1 | /* $NetBSD: key_debug.c,v 1.9 2008/12/05 06:02:20 tteras Exp $ */ |
---|
2 | |
---|
3 | /* $KAME: key_debug.c,v 1.29 2001/08/16 14:25:41 itojun Exp $ */ |
---|
4 | |
---|
5 | /* |
---|
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
---|
7 | * All rights reserved. |
---|
8 | * |
---|
9 | * Redistribution and use in source and binary forms, with or without |
---|
10 | * modification, are permitted provided that the following conditions |
---|
11 | * are met: |
---|
12 | * 1. Redistributions of source code must retain the above copyright |
---|
13 | * notice, this list of conditions and the following disclaimer. |
---|
14 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
15 | * notice, this list of conditions and the following disclaimer in the |
---|
16 | * documentation and/or other materials provided with the distribution. |
---|
17 | * 3. Neither the name of the project nor the names of its contributors |
---|
18 | * may be used to endorse or promote products derived from this software |
---|
19 | * without specific prior written permission. |
---|
20 | * |
---|
21 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
31 | * SUCH DAMAGE. |
---|
32 | */ |
---|
33 | |
---|
34 | #ifdef HAVE_CONFIG_H |
---|
35 | #include "config.h" |
---|
36 | #endif |
---|
37 | |
---|
38 | #ifdef _KERNEL |
---|
39 | #if defined(__FreeBSD__) && __FreeBSD__ >= 3 |
---|
40 | #include "opt_inet.h" |
---|
41 | #include "opt_inet6.h" |
---|
42 | #include "opt_ipsec.h" |
---|
43 | #endif |
---|
44 | #ifdef __NetBSD__ |
---|
45 | #include "opt_inet.h" |
---|
46 | #endif |
---|
47 | #endif |
---|
48 | |
---|
49 | #if HAVE_STDINT_H |
---|
50 | #include <stdint.h> |
---|
51 | #endif |
---|
52 | |
---|
53 | #include <sys/types.h> |
---|
54 | #include <sys/param.h> |
---|
55 | #ifdef _KERNEL |
---|
56 | #include <sys/systm.h> |
---|
57 | #include <sys/mbuf.h> |
---|
58 | #include <sys/queue.h> |
---|
59 | #endif |
---|
60 | #include <sys/socket.h> |
---|
61 | |
---|
62 | #include <netinet/in.h> |
---|
63 | #include PATH_IPSEC_H |
---|
64 | |
---|
65 | #ifndef _KERNEL |
---|
66 | #include <ctype.h> |
---|
67 | #include <stdio.h> |
---|
68 | #include <stdlib.h> |
---|
69 | #endif /* !_KERNEL */ |
---|
70 | |
---|
71 | #include "config.h" |
---|
72 | #include "libpfkey.h" |
---|
73 | |
---|
74 | static void kdebug_sadb_prop __P((struct sadb_ext *)); |
---|
75 | static void kdebug_sadb_identity __P((struct sadb_ext *)); |
---|
76 | static void kdebug_sadb_supported __P((struct sadb_ext *)); |
---|
77 | static void kdebug_sadb_lifetime __P((struct sadb_ext *)); |
---|
78 | static void kdebug_sadb_sa __P((struct sadb_ext *)); |
---|
79 | static void kdebug_sadb_address __P((struct sadb_ext *)); |
---|
80 | static void kdebug_sadb_key __P((struct sadb_ext *)); |
---|
81 | static void kdebug_sadb_x_sa2 __P((struct sadb_ext *)); |
---|
82 | static void kdebug_sadb_x_policy __P((struct sadb_ext *ext)); |
---|
83 | static void kdebug_sockaddr __P((struct sockaddr *addr)); |
---|
84 | |
---|
85 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
86 | static void kdebug_sadb_x_nat_t_type __P((struct sadb_ext *ext)); |
---|
87 | static void kdebug_sadb_x_nat_t_port __P((struct sadb_ext *ext)); |
---|
88 | #endif |
---|
89 | |
---|
90 | #ifdef SADB_X_EXT_PACKET |
---|
91 | static void kdebug_sadb_x_packet __P((struct sadb_ext *)); |
---|
92 | #endif |
---|
93 | |
---|
94 | #ifdef SADB_X_EXT_KMADDRESS |
---|
95 | static void kdebug_sadb_x_kmaddress __P((struct sadb_ext *)); |
---|
96 | #endif |
---|
97 | |
---|
98 | #ifdef _KERNEL |
---|
99 | static void kdebug_secreplay __P((struct secreplay *)); |
---|
100 | #endif |
---|
101 | |
---|
102 | #ifndef _KERNEL |
---|
103 | #define panic(param) { printf(param); exit(1); } |
---|
104 | #endif |
---|
105 | |
---|
106 | #include "libpfkey.h" |
---|
107 | /* NOTE: host byte order */ |
---|
108 | |
---|
109 | /* %%%: about struct sadb_msg */ |
---|
110 | void |
---|
111 | kdebug_sadb(base) |
---|
112 | struct sadb_msg *base; |
---|
113 | { |
---|
114 | struct sadb_ext *ext; |
---|
115 | int tlen, extlen; |
---|
116 | |
---|
117 | /* sanity check */ |
---|
118 | if (base == NULL) |
---|
119 | panic("kdebug_sadb: NULL pointer was passed.\n"); |
---|
120 | |
---|
121 | printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n", |
---|
122 | base->sadb_msg_version, base->sadb_msg_type, |
---|
123 | base->sadb_msg_errno, base->sadb_msg_satype); |
---|
124 | printf(" len=%u reserved=%u seq=%u pid=%u\n", |
---|
125 | base->sadb_msg_len, base->sadb_msg_reserved, |
---|
126 | base->sadb_msg_seq, base->sadb_msg_pid); |
---|
127 | |
---|
128 | tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); |
---|
129 | ext = (void *)((caddr_t)(void *)base + sizeof(struct sadb_msg)); |
---|
130 | |
---|
131 | while (tlen > 0) { |
---|
132 | printf("sadb_ext{ len=%u type=%u }\n", |
---|
133 | ext->sadb_ext_len, ext->sadb_ext_type); |
---|
134 | |
---|
135 | if (ext->sadb_ext_len == 0) { |
---|
136 | printf("kdebug_sadb: invalid ext_len=0 was passed.\n"); |
---|
137 | return; |
---|
138 | } |
---|
139 | if (ext->sadb_ext_len > tlen) { |
---|
140 | printf("kdebug_sadb: ext_len exceeds end of buffer.\n"); |
---|
141 | return; |
---|
142 | } |
---|
143 | |
---|
144 | switch (ext->sadb_ext_type) { |
---|
145 | case SADB_EXT_SA: |
---|
146 | kdebug_sadb_sa(ext); |
---|
147 | break; |
---|
148 | case SADB_EXT_LIFETIME_CURRENT: |
---|
149 | case SADB_EXT_LIFETIME_HARD: |
---|
150 | case SADB_EXT_LIFETIME_SOFT: |
---|
151 | kdebug_sadb_lifetime(ext); |
---|
152 | break; |
---|
153 | case SADB_EXT_ADDRESS_SRC: |
---|
154 | case SADB_EXT_ADDRESS_DST: |
---|
155 | case SADB_EXT_ADDRESS_PROXY: |
---|
156 | kdebug_sadb_address(ext); |
---|
157 | break; |
---|
158 | case SADB_EXT_KEY_AUTH: |
---|
159 | case SADB_EXT_KEY_ENCRYPT: |
---|
160 | kdebug_sadb_key(ext); |
---|
161 | break; |
---|
162 | case SADB_EXT_IDENTITY_SRC: |
---|
163 | case SADB_EXT_IDENTITY_DST: |
---|
164 | kdebug_sadb_identity(ext); |
---|
165 | break; |
---|
166 | case SADB_EXT_SENSITIVITY: |
---|
167 | break; |
---|
168 | case SADB_EXT_PROPOSAL: |
---|
169 | kdebug_sadb_prop(ext); |
---|
170 | break; |
---|
171 | case SADB_EXT_SUPPORTED_AUTH: |
---|
172 | case SADB_EXT_SUPPORTED_ENCRYPT: |
---|
173 | kdebug_sadb_supported(ext); |
---|
174 | break; |
---|
175 | case SADB_EXT_SPIRANGE: |
---|
176 | case SADB_X_EXT_KMPRIVATE: |
---|
177 | break; |
---|
178 | case SADB_X_EXT_POLICY: |
---|
179 | kdebug_sadb_x_policy(ext); |
---|
180 | break; |
---|
181 | case SADB_X_EXT_SA2: |
---|
182 | kdebug_sadb_x_sa2(ext); |
---|
183 | break; |
---|
184 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
185 | case SADB_X_EXT_NAT_T_TYPE: |
---|
186 | kdebug_sadb_x_nat_t_type(ext); |
---|
187 | break; |
---|
188 | case SADB_X_EXT_NAT_T_SPORT: |
---|
189 | case SADB_X_EXT_NAT_T_DPORT: |
---|
190 | kdebug_sadb_x_nat_t_port(ext); |
---|
191 | break; |
---|
192 | case SADB_X_EXT_NAT_T_OA: |
---|
193 | kdebug_sadb_address(ext); |
---|
194 | break; |
---|
195 | #endif |
---|
196 | #ifdef SADB_X_EXT_PACKET |
---|
197 | case SADB_X_EXT_PACKET: |
---|
198 | kdebug_sadb_x_packet(ext); |
---|
199 | break; |
---|
200 | #endif |
---|
201 | #ifdef SADB_X_EXT_KMADDRESS |
---|
202 | case SADB_X_EXT_KMADDRESS: |
---|
203 | kdebug_sadb_x_kmaddress(ext); |
---|
204 | break; |
---|
205 | #endif |
---|
206 | default: |
---|
207 | printf("kdebug_sadb: invalid ext_type %u was passed.\n", |
---|
208 | ext->sadb_ext_type); |
---|
209 | return; |
---|
210 | } |
---|
211 | |
---|
212 | extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); |
---|
213 | tlen -= extlen; |
---|
214 | ext = (void *)((caddr_t)(void *)ext + extlen); |
---|
215 | } |
---|
216 | |
---|
217 | return; |
---|
218 | } |
---|
219 | |
---|
220 | static void |
---|
221 | kdebug_sadb_prop(ext) |
---|
222 | struct sadb_ext *ext; |
---|
223 | { |
---|
224 | struct sadb_prop *prop = (void *)ext; |
---|
225 | struct sadb_comb *comb; |
---|
226 | int len; |
---|
227 | |
---|
228 | /* sanity check */ |
---|
229 | if (ext == NULL) |
---|
230 | panic("kdebug_sadb_prop: NULL pointer was passed.\n"); |
---|
231 | |
---|
232 | len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) |
---|
233 | / sizeof(*comb); |
---|
234 | comb = (void *)(prop + 1); |
---|
235 | printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); |
---|
236 | |
---|
237 | while (len--) { |
---|
238 | printf("sadb_comb{ auth=%u encrypt=%u " |
---|
239 | "flags=0x%04x reserved=0x%08x\n", |
---|
240 | comb->sadb_comb_auth, comb->sadb_comb_encrypt, |
---|
241 | comb->sadb_comb_flags, comb->sadb_comb_reserved); |
---|
242 | |
---|
243 | printf(" auth_minbits=%u auth_maxbits=%u " |
---|
244 | "encrypt_minbits=%u encrypt_maxbits=%u\n", |
---|
245 | comb->sadb_comb_auth_minbits, |
---|
246 | comb->sadb_comb_auth_maxbits, |
---|
247 | comb->sadb_comb_encrypt_minbits, |
---|
248 | comb->sadb_comb_encrypt_maxbits); |
---|
249 | |
---|
250 | printf(" soft_alloc=%u hard_alloc=%u " |
---|
251 | "soft_bytes=%lu hard_bytes=%lu\n", |
---|
252 | comb->sadb_comb_soft_allocations, |
---|
253 | comb->sadb_comb_hard_allocations, |
---|
254 | (unsigned long)comb->sadb_comb_soft_bytes, |
---|
255 | (unsigned long)comb->sadb_comb_hard_bytes); |
---|
256 | |
---|
257 | printf(" soft_alloc=%lu hard_alloc=%lu " |
---|
258 | "soft_bytes=%lu hard_bytes=%lu }\n", |
---|
259 | (unsigned long)comb->sadb_comb_soft_addtime, |
---|
260 | (unsigned long)comb->sadb_comb_hard_addtime, |
---|
261 | (unsigned long)comb->sadb_comb_soft_usetime, |
---|
262 | (unsigned long)comb->sadb_comb_hard_usetime); |
---|
263 | comb++; |
---|
264 | } |
---|
265 | printf("}\n"); |
---|
266 | |
---|
267 | return; |
---|
268 | } |
---|
269 | |
---|
270 | static void |
---|
271 | kdebug_sadb_identity(ext) |
---|
272 | struct sadb_ext *ext; |
---|
273 | { |
---|
274 | struct sadb_ident *id = (void *)ext; |
---|
275 | int len; |
---|
276 | |
---|
277 | /* sanity check */ |
---|
278 | if (ext == NULL) |
---|
279 | panic("kdebug_sadb_identity: NULL pointer was passed.\n"); |
---|
280 | |
---|
281 | len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); |
---|
282 | printf("sadb_ident_%s{", |
---|
283 | id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); |
---|
284 | switch (id->sadb_ident_type) { |
---|
285 | default: |
---|
286 | printf(" type=%d id=%lu", |
---|
287 | id->sadb_ident_type, (u_long)id->sadb_ident_id); |
---|
288 | if (len) { |
---|
289 | #ifdef _KERNEL |
---|
290 | ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ |
---|
291 | #else |
---|
292 | char *p, *ep; |
---|
293 | printf("\n str=\""); |
---|
294 | p = (void *)(id + 1); |
---|
295 | ep = p + len; |
---|
296 | for (/*nothing*/; *p && p < ep; p++) { |
---|
297 | if (isprint((int)*p)) |
---|
298 | printf("%c", *p & 0xff); |
---|
299 | else |
---|
300 | printf("\\%03o", *p & 0xff); |
---|
301 | } |
---|
302 | #endif |
---|
303 | printf("\""); |
---|
304 | } |
---|
305 | break; |
---|
306 | } |
---|
307 | |
---|
308 | printf(" }\n"); |
---|
309 | |
---|
310 | return; |
---|
311 | } |
---|
312 | |
---|
313 | static void |
---|
314 | kdebug_sadb_supported(ext) |
---|
315 | struct sadb_ext *ext; |
---|
316 | { |
---|
317 | struct sadb_supported *sup = (void *)ext; |
---|
318 | struct sadb_alg *alg; |
---|
319 | int len; |
---|
320 | |
---|
321 | /* sanity check */ |
---|
322 | if (ext == NULL) |
---|
323 | panic("kdebug_sadb_supported: NULL pointer was passed.\n"); |
---|
324 | |
---|
325 | len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) |
---|
326 | / sizeof(*alg); |
---|
327 | alg = (void *)(sup + 1); |
---|
328 | printf("sadb_sup{\n"); |
---|
329 | while (len--) { |
---|
330 | printf(" { id=%d ivlen=%d min=%d max=%d }\n", |
---|
331 | alg->sadb_alg_id, alg->sadb_alg_ivlen, |
---|
332 | alg->sadb_alg_minbits, alg->sadb_alg_maxbits); |
---|
333 | alg++; |
---|
334 | } |
---|
335 | printf("}\n"); |
---|
336 | |
---|
337 | return; |
---|
338 | } |
---|
339 | |
---|
340 | static void |
---|
341 | kdebug_sadb_lifetime(ext) |
---|
342 | struct sadb_ext *ext; |
---|
343 | { |
---|
344 | struct sadb_lifetime *lft = (void *)ext; |
---|
345 | |
---|
346 | /* sanity check */ |
---|
347 | if (ext == NULL) |
---|
348 | printf("kdebug_sadb_lifetime: NULL pointer was passed.\n"); |
---|
349 | |
---|
350 | printf("sadb_lifetime{ alloc=%u, bytes=%u\n", |
---|
351 | lft->sadb_lifetime_allocations, |
---|
352 | (u_int32_t)lft->sadb_lifetime_bytes); |
---|
353 | printf(" addtime=%u, usetime=%u }\n", |
---|
354 | (u_int32_t)lft->sadb_lifetime_addtime, |
---|
355 | (u_int32_t)lft->sadb_lifetime_usetime); |
---|
356 | |
---|
357 | return; |
---|
358 | } |
---|
359 | |
---|
360 | static void |
---|
361 | kdebug_sadb_sa(ext) |
---|
362 | struct sadb_ext *ext; |
---|
363 | { |
---|
364 | struct sadb_sa *sa = (void *)ext; |
---|
365 | |
---|
366 | /* sanity check */ |
---|
367 | if (ext == NULL) |
---|
368 | panic("kdebug_sadb_sa: NULL pointer was passed.\n"); |
---|
369 | |
---|
370 | printf("sadb_sa{ spi=%u replay=%u state=%u\n", |
---|
371 | (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, |
---|
372 | sa->sadb_sa_state); |
---|
373 | printf(" auth=%u encrypt=%u flags=0x%08x }\n", |
---|
374 | sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); |
---|
375 | |
---|
376 | return; |
---|
377 | } |
---|
378 | |
---|
379 | static void |
---|
380 | kdebug_sadb_address(ext) |
---|
381 | struct sadb_ext *ext; |
---|
382 | { |
---|
383 | struct sadb_address *addr = (void *)ext; |
---|
384 | |
---|
385 | /* sanity check */ |
---|
386 | if (ext == NULL) |
---|
387 | panic("kdebug_sadb_address: NULL pointer was passed.\n"); |
---|
388 | |
---|
389 | printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", |
---|
390 | addr->sadb_address_proto, addr->sadb_address_prefixlen, |
---|
391 | ((u_char *)(void *)&addr->sadb_address_reserved)[0], |
---|
392 | ((u_char *)(void *)&addr->sadb_address_reserved)[1]); |
---|
393 | |
---|
394 | kdebug_sockaddr((void *)((caddr_t)(void *)ext + sizeof(*addr))); |
---|
395 | |
---|
396 | return; |
---|
397 | } |
---|
398 | |
---|
399 | static void |
---|
400 | kdebug_sadb_key(ext) |
---|
401 | struct sadb_ext *ext; |
---|
402 | { |
---|
403 | struct sadb_key *key = (void *)ext; |
---|
404 | |
---|
405 | /* sanity check */ |
---|
406 | if (ext == NULL) |
---|
407 | panic("kdebug_sadb_key: NULL pointer was passed.\n"); |
---|
408 | |
---|
409 | printf("sadb_key{ bits=%u reserved=%u\n", |
---|
410 | key->sadb_key_bits, key->sadb_key_reserved); |
---|
411 | printf(" key="); |
---|
412 | |
---|
413 | /* sanity check 2 */ |
---|
414 | if (((uint32_t)key->sadb_key_bits >> 3) > |
---|
415 | (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { |
---|
416 | printf("kdebug_sadb_key: key length mismatch, bit:%d len:%ld.\n", |
---|
417 | (uint32_t)key->sadb_key_bits >> 3, |
---|
418 | (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); |
---|
419 | } |
---|
420 | |
---|
421 | ipsec_hexdump(key + sizeof(struct sadb_key), |
---|
422 | (int)((uint32_t)key->sadb_key_bits >> 3)); |
---|
423 | printf(" }\n"); |
---|
424 | return; |
---|
425 | } |
---|
426 | |
---|
427 | static void |
---|
428 | kdebug_sadb_x_sa2(ext) |
---|
429 | struct sadb_ext *ext; |
---|
430 | { |
---|
431 | struct sadb_x_sa2 *sa2 = (void *)ext; |
---|
432 | |
---|
433 | /* sanity check */ |
---|
434 | if (ext == NULL) |
---|
435 | panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n"); |
---|
436 | |
---|
437 | printf("sadb_x_sa2{ mode=%u reqid=%u\n", |
---|
438 | sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); |
---|
439 | printf(" reserved1=%u reserved2=%u sequence=%u }\n", |
---|
440 | sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, |
---|
441 | sa2->sadb_x_sa2_sequence); |
---|
442 | |
---|
443 | return; |
---|
444 | } |
---|
445 | |
---|
446 | void |
---|
447 | kdebug_sadb_x_policy(ext) |
---|
448 | struct sadb_ext *ext; |
---|
449 | { |
---|
450 | struct sadb_x_policy *xpl = (void *)ext; |
---|
451 | struct sockaddr *addr; |
---|
452 | |
---|
453 | /* sanity check */ |
---|
454 | if (ext == NULL) |
---|
455 | panic("kdebug_sadb_x_policy: NULL pointer was passed.\n"); |
---|
456 | |
---|
457 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
---|
458 | printf("sadb_x_policy{ type=%u dir=%u id=%x priority=%u }\n", |
---|
459 | #else |
---|
460 | printf("sadb_x_policy{ type=%u dir=%u id=%x }\n", |
---|
461 | #endif |
---|
462 | xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, |
---|
463 | #ifdef HAVE_PFKEY_POLICY_PRIORITY |
---|
464 | xpl->sadb_x_policy_id, xpl->sadb_x_policy_priority); |
---|
465 | #else |
---|
466 | xpl->sadb_x_policy_id); |
---|
467 | #endif |
---|
468 | |
---|
469 | if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { |
---|
470 | int tlen; |
---|
471 | struct sadb_x_ipsecrequest *xisr; |
---|
472 | |
---|
473 | tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); |
---|
474 | xisr = (void *)(xpl + 1); |
---|
475 | |
---|
476 | while (tlen > 0) { |
---|
477 | printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", |
---|
478 | xisr->sadb_x_ipsecrequest_len, |
---|
479 | xisr->sadb_x_ipsecrequest_proto, |
---|
480 | xisr->sadb_x_ipsecrequest_mode, |
---|
481 | xisr->sadb_x_ipsecrequest_level, |
---|
482 | xisr->sadb_x_ipsecrequest_reqid); |
---|
483 | |
---|
484 | if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { |
---|
485 | addr = (void *)(xisr + 1); |
---|
486 | kdebug_sockaddr(addr); |
---|
487 | addr = (void *)((caddr_t)(void *)addr |
---|
488 | + sysdep_sa_len(addr)); |
---|
489 | kdebug_sockaddr(addr); |
---|
490 | } |
---|
491 | |
---|
492 | printf(" }\n"); |
---|
493 | |
---|
494 | /* prevent infinite loop */ |
---|
495 | if (xisr->sadb_x_ipsecrequest_len == 0) { |
---|
496 | printf("kdebug_sadb_x_policy: wrong policy struct.\n"); |
---|
497 | return; |
---|
498 | } |
---|
499 | /* prevent overflow */ |
---|
500 | if (xisr->sadb_x_ipsecrequest_len > tlen) { |
---|
501 | printf("invalid ipsec policy length\n"); |
---|
502 | return; |
---|
503 | } |
---|
504 | |
---|
505 | tlen -= xisr->sadb_x_ipsecrequest_len; |
---|
506 | |
---|
507 | xisr = (void *)((caddr_t)(void *)xisr |
---|
508 | + xisr->sadb_x_ipsecrequest_len); |
---|
509 | } |
---|
510 | |
---|
511 | if (tlen != 0) |
---|
512 | panic("kdebug_sadb_x_policy: wrong policy struct.\n"); |
---|
513 | } |
---|
514 | |
---|
515 | return; |
---|
516 | } |
---|
517 | |
---|
518 | #ifdef SADB_X_EXT_NAT_T_TYPE |
---|
519 | static void |
---|
520 | kdebug_sadb_x_nat_t_type(struct sadb_ext *ext) |
---|
521 | { |
---|
522 | struct sadb_x_nat_t_type *ntt = (void *)ext; |
---|
523 | |
---|
524 | /* sanity check */ |
---|
525 | if (ext == NULL) |
---|
526 | panic("kdebug_sadb_x_nat_t_type: NULL pointer was passed.\n"); |
---|
527 | |
---|
528 | printf("sadb_x_nat_t_type{ type=%u }\n", ntt->sadb_x_nat_t_type_type); |
---|
529 | |
---|
530 | return; |
---|
531 | } |
---|
532 | |
---|
533 | static void |
---|
534 | kdebug_sadb_x_nat_t_port(struct sadb_ext *ext) |
---|
535 | { |
---|
536 | struct sadb_x_nat_t_port *ntp = (void *)ext; |
---|
537 | |
---|
538 | /* sanity check */ |
---|
539 | if (ext == NULL) |
---|
540 | panic("kdebug_sadb_x_nat_t_port: NULL pointer was passed.\n"); |
---|
541 | |
---|
542 | printf("sadb_x_nat_t_port{ port=%u }\n", ntohs(ntp->sadb_x_nat_t_port_port)); |
---|
543 | |
---|
544 | return; |
---|
545 | } |
---|
546 | #endif |
---|
547 | |
---|
548 | #ifdef SADB_X_EXT_PACKET |
---|
549 | static void |
---|
550 | kdebug_sadb_x_packet(ext) |
---|
551 | struct sadb_ext *ext; |
---|
552 | { |
---|
553 | struct sadb_x_packet *pkt = (struct sadb_x_packet *)ext; |
---|
554 | |
---|
555 | /* sanity check */ |
---|
556 | if (ext == NULL) |
---|
557 | panic("kdebug_sadb_x_packet: NULL pointer was passed.\n"); |
---|
558 | |
---|
559 | printf("sadb_x_packet{ copylen=%u\n", pkt->sadb_x_packet_copylen); |
---|
560 | printf(" packet="); |
---|
561 | ipsec_hexdump((caddr_t)pkt + sizeof(struct sadb_x_packet), |
---|
562 | pkt->sadb_x_packet_copylen); |
---|
563 | printf(" }\n"); |
---|
564 | return; |
---|
565 | } |
---|
566 | #endif |
---|
567 | |
---|
568 | #ifdef SADB_X_EXT_KMADDRESS |
---|
569 | static void |
---|
570 | kdebug_sadb_x_kmaddress(ext) |
---|
571 | struct sadb_ext *ext; |
---|
572 | { |
---|
573 | struct sadb_x_kmaddress *kma = (struct sadb_x_kmaddress *)ext; |
---|
574 | struct sockaddr * sa; |
---|
575 | sa_family_t family; |
---|
576 | int len, sa_len; |
---|
577 | |
---|
578 | /* sanity check */ |
---|
579 | if (ext == NULL) |
---|
580 | panic("kdebug_sadb_x_kmaddress: NULL pointer was passed.\n"); |
---|
581 | |
---|
582 | len = (PFKEY_UNUNIT64(kma->sadb_x_kmaddress_len) - sizeof(*kma)); |
---|
583 | |
---|
584 | printf("sadb_x_kmaddress{ reserved=0x%02x%02x%02x%02x }\n", |
---|
585 | ((u_char *)(void *)&kma->sadb_x_kmaddress_reserved)[0], |
---|
586 | ((u_char *)(void *)&kma->sadb_x_kmaddress_reserved)[1], |
---|
587 | ((u_char *)(void *)&kma->sadb_x_kmaddress_reserved)[2], |
---|
588 | ((u_char *)(void *)&kma->sadb_x_kmaddress_reserved)[3]); |
---|
589 | |
---|
590 | sa = (struct sockaddr *)(kma + 1); |
---|
591 | if (len < sizeof(struct sockaddr) || (sa_len = sysdep_sa_len(sa)) > len) |
---|
592 | panic("kdebug_sadb_x_kmaddress: not enough data to read" |
---|
593 | " first sockaddr.\n"); |
---|
594 | kdebug_sockaddr((void *)sa); /* local address */ |
---|
595 | family = sa->sa_family; |
---|
596 | |
---|
597 | len -= sa_len; |
---|
598 | sa = (struct sockaddr *)((char *)sa + sa_len); |
---|
599 | if (len < sizeof(struct sockaddr) || sysdep_sa_len(sa) > len) |
---|
600 | panic("kdebug_sadb_x_kmaddress: not enough data to read" |
---|
601 | " second sockaddr.\n"); |
---|
602 | kdebug_sockaddr((void *)sa); /* remote address */ |
---|
603 | |
---|
604 | if (family != sa->sa_family) |
---|
605 | printf("kdebug_sadb_x_kmaddress: !!!! Please, note the " |
---|
606 | "unexpected mismatch in address family.\n"); |
---|
607 | } |
---|
608 | #endif |
---|
609 | |
---|
610 | |
---|
611 | #ifdef _KERNEL |
---|
612 | /* %%%: about SPD and SAD */ |
---|
613 | void |
---|
614 | kdebug_secpolicy(sp) |
---|
615 | struct secpolicy *sp; |
---|
616 | { |
---|
617 | /* sanity check */ |
---|
618 | if (sp == NULL) |
---|
619 | panic("kdebug_secpolicy: NULL pointer was passed.\n"); |
---|
620 | |
---|
621 | printf("secpolicy{ refcnt=%u state=%u policy=%u\n", |
---|
622 | sp->refcnt, sp->state, sp->policy); |
---|
623 | |
---|
624 | kdebug_secpolicyindex(&sp->spidx); |
---|
625 | |
---|
626 | switch (sp->policy) { |
---|
627 | case IPSEC_POLICY_DISCARD: |
---|
628 | printf(" type=discard }\n"); |
---|
629 | break; |
---|
630 | case IPSEC_POLICY_NONE: |
---|
631 | printf(" type=none }\n"); |
---|
632 | break; |
---|
633 | case IPSEC_POLICY_IPSEC: |
---|
634 | { |
---|
635 | struct ipsecrequest *isr; |
---|
636 | for (isr = sp->req; isr != NULL; isr = isr->next) { |
---|
637 | |
---|
638 | printf(" level=%u\n", isr->level); |
---|
639 | kdebug_secasindex(&isr->saidx); |
---|
640 | |
---|
641 | if (isr->sav != NULL) |
---|
642 | kdebug_secasv(isr->sav); |
---|
643 | } |
---|
644 | printf(" }\n"); |
---|
645 | } |
---|
646 | break; |
---|
647 | case IPSEC_POLICY_BYPASS: |
---|
648 | printf(" type=bypass }\n"); |
---|
649 | break; |
---|
650 | case IPSEC_POLICY_ENTRUST: |
---|
651 | printf(" type=entrust }\n"); |
---|
652 | break; |
---|
653 | default: |
---|
654 | printf("kdebug_secpolicy: Invalid policy found. %d\n", |
---|
655 | sp->policy); |
---|
656 | break; |
---|
657 | } |
---|
658 | |
---|
659 | return; |
---|
660 | } |
---|
661 | |
---|
662 | void |
---|
663 | kdebug_secpolicyindex(spidx) |
---|
664 | struct secpolicyindex *spidx; |
---|
665 | { |
---|
666 | /* sanity check */ |
---|
667 | if (spidx == NULL) |
---|
668 | panic("kdebug_secpolicyindex: NULL pointer was passed.\n"); |
---|
669 | |
---|
670 | printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n", |
---|
671 | spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto); |
---|
672 | |
---|
673 | ipsec_hexdump((caddr_t)&spidx->src, |
---|
674 | sysdep_sa_len((struct sockaddr *)&spidx->src)); |
---|
675 | printf("\n"); |
---|
676 | ipsec_hexdump((caddr_t)&spidx->dst, |
---|
677 | sysdep_sa_len((struct sockaddr *)&spidx->dst)); |
---|
678 | printf("}\n"); |
---|
679 | |
---|
680 | return; |
---|
681 | } |
---|
682 | |
---|
683 | void |
---|
684 | kdebug_secasindex(saidx) |
---|
685 | struct secasindex *saidx; |
---|
686 | { |
---|
687 | /* sanity check */ |
---|
688 | if (saidx == NULL) |
---|
689 | panic("kdebug_secpolicyindex: NULL pointer was passed.\n"); |
---|
690 | |
---|
691 | printf("secasindex{ mode=%u proto=%u\n", |
---|
692 | saidx->mode, saidx->proto); |
---|
693 | |
---|
694 | ipsec_hexdump((caddr_t)&saidx->src, |
---|
695 | sysdep_sa_len((struct sockaddr *)&saidx->src)); |
---|
696 | printf("\n"); |
---|
697 | ipsec_hexdump((caddr_t)&saidx->dst, |
---|
698 | sysdep_sa_len((struct sockaddr *)&saidx->dst)); |
---|
699 | printf("\n"); |
---|
700 | |
---|
701 | return; |
---|
702 | } |
---|
703 | |
---|
704 | void |
---|
705 | kdebug_secasv(sav) |
---|
706 | struct secasvar *sav; |
---|
707 | { |
---|
708 | /* sanity check */ |
---|
709 | if (sav == NULL) |
---|
710 | panic("kdebug_secasv: NULL pointer was passed.\n"); |
---|
711 | |
---|
712 | printf("secas{"); |
---|
713 | kdebug_secasindex(&sav->sah->saidx); |
---|
714 | |
---|
715 | printf(" refcnt=%u state=%u auth=%u enc=%u\n", |
---|
716 | sav->refcnt, sav->state, sav->alg_auth, sav->alg_enc); |
---|
717 | printf(" spi=%u flags=%u\n", |
---|
718 | (u_int32_t)ntohl(sav->spi), sav->flags); |
---|
719 | |
---|
720 | if (sav->key_auth != NULL) |
---|
721 | kdebug_sadb_key((struct sadb_ext *)sav->key_auth); |
---|
722 | if (sav->key_enc != NULL) |
---|
723 | kdebug_sadb_key((struct sadb_ext *)sav->key_enc); |
---|
724 | if (sav->iv != NULL) { |
---|
725 | printf(" iv="); |
---|
726 | ipsec_hexdump(sav->iv, sav->ivlen ? sav->ivlen : 8); |
---|
727 | printf("\n"); |
---|
728 | } |
---|
729 | |
---|
730 | if (sav->replay != NULL) |
---|
731 | kdebug_secreplay(sav->replay); |
---|
732 | if (sav->lft_c != NULL) |
---|
733 | kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_c); |
---|
734 | if (sav->lft_h != NULL) |
---|
735 | kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_h); |
---|
736 | if (sav->lft_s != NULL) |
---|
737 | kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_s); |
---|
738 | |
---|
739 | #if notyet |
---|
740 | /* XXX: misc[123] ? */ |
---|
741 | #endif |
---|
742 | |
---|
743 | return; |
---|
744 | } |
---|
745 | |
---|
746 | static void |
---|
747 | kdebug_secreplay(rpl) |
---|
748 | struct secreplay *rpl; |
---|
749 | { |
---|
750 | int len, l; |
---|
751 | |
---|
752 | /* sanity check */ |
---|
753 | if (rpl == NULL) |
---|
754 | panic("kdebug_secreplay: NULL pointer was passed.\n"); |
---|
755 | |
---|
756 | printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u", |
---|
757 | rpl->count, rpl->wsize, rpl->seq, rpl->lastseq); |
---|
758 | |
---|
759 | if (rpl->bitmap == NULL) { |
---|
760 | printf(" }\n"); |
---|
761 | return; |
---|
762 | } |
---|
763 | |
---|
764 | printf("\n bitmap { "); |
---|
765 | |
---|
766 | for (len = 0; len < rpl->wsize; len++) { |
---|
767 | for (l = 7; l >= 0; l--) |
---|
768 | printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); |
---|
769 | } |
---|
770 | printf(" }\n"); |
---|
771 | |
---|
772 | return; |
---|
773 | } |
---|
774 | |
---|
775 | void |
---|
776 | kdebug_mbufhdr(m) |
---|
777 | struct mbuf *m; |
---|
778 | { |
---|
779 | /* sanity check */ |
---|
780 | if (m == NULL) |
---|
781 | return; |
---|
782 | |
---|
783 | printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " |
---|
784 | "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", |
---|
785 | m, m->m_next, m->m_nextpkt, m->m_data, |
---|
786 | m->m_len, m->m_type, m->m_flags); |
---|
787 | |
---|
788 | if (m->m_flags & M_PKTHDR) { |
---|
789 | printf(" m_pkthdr{ len:%d rcvif:%p }\n", |
---|
790 | m->m_pkthdr.len, m->m_pkthdr.rcvif); |
---|
791 | } |
---|
792 | |
---|
793 | #ifdef __FreeBSD__ |
---|
794 | if (m->m_flags & M_EXT) { |
---|
795 | printf(" m_ext{ ext_buf:%p ext_free:%p " |
---|
796 | "ext_size:%u ext_ref:%p }\n", |
---|
797 | m->m_ext.ext_buf, m->m_ext.ext_free, |
---|
798 | m->m_ext.ext_size, m->m_ext.ext_ref); |
---|
799 | } |
---|
800 | #endif |
---|
801 | |
---|
802 | return; |
---|
803 | } |
---|
804 | |
---|
805 | void |
---|
806 | kdebug_mbuf(m0) |
---|
807 | struct mbuf *m0; |
---|
808 | { |
---|
809 | struct mbuf *m = m0; |
---|
810 | int i, j; |
---|
811 | |
---|
812 | for (j = 0; m; m = m->m_next) { |
---|
813 | kdebug_mbufhdr(m); |
---|
814 | printf(" m_data:\n"); |
---|
815 | for (i = 0; i < m->m_len; i++) { |
---|
816 | if (i && i % 32 == 0) |
---|
817 | printf("\n"); |
---|
818 | if (i % 4 == 0) |
---|
819 | printf(" "); |
---|
820 | printf("%02x", mtod(m, u_char *)[i]); |
---|
821 | j++; |
---|
822 | } |
---|
823 | printf("\n"); |
---|
824 | } |
---|
825 | |
---|
826 | return; |
---|
827 | } |
---|
828 | #endif /* _KERNEL */ |
---|
829 | |
---|
830 | static void |
---|
831 | kdebug_sockaddr(addr) |
---|
832 | struct sockaddr *addr; |
---|
833 | { |
---|
834 | struct sockaddr_in *sin4; |
---|
835 | #ifdef INET6 |
---|
836 | struct sockaddr_in6 *sin6; |
---|
837 | #endif |
---|
838 | |
---|
839 | /* sanity check */ |
---|
840 | if (addr == NULL) |
---|
841 | panic("kdebug_sockaddr: NULL pointer was passed.\n"); |
---|
842 | |
---|
843 | /* NOTE: We deal with port number as host byte order. */ |
---|
844 | printf("sockaddr{ len=%u family=%u", sysdep_sa_len(addr), addr->sa_family); |
---|
845 | |
---|
846 | switch (addr->sa_family) { |
---|
847 | case AF_INET: |
---|
848 | sin4 = (void *)addr; |
---|
849 | printf(" port=%u\n", ntohs(sin4->sin_port)); |
---|
850 | ipsec_hexdump(&sin4->sin_addr, sizeof(sin4->sin_addr)); |
---|
851 | break; |
---|
852 | #ifdef INET6 |
---|
853 | case AF_INET6: |
---|
854 | sin6 = (void *)addr; |
---|
855 | printf(" port=%u\n", ntohs(sin6->sin6_port)); |
---|
856 | printf(" flowinfo=0x%08x, scope_id=0x%08x\n", |
---|
857 | sin6->sin6_flowinfo, sin6->sin6_scope_id); |
---|
858 | ipsec_hexdump(&sin6->sin6_addr, sizeof(sin6->sin6_addr)); |
---|
859 | break; |
---|
860 | #endif |
---|
861 | } |
---|
862 | |
---|
863 | printf(" }\n"); |
---|
864 | |
---|
865 | return; |
---|
866 | } |
---|
867 | |
---|
868 | void |
---|
869 | ipsec_bindump(buf, len) |
---|
870 | caddr_t buf; |
---|
871 | int len; |
---|
872 | { |
---|
873 | int i; |
---|
874 | |
---|
875 | for (i = 0; i < len; i++) |
---|
876 | printf("%c", (unsigned char)buf[i]); |
---|
877 | |
---|
878 | return; |
---|
879 | } |
---|
880 | |
---|
881 | |
---|
882 | void |
---|
883 | ipsec_hexdump(buf, len) |
---|
884 | const void *buf; |
---|
885 | int len; |
---|
886 | { |
---|
887 | int i; |
---|
888 | |
---|
889 | for (i = 0; i < len; i++) { |
---|
890 | if (i != 0 && i % 32 == 0) printf("\n"); |
---|
891 | if (i % 4 == 0) printf(" "); |
---|
892 | printf("%02x", ((const unsigned char *)buf)[i]); |
---|
893 | } |
---|
894 | #if 0 |
---|
895 | if (i % 32 != 0) printf("\n"); |
---|
896 | #endif |
---|
897 | |
---|
898 | return; |
---|
899 | } |
---|