Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key_debug.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 /* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #ifdef _KERNEL 34 #include "opt_inet.h" 35 #include "opt_inet6.h" 36 #include "opt_ipsec.h" 37 #endif 38 39 #include <sys/param.h> 40 #ifdef _KERNEL 41 #include <sys/systm.h> 42 #include <sys/lock.h> 43 #include <sys/malloc.h> 44 #include <sys/mbuf.h> 45 #include <sys/mutex.h> 46 #include <sys/queue.h> 47 #endif 48 #include <sys/socket.h> 49 50 #include <net/vnet.h> 51 52 #include <netipsec/key_var.h> 53 #include <netipsec/key_debug.h> 54 55 #include <netinet/in.h> 56 #include <netipsec/ipsec.h> 57 #ifdef _KERNEL 58 #include <netipsec/keydb.h> 59 #include <netipsec/xform.h> 60 #endif 61 62 #ifndef _KERNEL 63 #include <ctype.h> 64 #include <stdio.h> 65 #include <stdlib.h> 66 #include <arpa/inet.h> 67 #endif /* !_KERNEL */ 68 69 static void kdebug_sadb_prop(struct sadb_ext *); 70 static void kdebug_sadb_identity(struct sadb_ext *); 71 static void kdebug_sadb_supported(struct sadb_ext *); 72 static void kdebug_sadb_lifetime(struct sadb_ext *); 73 static void kdebug_sadb_sa(struct sadb_ext *); 74 static void kdebug_sadb_address(struct sadb_ext *); 75 static void kdebug_sadb_key(struct sadb_ext *); 76 static void kdebug_sadb_x_sa2(struct sadb_ext *); 77 static void kdebug_sadb_x_sa_replay(struct sadb_ext *); 78 static void kdebug_sadb_x_natt(struct sadb_ext *); 79 80 #ifndef _KERNEL 81 #define panic(fmt, ...) { printf(fmt, ## __VA_ARGS__); exit(-1); } 82 #endif 83 84 /* NOTE: host byte order */ 85 86 static const char* 87 kdebug_sadb_type(uint8_t type) 88 { 89 #define SADB_NAME(n) case SADB_ ## n: return (#n) 90 91 switch (type) { 92 SADB_NAME(RESERVED); 93 SADB_NAME(GETSPI); 94 SADB_NAME(UPDATE); 95 SADB_NAME(ADD); 96 SADB_NAME(DELETE); 97 SADB_NAME(GET); 98 SADB_NAME(ACQUIRE); 99 SADB_NAME(REGISTER); 100 SADB_NAME(EXPIRE); 101 SADB_NAME(FLUSH); 102 SADB_NAME(DUMP); 103 SADB_NAME(X_PROMISC); 104 SADB_NAME(X_PCHANGE); 105 SADB_NAME(X_SPDUPDATE); 106 SADB_NAME(X_SPDADD); 107 SADB_NAME(X_SPDDELETE); 108 SADB_NAME(X_SPDGET); 109 SADB_NAME(X_SPDACQUIRE); 110 SADB_NAME(X_SPDDUMP); 111 SADB_NAME(X_SPDFLUSH); 112 SADB_NAME(X_SPDSETIDX); 113 SADB_NAME(X_SPDEXPIRE); 114 SADB_NAME(X_SPDDELETE2); 115 default: 116 return ("UNKNOWN"); 117 } 118 #undef SADB_NAME 119 } 120 121 static const char* 122 kdebug_sadb_exttype(uint16_t type) 123 { 124 #define EXT_NAME(n) case SADB_EXT_ ## n: return (#n) 125 #define X_NAME(n) case SADB_X_EXT_ ## n: return (#n) 126 127 switch (type) { 128 EXT_NAME(RESERVED); 129 EXT_NAME(SA); 130 EXT_NAME(LIFETIME_CURRENT); 131 EXT_NAME(LIFETIME_HARD); 132 EXT_NAME(LIFETIME_SOFT); 133 EXT_NAME(ADDRESS_SRC); 134 EXT_NAME(ADDRESS_DST); 135 EXT_NAME(ADDRESS_PROXY); 136 EXT_NAME(KEY_AUTH); 137 EXT_NAME(KEY_ENCRYPT); 138 EXT_NAME(IDENTITY_SRC); 139 EXT_NAME(IDENTITY_DST); 140 EXT_NAME(SENSITIVITY); 141 EXT_NAME(PROPOSAL); 142 EXT_NAME(SUPPORTED_AUTH); 143 EXT_NAME(SUPPORTED_ENCRYPT); 144 EXT_NAME(SPIRANGE); 145 X_NAME(KMPRIVATE); 146 X_NAME(POLICY); 147 X_NAME(SA2); 148 X_NAME(NAT_T_TYPE); 149 X_NAME(NAT_T_SPORT); 150 X_NAME(NAT_T_DPORT); 151 X_NAME(NAT_T_OAI); 152 X_NAME(NAT_T_OAR); 153 X_NAME(NAT_T_FRAG); 154 X_NAME(SA_REPLAY); 155 X_NAME(NEW_ADDRESS_SRC); 156 X_NAME(NEW_ADDRESS_DST); 157 default: 158 return ("UNKNOWN"); 159 }; 160 #undef EXT_NAME 161 #undef X_NAME 162 } 163 164 165 /* %%%: about struct sadb_msg */ 166 void 167 kdebug_sadb(struct sadb_msg *base) 168 { 169 struct sadb_ext *ext; 170 int tlen, extlen; 171 172 /* sanity check */ 173 if (base == NULL) 174 panic("%s: NULL pointer was passed.\n", __func__); 175 176 printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n", 177 base->sadb_msg_version, base->sadb_msg_type, 178 kdebug_sadb_type(base->sadb_msg_type), 179 base->sadb_msg_errno, base->sadb_msg_satype); 180 printf(" len=%u reserved=%u seq=%u pid=%u\n", 181 base->sadb_msg_len, base->sadb_msg_reserved, 182 base->sadb_msg_seq, base->sadb_msg_pid); 183 184 tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg); 185 ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg)); 186 187 while (tlen > 0) { 188 printf("sadb_ext{ len=%u type=%u(%s) }\n", 189 ext->sadb_ext_len, ext->sadb_ext_type, 190 kdebug_sadb_exttype(ext->sadb_ext_type)); 191 192 if (ext->sadb_ext_len == 0) { 193 printf("%s: invalid ext_len=0 was passed.\n", __func__); 194 return; 195 } 196 if (ext->sadb_ext_len > tlen) { 197 printf("%s: ext_len too big (%u > %u).\n", 198 __func__, ext->sadb_ext_len, tlen); 199 return; 200 } 201 202 switch (ext->sadb_ext_type) { 203 case SADB_EXT_SA: 204 kdebug_sadb_sa(ext); 205 break; 206 case SADB_EXT_LIFETIME_CURRENT: 207 case SADB_EXT_LIFETIME_HARD: 208 case SADB_EXT_LIFETIME_SOFT: 209 kdebug_sadb_lifetime(ext); 210 break; 211 case SADB_EXT_ADDRESS_SRC: 212 case SADB_EXT_ADDRESS_DST: 213 case SADB_EXT_ADDRESS_PROXY: 214 case SADB_X_EXT_NAT_T_OAI: 215 case SADB_X_EXT_NAT_T_OAR: 216 case SADB_X_EXT_NEW_ADDRESS_SRC: 217 case SADB_X_EXT_NEW_ADDRESS_DST: 218 kdebug_sadb_address(ext); 219 break; 220 case SADB_EXT_KEY_AUTH: 221 case SADB_EXT_KEY_ENCRYPT: 222 kdebug_sadb_key(ext); 223 break; 224 case SADB_EXT_IDENTITY_SRC: 225 case SADB_EXT_IDENTITY_DST: 226 kdebug_sadb_identity(ext); 227 break; 228 case SADB_EXT_SENSITIVITY: 229 break; 230 case SADB_EXT_PROPOSAL: 231 kdebug_sadb_prop(ext); 232 break; 233 case SADB_EXT_SUPPORTED_AUTH: 234 case SADB_EXT_SUPPORTED_ENCRYPT: 235 kdebug_sadb_supported(ext); 236 break; 237 case SADB_EXT_SPIRANGE: 238 case SADB_X_EXT_KMPRIVATE: 239 break; 240 case SADB_X_EXT_POLICY: 241 kdebug_sadb_x_policy(ext); 242 break; 243 case SADB_X_EXT_SA2: 244 kdebug_sadb_x_sa2(ext); 245 break; 246 case SADB_X_EXT_SA_REPLAY: 247 kdebug_sadb_x_sa_replay(ext); 248 break; 249 case SADB_X_EXT_NAT_T_TYPE: 250 case SADB_X_EXT_NAT_T_SPORT: 251 case SADB_X_EXT_NAT_T_DPORT: 252 kdebug_sadb_x_natt(ext); 253 break; 254 default: 255 printf("%s: invalid ext_type %u\n", __func__, 256 ext->sadb_ext_type); 257 return; 258 } 259 260 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 261 tlen -= extlen; 262 ext = (struct sadb_ext *)((caddr_t)ext + extlen); 263 } 264 265 return; 266 } 267 268 static void 269 kdebug_sadb_prop(struct sadb_ext *ext) 270 { 271 struct sadb_prop *prop = (struct sadb_prop *)ext; 272 struct sadb_comb *comb; 273 int len; 274 275 /* sanity check */ 276 if (ext == NULL) 277 panic("%s: NULL pointer was passed.\n", __func__); 278 279 len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) 280 / sizeof(*comb); 281 comb = (struct sadb_comb *)(prop + 1); 282 printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay); 283 284 while (len--) { 285 printf("sadb_comb{ auth=%u encrypt=%u " 286 "flags=0x%04x reserved=0x%08x\n", 287 comb->sadb_comb_auth, comb->sadb_comb_encrypt, 288 comb->sadb_comb_flags, comb->sadb_comb_reserved); 289 290 printf(" auth_minbits=%u auth_maxbits=%u " 291 "encrypt_minbits=%u encrypt_maxbits=%u\n", 292 comb->sadb_comb_auth_minbits, 293 comb->sadb_comb_auth_maxbits, 294 comb->sadb_comb_encrypt_minbits, 295 comb->sadb_comb_encrypt_maxbits); 296 297 printf(" soft_alloc=%u hard_alloc=%u " 298 "soft_bytes=%lu hard_bytes=%lu\n", 299 comb->sadb_comb_soft_allocations, 300 comb->sadb_comb_hard_allocations, 301 (unsigned long)comb->sadb_comb_soft_bytes, 302 (unsigned long)comb->sadb_comb_hard_bytes); 303 304 printf(" soft_alloc=%lu hard_alloc=%lu " 305 "soft_bytes=%lu hard_bytes=%lu }\n", 306 (unsigned long)comb->sadb_comb_soft_addtime, 307 (unsigned long)comb->sadb_comb_hard_addtime, 308 (unsigned long)comb->sadb_comb_soft_usetime, 309 (unsigned long)comb->sadb_comb_hard_usetime); 310 comb++; 311 } 312 printf("}\n"); 313 314 return; 315 } 316 317 static void 318 kdebug_sadb_identity(struct sadb_ext *ext) 319 { 320 struct sadb_ident *id = (struct sadb_ident *)ext; 321 int len; 322 323 /* sanity check */ 324 if (ext == NULL) 325 panic("%s: NULL pointer was passed.\n", __func__); 326 327 len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); 328 printf("sadb_ident_%s{", 329 id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst"); 330 switch (id->sadb_ident_type) { 331 default: 332 printf(" type=%d id=%lu", 333 id->sadb_ident_type, (u_long)id->sadb_ident_id); 334 if (len) { 335 #ifdef _KERNEL 336 ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/ 337 #else 338 char *p, *ep; 339 printf("\n str=\""); 340 p = (char *)(id + 1); 341 ep = p + len; 342 for (/*nothing*/; *p && p < ep; p++) { 343 if (isprint(*p)) 344 printf("%c", *p & 0xff); 345 else 346 printf("\\%03o", *p & 0xff); 347 } 348 #endif 349 printf("\""); 350 } 351 break; 352 } 353 354 printf(" }\n"); 355 356 return; 357 } 358 359 static void 360 kdebug_sadb_supported(struct sadb_ext *ext) 361 { 362 struct sadb_supported *sup = (struct sadb_supported *)ext; 363 struct sadb_alg *alg; 364 int len; 365 366 /* sanity check */ 367 if (ext == NULL) 368 panic("%s: NULL pointer was passed.\n", __func__); 369 370 len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) 371 / sizeof(*alg); 372 alg = (struct sadb_alg *)(sup + 1); 373 printf("sadb_sup{\n"); 374 while (len--) { 375 printf(" { id=%d ivlen=%d min=%d max=%d }\n", 376 alg->sadb_alg_id, alg->sadb_alg_ivlen, 377 alg->sadb_alg_minbits, alg->sadb_alg_maxbits); 378 alg++; 379 } 380 printf("}\n"); 381 382 return; 383 } 384 385 static void 386 kdebug_sadb_lifetime(struct sadb_ext *ext) 387 { 388 struct sadb_lifetime *lft = (struct sadb_lifetime *)ext; 389 390 /* sanity check */ 391 if (ext == NULL) 392 panic("%s: NULL pointer was passed.\n", __func__); 393 394 printf("sadb_lifetime{ alloc=%u, bytes=%u\n", 395 lft->sadb_lifetime_allocations, 396 (u_int32_t)lft->sadb_lifetime_bytes); 397 printf(" addtime=%u, usetime=%u }\n", 398 (u_int32_t)lft->sadb_lifetime_addtime, 399 (u_int32_t)lft->sadb_lifetime_usetime); 400 401 return; 402 } 403 404 static void 405 kdebug_sadb_sa(struct sadb_ext *ext) 406 { 407 struct sadb_sa *sa = (struct sadb_sa *)ext; 408 409 /* sanity check */ 410 if (ext == NULL) 411 panic("%s: NULL pointer was passed.\n", __func__); 412 413 printf("sadb_sa{ spi=%u replay=%u state=%u\n", 414 (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, 415 sa->sadb_sa_state); 416 printf(" auth=%u encrypt=%u flags=0x%08x }\n", 417 sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags); 418 419 return; 420 } 421 422 static void 423 kdebug_sadb_address(struct sadb_ext *ext) 424 { 425 struct sadb_address *addr = (struct sadb_address *)ext; 426 427 /* sanity check */ 428 if (ext == NULL) 429 panic("%s: NULL pointer was passed.\n", __func__); 430 431 printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", 432 addr->sadb_address_proto, addr->sadb_address_prefixlen, 433 ((u_char *)&addr->sadb_address_reserved)[0], 434 ((u_char *)&addr->sadb_address_reserved)[1]); 435 436 kdebug_sockaddr((struct sockaddr *)((caddr_t)ext + sizeof(*addr))); 437 } 438 439 static void 440 kdebug_sadb_key(struct sadb_ext *ext) 441 { 442 struct sadb_key *key = (struct sadb_key *)ext; 443 444 /* sanity check */ 445 if (ext == NULL) 446 panic("%s: NULL pointer was passed.\n", __func__); 447 448 printf("sadb_key{ bits=%u reserved=%u\n", 449 key->sadb_key_bits, key->sadb_key_reserved); 450 printf(" key="); 451 452 /* sanity check 2 */ 453 if ((key->sadb_key_bits >> 3) > 454 (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { 455 printf("%s: key length mismatch, bit:%d len:%ld.\n", 456 __func__, 457 key->sadb_key_bits >> 3, 458 (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); 459 } 460 461 ipsec_hexdump((caddr_t)key + sizeof(struct sadb_key), 462 key->sadb_key_bits >> 3); 463 printf(" }\n"); 464 return; 465 } 466 467 static void 468 kdebug_sadb_x_sa2(struct sadb_ext *ext) 469 { 470 struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext; 471 472 /* sanity check */ 473 if (ext == NULL) 474 panic("%s: NULL pointer was passed.\n", __func__); 475 476 printf("sadb_x_sa2{ mode=%u reqid=%u\n", 477 sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); 478 printf(" reserved1=%u reserved2=%u sequence=%u }\n", 479 sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, 480 sa2->sadb_x_sa2_sequence); 481 482 return; 483 } 484 485 static void 486 kdebug_sadb_x_sa_replay(struct sadb_ext *ext) 487 { 488 struct sadb_x_sa_replay *replay; 489 490 /* sanity check */ 491 if (ext == NULL) 492 panic("%s: NULL pointer was passed.\n", __func__); 493 494 replay = (struct sadb_x_sa_replay *)ext; 495 printf("sadb_x_sa_replay{ replay=%u }\n", 496 replay->sadb_x_sa_replay_replay); 497 } 498 499 static void 500 kdebug_sadb_x_natt(struct sadb_ext *ext) 501 { 502 struct sadb_x_nat_t_type *type; 503 struct sadb_x_nat_t_port *port; 504 505 /* sanity check */ 506 if (ext == NULL) 507 panic("%s: NULL pointer was passed.\n", __func__); 508 509 if (ext->sadb_ext_type == SADB_X_EXT_NAT_T_TYPE) { 510 type = (struct sadb_x_nat_t_type *)ext; 511 printf("sadb_x_nat_t_type{ type=%u }\n", 512 type->sadb_x_nat_t_type_type); 513 } else { 514 port = (struct sadb_x_nat_t_port *)ext; 515 printf("sadb_x_nat_t_port{ port=%u }\n", 516 ntohs(port->sadb_x_nat_t_port_port)); 517 } 518 } 519 520 void 521 kdebug_sadb_x_policy(struct sadb_ext *ext) 522 { 523 struct sadb_x_policy *xpl = (struct sadb_x_policy *)ext; 524 struct sockaddr *addr; 525 526 /* sanity check */ 527 if (ext == NULL) 528 panic("%s: NULL pointer was passed.\n", __func__); 529 530 printf("sadb_x_policy{ type=%u dir=%u id=%x scope=%u %s=%u }\n", 531 xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, 532 xpl->sadb_x_policy_id, xpl->sadb_x_policy_scope, 533 xpl->sadb_x_policy_scope == IPSEC_POLICYSCOPE_IFNET ? 534 "ifindex": "priority", xpl->sadb_x_policy_priority); 535 536 if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) { 537 int tlen; 538 struct sadb_x_ipsecrequest *xisr; 539 540 tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl); 541 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1); 542 543 while (tlen > 0) { 544 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n", 545 xisr->sadb_x_ipsecrequest_len, 546 xisr->sadb_x_ipsecrequest_proto, 547 xisr->sadb_x_ipsecrequest_mode, 548 xisr->sadb_x_ipsecrequest_level, 549 xisr->sadb_x_ipsecrequest_reqid); 550 551 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 552 addr = (struct sockaddr *)(xisr + 1); 553 kdebug_sockaddr(addr); 554 addr = (struct sockaddr *)((caddr_t)addr 555 + addr->sa_len); 556 kdebug_sockaddr(addr); 557 } 558 559 printf(" }\n"); 560 561 /* prevent infinite loop */ 562 if (xisr->sadb_x_ipsecrequest_len <= 0) { 563 printf("%s: wrong policy struct.\n", __func__); 564 return; 565 } 566 /* prevent overflow */ 567 if (xisr->sadb_x_ipsecrequest_len > tlen) { 568 printf("%s: invalid ipsec policy length " 569 "(%u > %u)\n", __func__, 570 xisr->sadb_x_ipsecrequest_len, tlen); 571 return; 572 } 573 574 tlen -= xisr->sadb_x_ipsecrequest_len; 575 576 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 577 + xisr->sadb_x_ipsecrequest_len); 578 } 579 580 if (tlen != 0) 581 panic("%s: wrong policy struct.\n", __func__); 582 } 583 584 return; 585 } 586 587 #ifdef _KERNEL 588 /* %%%: about SPD and SAD */ 589 const char* 590 kdebug_secpolicy_state(u_int state) 591 { 592 593 switch (state) { 594 case IPSEC_SPSTATE_DEAD: 595 return ("dead"); 596 case IPSEC_SPSTATE_LARVAL: 597 return ("larval"); 598 case IPSEC_SPSTATE_ALIVE: 599 return ("alive"); 600 case IPSEC_SPSTATE_PCB: 601 return ("pcb"); 602 case IPSEC_SPSTATE_IFNET: 603 return ("ifnet"); 604 } 605 return ("unknown"); 606 } 607 608 const char* 609 kdebug_secpolicy_policy(u_int policy) 610 { 611 612 switch (policy) { 613 case IPSEC_POLICY_DISCARD: 614 return ("discard"); 615 case IPSEC_POLICY_NONE: 616 return ("none"); 617 case IPSEC_POLICY_IPSEC: 618 return ("ipsec"); 619 case IPSEC_POLICY_ENTRUST: 620 return ("entrust"); 621 case IPSEC_POLICY_BYPASS: 622 return ("bypass"); 623 } 624 return ("unknown"); 625 } 626 627 const char* 628 kdebug_secpolicyindex_dir(u_int dir) 629 { 630 631 switch (dir) { 632 case IPSEC_DIR_ANY: 633 return ("any"); 634 case IPSEC_DIR_INBOUND: 635 return ("in"); 636 case IPSEC_DIR_OUTBOUND: 637 return ("out"); 638 } 639 return ("unknown"); 640 } 641 642 const char* 643 kdebug_ipsecrequest_level(u_int level) 644 { 645 646 switch (level) { 647 case IPSEC_LEVEL_DEFAULT: 648 return ("default"); 649 case IPSEC_LEVEL_USE: 650 return ("use"); 651 case IPSEC_LEVEL_REQUIRE: 652 return ("require"); 653 case IPSEC_LEVEL_UNIQUE: 654 return ("unique"); 655 } 656 return ("unknown"); 657 } 658 659 const char* 660 kdebug_secasindex_mode(u_int mode) 661 { 662 663 switch (mode) { 664 case IPSEC_MODE_ANY: 665 return ("any"); 666 case IPSEC_MODE_TRANSPORT: 667 return ("transport"); 668 case IPSEC_MODE_TUNNEL: 669 return ("tunnel"); 670 case IPSEC_MODE_TCPMD5: 671 return ("tcp-md5"); 672 } 673 return ("unknown"); 674 } 675 676 const char* 677 kdebug_secasv_state(u_int state) 678 { 679 680 switch (state) { 681 case SADB_SASTATE_LARVAL: 682 return ("larval"); 683 case SADB_SASTATE_MATURE: 684 return ("mature"); 685 case SADB_SASTATE_DYING: 686 return ("dying"); 687 case SADB_SASTATE_DEAD: 688 return ("dead"); 689 } 690 return ("unknown"); 691 } 692 693 static char* 694 kdebug_port2str(const struct sockaddr *sa, char *buf, size_t len) 695 { 696 uint16_t port; 697 698 IPSEC_ASSERT(sa != NULL, ("null sa")); 699 switch (sa->sa_family) { 700 #ifdef INET 701 case AF_INET: 702 port = ntohs(((const struct sockaddr_in *)sa)->sin_port); 703 break; 704 #endif 705 #ifdef INET6 706 case AF_INET6: 707 port = ntohs(((const struct sockaddr_in6 *)sa)->sin6_port); 708 break; 709 #endif 710 default: 711 port = 0; 712 } 713 if (port == 0) 714 return ("*"); 715 snprintf(buf, len, "%u", port); 716 return (buf); 717 } 718 719 void 720 kdebug_secpolicy(struct secpolicy *sp) 721 { 722 u_int idx; 723 724 IPSEC_ASSERT(sp != NULL, ("null sp")); 725 printf("SP { refcnt=%u id=%u priority=%u state=%s policy=%s\n", 726 sp->refcnt, sp->id, sp->priority, 727 kdebug_secpolicy_state(sp->state), 728 kdebug_secpolicy_policy(sp->policy)); 729 kdebug_secpolicyindex(&sp->spidx, " "); 730 for (idx = 0; idx < sp->tcount; idx++) { 731 printf(" req[%u]{ level=%s ", idx, 732 kdebug_ipsecrequest_level(sp->req[idx]->level)); 733 kdebug_secasindex(&sp->req[idx]->saidx, NULL); 734 printf(" }\n"); 735 } 736 printf("}\n"); 737 } 738 739 void 740 kdebug_secpolicyindex(struct secpolicyindex *spidx, const char *indent) 741 { 742 char buf[IPSEC_ADDRSTRLEN]; 743 744 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 745 if (indent != NULL) 746 printf("%s", indent); 747 printf("spidx { dir=%s ul_proto=", 748 kdebug_secpolicyindex_dir(spidx->dir)); 749 if (spidx->ul_proto == IPSEC_ULPROTO_ANY) 750 printf("* "); 751 else 752 printf("%u ", spidx->ul_proto); 753 printf("%s/%u -> ", ipsec_address(&spidx->src, buf, sizeof(buf)), 754 spidx->prefs); 755 printf("%s/%u }\n", ipsec_address(&spidx->dst, buf, sizeof(buf)), 756 spidx->prefd); 757 } 758 759 void 760 kdebug_secasindex(const struct secasindex *saidx, const char *indent) 761 { 762 char buf[IPSEC_ADDRSTRLEN], port[6]; 763 764 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 765 if (indent != NULL) 766 printf("%s", indent); 767 printf("saidx { mode=%s proto=%u reqid=%u ", 768 kdebug_secasindex_mode(saidx->mode), saidx->proto, saidx->reqid); 769 printf("%s:%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf)), 770 kdebug_port2str(&saidx->src.sa, port, sizeof(port))); 771 printf("%s:%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf)), 772 kdebug_port2str(&saidx->dst.sa, port, sizeof(port))); 773 } 774 775 static void 776 kdebug_sec_lifetime(struct seclifetime *lft, const char *indent) 777 { 778 779 IPSEC_ASSERT(lft != NULL, ("null lft")); 780 if (indent != NULL) 781 printf("%s", indent); 782 printf("lifetime { alloc=%u, bytes=%ju addtime=%ju usetime=%ju }\n", 783 lft->allocations, (uintmax_t)lft->bytes, (uintmax_t)lft->addtime, 784 (uintmax_t)lft->usetime); 785 } 786 787 void 788 kdebug_secash(struct secashead *sah, const char *indent) 789 { 790 791 IPSEC_ASSERT(sah != NULL, ("null sah")); 792 if (indent != NULL) 793 printf("%s", indent); 794 printf("SAH { refcnt=%u state=%s\n", sah->refcnt, 795 kdebug_secasv_state(sah->state)); 796 if (indent != NULL) 797 printf("%s", indent); 798 kdebug_secasindex(&sah->saidx, indent); 799 if (indent != NULL) 800 printf("%s", indent); 801 printf("}\n"); 802 } 803 804 #ifdef IPSEC_DEBUG 805 static void 806 kdebug_secreplay(struct secreplay *rpl) 807 { 808 int len, l; 809 810 IPSEC_ASSERT(rpl != NULL, ("null rpl")); 811 printf(" secreplay{ count=%u bitmap_size=%u wsize=%u seq=%u lastseq=%u", 812 rpl->count, rpl->bitmap_size, rpl->wsize, rpl->seq, rpl->lastseq); 813 814 if (rpl->bitmap == NULL) { 815 printf(" }\n"); 816 return; 817 } 818 819 printf("\n bitmap { "); 820 for (len = 0; len < rpl->bitmap_size*4; len++) { 821 for (l = 7; l >= 0; l--) 822 printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0); 823 } 824 printf(" }\n"); 825 } 826 #endif /* IPSEC_DEBUG */ 827 828 static void 829 kdebug_secnatt(struct secnatt *natt) 830 { 831 char buf[IPSEC_ADDRSTRLEN]; 832 833 IPSEC_ASSERT(natt != NULL, ("null natt")); 834 printf(" natt{ sport=%u dport=%u ", ntohs(natt->sport), 835 ntohs(natt->dport)); 836 if (natt->flags & IPSEC_NATT_F_OAI) 837 printf("oai=%s ", ipsec_address(&natt->oai, buf, sizeof(buf))); 838 if (natt->flags & IPSEC_NATT_F_OAR) 839 printf("oar=%s ", ipsec_address(&natt->oar, buf, sizeof(buf))); 840 printf("}\n"); 841 } 842 843 void 844 kdebug_secasv(struct secasvar *sav) 845 { 846 struct seclifetime lft_c; 847 848 IPSEC_ASSERT(sav != NULL, ("null sav")); 849 850 printf("SA { refcnt=%u spi=%u seq=%u pid=%u flags=0x%x state=%s\n", 851 sav->refcnt, ntohl(sav->spi), sav->seq, (uint32_t)sav->pid, 852 sav->flags, kdebug_secasv_state(sav->state)); 853 kdebug_secash(sav->sah, " "); 854 855 lft_c.addtime = sav->created; 856 lft_c.allocations = (uint32_t)counter_u64_fetch( 857 sav->lft_c_allocations); 858 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 859 lft_c.usetime = sav->firstused; 860 kdebug_sec_lifetime(&lft_c, " c_"); 861 if (sav->lft_h != NULL) 862 kdebug_sec_lifetime(sav->lft_h, " h_"); 863 if (sav->lft_s != NULL) 864 kdebug_sec_lifetime(sav->lft_s, " s_"); 865 866 if (sav->tdb_authalgxform != NULL) 867 printf(" alg_auth=%s\n", sav->tdb_authalgxform->name); 868 if (sav->key_auth != NULL) 869 KEYDBG(DUMP, 870 kdebug_sadb_key((struct sadb_ext *)sav->key_auth)); 871 if (sav->tdb_encalgxform != NULL) 872 printf(" alg_enc=%s\n", sav->tdb_encalgxform->name); 873 if (sav->key_enc != NULL) 874 KEYDBG(DUMP, 875 kdebug_sadb_key((struct sadb_ext *)sav->key_enc)); 876 if (sav->natt != NULL) 877 kdebug_secnatt(sav->natt); 878 if (sav->replay != NULL) { 879 KEYDBG(DUMP, 880 SECASVAR_LOCK(sav); 881 kdebug_secreplay(sav->replay); 882 SECASVAR_UNLOCK(sav)); 883 } 884 printf("}\n"); 885 } 886 887 void 888 kdebug_mbufhdr(const struct mbuf *m) 889 { 890 /* sanity check */ 891 if (m == NULL) 892 return; 893 894 printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p " 895 "m_len:%d m_type:0x%02x m_flags:0x%02x }\n", 896 m, m->m_next, m->m_nextpkt, m->m_data, 897 m->m_len, m->m_type, m->m_flags); 898 899 if (m->m_flags & M_PKTHDR) { 900 printf(" m_pkthdr{ len:%d rcvif:%p }\n", 901 m->m_pkthdr.len, m->m_pkthdr.rcvif); 902 } 903 904 if (m->m_flags & M_EXT) { 905 printf(" m_ext{ ext_buf:%p ext_free:%p " 906 "ext_size:%u ext_cnt:%p }\n", 907 m->m_ext.ext_buf, m->m_ext.ext_free, 908 m->m_ext.ext_size, m->m_ext.ext_cnt); 909 } 910 911 return; 912 } 913 914 void 915 kdebug_mbuf(const struct mbuf *m0) 916 { 917 const struct mbuf *m = m0; 918 int i, j; 919 920 for (j = 0; m; m = m->m_next) { 921 kdebug_mbufhdr(m); 922 printf(" m_data:\n"); 923 for (i = 0; i < m->m_len; i++) { 924 if (i && i % 32 == 0) 925 printf("\n"); 926 if (i % 4 == 0) 927 printf(" "); 928 printf("%02x", mtod(m, const u_char *)[i]); 929 j++; 930 } 931 printf("\n"); 932 } 933 934 return; 935 } 936 937 /* Return a printable string for the address. */ 938 char * 939 ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) 940 { 941 942 switch (sa->sa.sa_family) { 943 #ifdef INET 944 case AF_INET: 945 return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); 946 #endif /* INET */ 947 #ifdef INET6 948 case AF_INET6: 949 if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { 950 snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, 951 &sa->sin6.sin6_addr, buf, size), 952 sa->sin6.sin6_scope_id); 953 return (buf); 954 } else 955 return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, 956 buf, size)); 957 #endif /* INET6 */ 958 case 0: 959 return ("*"); 960 default: 961 return ("(unknown address family)"); 962 } 963 } 964 965 char * 966 ipsec_sa2str(struct secasvar *sav, char *buf, size_t size) 967 { 968 char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; 969 970 snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", 971 (u_long)ntohl(sav->spi), 972 ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), 973 ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); 974 return (buf); 975 } 976 977 #endif /* _KERNEL */ 978 979 void 980 kdebug_sockaddr(struct sockaddr *addr) 981 { 982 char buf[IPSEC_ADDRSTRLEN]; 983 984 /* sanity check */ 985 if (addr == NULL) 986 panic("%s: NULL pointer was passed.\n", __func__); 987 988 switch (addr->sa_family) { 989 #ifdef INET 990 case AF_INET: { 991 struct sockaddr_in *sin; 992 993 sin = (struct sockaddr_in *)addr; 994 inet_ntop(AF_INET, &sin->sin_addr, buf, sizeof(buf)); 995 break; 996 } 997 #endif 998 #ifdef INET6 999 case AF_INET6: { 1000 struct sockaddr_in6 *sin6; 1001 1002 sin6 = (struct sockaddr_in6 *)addr; 1003 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 1004 snprintf(buf, sizeof(buf), "%s%%%u", 1005 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 1006 sizeof(buf)), sin6->sin6_scope_id); 1007 } else 1008 inet_ntop(AF_INET6, &sin6->sin6_addr, buf, 1009 sizeof(buf)); 1010 break; 1011 } 1012 #endif 1013 default: 1014 sprintf(buf, "unknown"); 1015 } 1016 printf("sockaddr{ len=%u family=%u addr=%s }\n", addr->sa_len, 1017 addr->sa_family, buf); 1018 } 1019 1020 void 1021 ipsec_bindump(caddr_t buf, int len) 1022 { 1023 int i; 1024 1025 for (i = 0; i < len; i++) 1026 printf("%c", (unsigned char)buf[i]); 1027 1028 return; 1029 } 1030 1031 1032 void 1033 ipsec_hexdump(caddr_t buf, int len) 1034 { 1035 int i; 1036 1037 for (i = 0; i < len; i++) { 1038 if (i != 0 && i % 32 == 0) printf("\n"); 1039 if (i % 4 == 0) printf(" "); 1040 printf("%02x", (unsigned char)buf[i]); 1041 } 1042 #if 0 1043 if (i % 32 != 0) printf("\n"); 1044 #endif 1045 1046 return; 1047 }
Cache object: f61d499ab6d3afa5fbb7c91934ecfbd5
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]