soft_addtime, 308 (unsigned long)comb->sadb_comb_hard_addtime, 309 (unsigned long)comb->sadb_comb_soft_usetime, 310 (unsigned long)comb->sadb_comb_hard_usetime); 311 comb++; 312 } 313 printf("}\n"); 314 315 return; 316 } 317 318 static void 319 kdebug_sadb_identity(struct sadb_ext *ext) 320 { 321 struct sadb_ident *id = (struct sadb_ident *)ext; 322 int len; 323 324 /* sanity check */ 325 if (ext == NULL) 326 panic("%s: NULL pointer was passed.\n", __func__); 327 328 len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 329 printf("sadb_ident_%s{", 330 id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 331 switch (id->sadb_ident_type) { 332 default: 333 printf(" type=%d id=%lu", 334 id->sadb_ident_type, (u_long)id->sadb_ident_id); 335 if (len) { 336 #ifdef _KERNEL 337 ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 338 #else 339 char *p, *ep; 340 printf("\n str=\""); 341 p = (char *)(id + 1); 342 ep = p + len; 343 for (/*nothing*/; *p && p < ep; p++) { 344 if (isprint(*p)) 345 printf("%c", *p & 0xff); 346 else 347 printf("\\%03o", *p & 0xff); 348 } 349 #endif 350 printf("\""); 351 } 352 break; 353 } 354 355 printf(" }\n"); 356 357 return; 358 } 359 360 static void 361 kdebug_sadb_supported(struct sadb_ext *ext) 362 { 363 struct sadb_supported *sup = (struct sadb_supported *)ext; 364 struct sadb_alg *alg; 365 int len; 366 367 /* sanity check */ 368 if (ext == NULL) 369 panic("%s: NULL pointer was passed.\n", __func__); 370 371 len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 372 / sizeof(*alg); 373 alg = (struct sadb_alg *)(sup + 1); 374 printf("sadb_sup{\n"); 375 while (len--) { 376 printf(" { id=%d ivlen=%d min=%d max=%d }\n", 377 alg->sadb_alg_id, alg->sadb_alg_ivlen, 378 alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 379 alg++; 380 } 381 printf("}\n"); 382 383 return; 384 } 385 386 static void 387 kdebug_sadb_lifetime(struct sadb_ext *ext) 388 { 389 struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 390 391 /* sanity check */ 392 if (ext == NULL) 393 panic("%s: NULL pointer was passed.\n", __func__); 394 395 printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 396 lft->sadb_lifetime_allocations, 397 (u_int32_t)lft->sadb_lifetime_bytes); 398 printf(" addtime=%u, usetime=%u }\n", 399 (u_int32_t)lft->sadb_lifetime_addtime, 400 (u_int32_t)lft->sadb_lifetime_usetime); 401 402 return; 403 } 404 405 static void 406 kdebug_sadb_sa(struct sadb_ext *ext) 407 { 408 struct sadb_sa *sa = (struct sadb_sa *)ext; 409 410 /* sanity check */ 411 if (ext == NULL) 412 panic("%s: NULL pointer was passed.\n", __func__); 413 414 printf("sadb_sa{ spi=%u replay=%u state=%u\n", 415 (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 416 sa->sadb_sa_state); 417 printf(" auth=%u encrypt=%u flags=0x%08x }\n", 418 sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 419 420 return; 421 } 422 423 static void 424 kdebug_sadb_address(struct sadb_ext *ext) 425 { 426 struct sadb_address *addr = (struct sadb_address *)ext; 427 428 /* sanity check */ 429 if (ext == NULL) 430 panic("%s: NULL pointer was passed.\n", __func__); 431 432 printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 433 addr->sadb_address_proto, addr->sadb_address_prefixlen, 434 ((u_char *)&addr->sadb_address_reserved)[0], 435 ((u_char *)&addr->sadb_address_reserved)[1]); 436 437 kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 438 } 439 440 static void 441 kdebug_sadb_key(struct sadb_ext *ext) 442 { 443 struct sadb_key *key = (struct sadb_key *)ext; 444 445 /* sanity check */ 446 if (ext == NULL) 447 panic("%s: NULL pointer was passed.\n", __func__); 448 449 printf("sadb_key{ bits=%u reserved=%u\n", 450 key->sadb_key_bits, key->sadb_key_reserved); 451 printf(" key="); 452 453 /* sanity check 2 */ 454 if ((key->sadb_key_bits >> 3) > 455 (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 456 printf("%s: key length mismatch, bit:%d len:%ld.\n", 457 __func__, 458 key->sadb_key_bits >> 3, 459 (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 460 } 461 462 ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 463 key->sadb_key_bits >> 3); 464 printf(" }\n"); 465 return; 466 } 467 468 static void 469 kdebug_sadb_x_sa2(struct sadb_ext *ext) 470 { 471 struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 472 473 /* sanity check */ 474 if (ext == NULL) 475 panic("%s: NULL pointer was passed.\n", __func__); 476 477 printf("sadb_x_sa2{ mode=%u reqid=%u\n", 478 sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 479 printf(" reserved1=%u reserved2=%u sequence=%u }\n", 480 sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 481 sa2->sadb_x_sa2_sequence); 482 483 return; 484 } 485 486 static void 487 kdebug_sadb_x_sa_replay(struct sadb_ext *ext) 488 { 489 struct sadb_x_sa_replay *replay; 490 491 /* sanity check */ 492 if (ext == NULL) 493 panic("%s: NULL pointer was passed.\n", __func__); 494 495 replay = (struct sadb_x_sa_replay *)ext; 496 printf("sadb_x_sa_replay{ replay=%u }\n", 497 replay->sadb_x_sa_replay_replay); 498 } 499 500 static void 501 kdebug_sadb_x_natt(struct sadb_ext *ext) 502 { 503 struct sadb_x_nat_t_type *type; 504 struct sadb_x_nat_t_port *port; 505 506 /* sanity check */ 507 if (ext == NULL) 508 panic("%s: NULL pointer was passed.\n", __func__); 509 510 if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) { 511 type = (struct sadb_x_nat_t_type *)ext; 512 printf("sadb_x_nat_t_type{ type=%u }\n", 513 type->sadb_x_nat_t_type_type); 514 } else { 515 port = (struct sadb_x_nat_t_port *)ext; 516 printf("sadb_x_nat_t_port{ port=%u }\n", 517 ntohs(port->sadb_x_nat_t_port_port)); 518 } 519 } 520 521 void 522 kdebug_sadb_x_policy(struct sadb_ext *ext) 523 { 524 struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 525 struct sockaddr *addr; 526 527 /* sanity check */ 528 if (ext == NULL) 529 panic("%s: NULL pointer was passed.\n", __func__); 530 531 printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n", 532 xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 533 xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope, 534 xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ? 535 "ifindex": "priority", xpl->sadb_x_policy_priority); 536 537 if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 538 int tlen; 539 struct sadb_x_ipsecrequest *xisr; 540 541 tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 542 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 543 544 while (tlen > 0) { 545 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 546 xisr->sadb_x_ipsecrequest_len, 547 xisr->sadb_x_ipsecrequest_proto, 548 xisr->sadb_x_ipsecrequest_mode, 549 xisr->sadb_x_ipsecrequest_level, 550 xisr->sadb_x_ipsecrequest_reqid); 551 552 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 553 addr = (struct sockaddr *)(xisr + 1); 554 kdebug_sockaddr(addr); 555 addr = (struct sockaddr *)((caddr_t)addr 556 + addr->sa_len); 557 kdebug_sockaddr(addr); 558 } 559 560 printf(" }\n"); 561 562 /* prevent infinite loop */ 563 if (xisr->sadb_x_ipsecrequest_len <= 0) { 564 printf("%s: wrong policy struct.\n", __func__); 565 return; 566 } 567 /* prevent overflow */ 568 if (xisr->sadb_x_ipsecrequest_len > tlen) { 569 printf("%s: invalid ipsec policy length " 570 "(%u > %u)\n", __func__, 571 xisr->sadb_x_ipsecrequest_len, tlen); 572 return; 573 } 574 575 tlen -= xisr->sadb_x_ipsecrequest_len; 576 577 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 578 + xisr->sadb_x_ipsecrequest_len); 579 } 580 581 if (tlen != 0) 582 panic("%s: wrong policy struct.\n", __func__); 583 } 584 585 return; 586 } 587 588 #ifdef _KERNEL 589 /* %%%: about SPD and SAD */ 590 const char* 591 kdebug_secpolicy_state(u_int state) 592 { 593 594 switch (state) { 595 case IPSEC_SPSTATE_DEAD: 596 return ("dead"); 597 case IPSEC_SPSTATE_LARVAL: 598 return ("larval"); 599 case IPSEC_SPSTATE_ALIVE: 600 return ("alive"); 601 case IPSEC_SPSTATE_PCB: 602 return ("pcb"); 603 case IPSEC_SPSTATE_IFNET: 604 return ("ifnet"); 605 } 606 return ("unknown"); 607 } 608 609 const char* 610 kdebug_secpolicy_policy(u_int policy) 611 { 612 613 switch (policy) { 614 case IPSEC_POLICY_DISCARD: 615 return ("discard"); 616 case IPSEC_POLICY_NONE: 617 return ("none"); 618 case IPSEC_POLICY_IPSEC: 619 return ("ipsec"); 620 case IPSEC_POLICY_ENTRUST: 621 return ("entrust"); 622 case IPSEC_POLICY_BYPASS: 623 return ("bypass"); 624 } 625 return ("unknown"); 626 } 627 628 const char* 629 kdebug_secpolicyindex_dir(u_int dir) 630 { 631 632 switch (dir) { 633 case IPSEC_DIR_ANY: 634 return ("any"); 635 case IPSEC_DIR_INBOUND: 636 return ("in"); 637 case IPSEC_DIR_OUTBOUND: 638 return ("out"); 639 } 640 return ("unknown"); 641 } 642 643 const char* 644 kdebug_ipsecrequest_level(u_int level) 645 { 646 647 switch (level) { 648 case IPSEC_LEVEL_DEFAULT: 649 return ("default"); 650 case IPSEC_LEVEL_USE: 651 return ("use"); 652 case IPSEC_LEVEL_REQUIRE: 653 return ("require"); 654 case IPSEC_LEVEL_UNIQUE: 655 return ("unique"); 656 } 657 return ("unknown"); 658 } 659 660 const char* 661 kdebug_secasindex_mode(u_int mode) 662 { 663 664 switch (mode) { 665 case IPSEC_MODE_ANY: 666 return ("any"); 667 case IPSEC_MODE_TRANSPORT: 668 return ("transport"); 669 case IPSEC_MODE_TUNNEL: 670 return ("tunnel"); 671 case IPSEC_MODE_TCPMD5: 672 return ("tcp-md5"); 673 } 674 return ("unknown"); 675 } 676 677 const char* 678 kdebug_secasv_state(u_int state) 679 { 680 681 switch (state) { 682 case SADB_SASTATE_LARVAL: 683 return ("larval"); 684 case SADB_SASTATE_MATURE: 685 return ("mature"); 686 case SADB_SASTATE_DYING: 687 return ("dying"); 688 case SADB_SASTATE_DEAD: 689 return ("dead"); 690 } 691 return ("unknown"); 692 } 693 694 static char* 695 kdebug_port2str(const struct sockaddr *sa, char *buf, size_t len) 696 { 697 uint16_t port; 698 699 IPSEC_ASSERT(sa != NULL, ("null sa")); 700 switch (sa->sa_family) { 701 #ifdef INET 702 case AF_INET: 703 port = ntohs(((const struct sockaddr_in *)sa)->sin_port); 704 break; 705 #endif 706 #ifdef INET6 707 case AF_INET6: 708 port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port); 709 break; 710 #endif 711 default: 712 port = 0; 713 } 714 if (port == 0) 715 return ("*"); 716 snprintf(buf, len, "%u", port); 717 return (buf); 718 } 719 720 void 721 kdebug_secpolicy(struct secpolicy *sp) 722 { 723 u_int idx; 724 725 IPSEC_ASSERT(sp != NULL, ("null sp")); 726 printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n", 727 sp->refcnt, sp->id, sp->priority, 728 kdebug_secpolicy_state(sp->state), 729 kdebug_secpolicy_policy(sp->policy)); 730 kdebug_secpolicyindex(&sp->spidx, " "); 731 for (idx = 0; idx < sp->tcount; idx++) { 732 printf(" req[%u]{ level=%s ", idx, 733 kdebug_ipsecrequest_level(sp->req[idx]->level)); 734 kdebug_secasindex(&sp->req[idx]->saidx, NULL); 735 printf(" }\n"); 736 } 737 printf("}\n"); 738 } 739 740 void 741 kdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent) 742 { 743 char buf[IPSEC_ADDRSTRLEN]; 744 745 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 746 if (indent != NULL) 747 printf("%s", indent); 748 printf("spidx { dir=%s ul_proto=", 749 kdebug_secpolicyindex_dir(spidx->dir)); 750 if (spidx->ul_proto == IPSEC_ULPROTO_ANY) 751 printf("* "); 752 else 753 printf("%u ", spidx->ul_proto); 754 printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)), 755 spidx->prefs); 756 printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)), 757 spidx->prefd); 758 } 759 760 void 761 kdebug_secasindex(const struct secasindex *saidx, const char *indent) 762 { 763 char buf[IPSEC_ADDRSTRLEN], port[6]; 764 765 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 766 if (indent != NULL) 767 printf("%s", indent); 768 printf("saidx { mode=%s proto=%u reqid=%u ", 769 kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid); 770 printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)), 771 kdebug_port2str(&saidx->src.sa, port, sizeof(port))); 772 printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)), 773 kdebug_port2str(&saidx->dst.sa, port, sizeof(port))); 774 } 775 776 static void 777 kdebug_sec_lifetime(struct seclifetime *lft, const char *indent) 778 { 779 780 IPSEC_ASSERT(lft != NULL, ("null lft")); 781 if (indent != NULL) 782 printf("%s", indent); 783 printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n", 784 lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime, 785 (uintmax_t)lft->usetime); 786 } 787 788 void 789 kdebug_secash(struct secashead *sah, const char *indent) 790 { 791 792 IPSEC_ASSERT(sah != NULL, ("null sah")); 793 if (indent != NULL) 794 printf("%s", indent); 795 printf("SAH { refcnt=%u state=%s\n", sah->refcnt, 796 kdebug_secasv_state(sah->state)); 797 if (indent != NULL) 798 printf("%s", indent); 799 kdebug_secasindex(&sah->saidx, indent); 800 if (indent != NULL) 801 printf("%s", indent); 802 printf("}\n"); 803 } 804 805 #ifdef IPSEC_DEBUG 806 static void 807 kdebug_secreplay(struct secreplay *rpl) 808 { 809 int len, l; 810 811 SECREPLAY_LOCK(rpl); 812 813 IPSEC_ASSERT(rpl != NULL, ("null rpl")); 814 printf(" secreplay{ count=%lu bitmap_size=%u wsize=%u last=%lu", 815 rpl->count, rpl->bitmap_size, rpl->wsize, rpl->last); 816 817 if (rpl->bitmap == NULL) { 818 printf(" }\n"); 819 SECREPLAY_UNLOCK(rpl); 820 return; 821 } 822 823 printf("\n bitmap { "); 824 for (len = 0; len < rpl->bitmap_size*4; len++) { 825 for (l = 7; l >= 0; l--) 826 printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 827 } 828 printf(" }\n"); 829 SECREPLAY_UNLOCK(rpl); 830 } 831 #endif /* IPSEC_DEBUG */ 832 833 static void 834 kdebug_secnatt(struct secnatt *natt) 835 { 836 char buf[IPSEC_ADDRSTRLEN]; 837 838 IPSEC_ASSERT(natt != NULL, ("null natt")); 839 printf(" natt{ sport=%u dport=%u ", ntohs(natt->sport), 840 ntohs(natt->dport)); 841 if (natt->flags & IPSEC_NATT_F_OAI) 842 printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf))); 843 if (natt->flags & IPSEC_NATT_F_OAR) 844 printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf))); 845 printf("}\n"); 846 } 847 848 void 849 kdebug_secasv(struct secasvar *sav) 850 { 851 struct seclifetime lft_c; 852 853 IPSEC_ASSERT(sav != NULL, ("null sav")); 854 855 printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n", 856 sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid, 857 sav->flags, kdebug_secasv_state(sav->state)); 858 kdebug_secash(sav->sah, " "); 859 860 lft_c.addtime = sav->created; 861 lft_c.allocations = (uint32_t)counter_u64_fetch( 862 sav->lft_c_allocations); 863 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 864 lft_c.usetime = sav->firstused; 865 kdebug_sec_lifetime(&lft_c, " c_"); 866 if (sav->lft_h != NULL) 867 kdebug_sec_lifetime(sav->lft_h, " h_"); 868 if (sav->lft_s != NULL) 869 kdebug_sec_lifetime(sav->lft_s, " s_"); 870 871 if (sav->tdb_authalgxform != NULL) 872 printf(" alg_auth=%s\n", sav->tdb_authalgxform->name); 873 if (sav->key_auth != NULL) 874 KEYDBG(DUMP, 875 kdebug_sadb_key((struct sadb_ext *)sav->key_auth)); 876 if (sav->tdb_encalgxform != NULL) 877 printf(" alg_enc=%s\n", sav->tdb_encalgxform->name); 878 if (sav->key_enc != NULL) 879 KEYDBG(DUMP, 880 kdebug_sadb_key((struct sadb_ext *)sav->key_enc)); 881 if (sav->natt != NULL) 882 kdebug_secnatt(sav->natt); 883 if (sav->replay != NULL) { 884 KEYDBG(DUMP, 885 SECASVAR_RLOCK_TRACKER; 886 887 SECASVAR_RLOCK(sav); 888 kdebug_secreplay(sav->replay); 889 SECASVAR_RUNLOCK(sav)); 890 } 891 printf("}\n"); 892 } 893 894 void 895 kdebug_mbufhdr(const struct mbuf *m) 896 { 897 /* sanity check */ 898 if (m == NULL) 899 return; 900 901 printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 902 "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 903 m, m->m_next, m->m_nextpkt, m->m_data, 904 m->m_len, m->m_type, m->m_flags); 905 906 if (m->m_flags & M_PKTHDR) { 907 printf(" m_pkthdr{ len:%d rcvif:%p }\n", 908 m->m_pkthdr.len, m->m_pkthdr.rcvif); 909 } 910 911 if (m->m_flags & M_EXT) { 912 printf(" m_ext{ ext_buf:%p ext_free:%p " 913 "ext_size:%u ext_cnt:%p }\n", 914 m->m_ext.ext_buf, m->m_ext.ext_free, 915 m->m_ext.ext_size, m->m_ext.ext_cnt); 916 } 917 918 return; 919 } 920 921 void 922 kdebug_mbuf(const struct mbuf *m0) 923 { 924 const struct mbuf *m = m0; 925 int i; 926 927 for (; m; m = m->m_next) { 928 kdebug_mbufhdr(m); 929 printf(" m_data:\n"); 930 for (i = 0; i < m->m_len; i++) { 931 if (i && i % 32 == 0) 932 printf("\n"); 933 if (i % 4 == 0) 934 printf(" "); 935 printf("%02x", mtod(m, const u_char *)[i]); 936 } 937 printf("\n"); 938 } 939 940 return; 941 } 942 943 /* Return a printable string for the address. */ 944 char * 945 ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) 946 { 947 948 switch (sa->sa.sa_family) { 949 #ifdef INET 950 case AF_INET: 951 return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); 952 #endif /* INET */ 953 #ifdef INET6 954 case AF_INET6: 955 if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { 956 snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, 957 &sa->sin6.sin6_addr, buf, size), 958 sa->sin6.sin6_scope_id); 959 return (buf); 960 } else 961 return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, 962 buf, size)); 963 #endif /* INET6 */ 964 case 0: 965 return ("*"); 966 default: 967 return ("(unknown address family)"); 968 } 969 } 970 971 char * 972 ipsec_sa2str(struct secasvar *sav, char *buf, size_t size) 973 { 974 char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; 975 976 snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", 977 (u_long)ntohl(sav->spi), 978 ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), 979 ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); 980 return (buf); 981 } 982 983 #endif /* _KERNEL */ 984 985 void 986 kdebug_sockaddr(struct sockaddr *addr) 987 { 988 char buf[IPSEC_ADDRSTRLEN]; 989 990 /* sanity check */ 991 if (addr == NULL) 992 panic("%s: NULL pointer was passed.\n", __func__); 993 994 switch (addr->sa_family) { 995 #ifdef INET 996 case AF_INET: { 997 struct sockaddr_in *sin; 998 999 sin = (struct sockaddr_in *)addr; 1000 inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)); 1001 break; 1002 } 1003 #endif 1004 #ifdef INET6 1005 case AF_INET6: { 1006 struct sockaddr_in6 *sin6; 1007 1008 sin6 = (struct sockaddr_in6 *)addr; 1009 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1010 snprintf(buf, sizeof(buf), "%s%%%u", 1011 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 1012 sizeof(buf)), sin6->sin6_scope_id); 1013 } else 1014 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 1015 sizeof(buf)); 1016 break; 1017 } 1018 #endif 1019 default: 1020 sprintf(buf, "unknown"); 1021 } 1022 printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len, 1023 addr->sa_family, buf); 1024 } 1025 1026 void 1027 ipsec_bindump(caddr_t buf, int len) 1028 { 1029 int i; 1030 1031 for (i = 0; i < len; i++) 1032 printf("%c", (unsigned char)buf[i]); 1033 1034 return; 1035 } 1036 1037 void 1038 ipsec_hexdump(caddr_t buf, int len) 1039 { 1040 int i; 1041 1042 for (i = 0; i < len; i++) { 1043 if (i != 0 && i % 32 == 0) printf("\n"); 1044 if (i % 4 == 0) printf(" "); 1045 printf("%02x", (unsigned char)buf[i]); 1046 } 1047 #if 0 1048 if (i % 32 != 0) printf("\n"); 1049 #endif 1050 1051 return; 1052 } 1053