1 /*	$NetBSD: key_debug.c,v 1.7.6.1 2007/08/01 11:52:18 vanhu Exp $	*/
2 
3 /*	$KAME: key_debug.c,v 1.29 2001/08/16 14:25:41 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37 
38 #ifdef _KERNEL
39 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
40 #include "opt_inet.h"
41 #include "opt_inet6.h"
42 #include "opt_ipsec.h"
43 #endif
44 #ifdef __NetBSD__
45 #include "opt_inet.h"
46 #endif
47 #endif
48 
49 #if HAVE_STDINT_H
50 #include <stdint.h>
51 #endif
52 
53 #include <sys/types.h>
54 #include <sys/param.h>
55 #ifdef _KERNEL
56 #include <sys/systm.h>
57 #include <sys/mbuf.h>
58 #include <sys/queue.h>
59 #endif
60 #include <sys/socket.h>
61 
62 #include <netinet/in.h>
63 #include PATH_IPSEC_H
64 
65 #ifndef _KERNEL
66 #include <ctype.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #endif /* !_KERNEL */
70 
71 #include "config.h"
72 #include "libpfkey.h"
73 
74 static void kdebug_sadb_prop __P((struct sadb_ext *));
75 static void kdebug_sadb_identity __P((struct sadb_ext *));
76 static void kdebug_sadb_supported __P((struct sadb_ext *));
77 static void kdebug_sadb_lifetime __P((struct sadb_ext *));
78 static void kdebug_sadb_sa __P((struct sadb_ext *));
79 static void kdebug_sadb_address __P((struct sadb_ext *));
80 static void kdebug_sadb_key __P((struct sadb_ext *));
81 static void kdebug_sadb_x_sa2 __P((struct sadb_ext *));
82 static void kdebug_sadb_x_policy __P((struct sadb_ext *ext));
83 static void kdebug_sockaddr __P((struct sockaddr *addr));
84 
85 #ifdef SADB_X_EXT_NAT_T_TYPE
86 static void kdebug_sadb_x_nat_t_type __P((struct sadb_ext *ext));
87 static void kdebug_sadb_x_nat_t_port __P((struct sadb_ext *ext));
88 #endif
89 
90 #ifdef SADB_X_EXT_PACKET
91 static void kdebug_sadb_x_packet __P((struct sadb_ext *));
92 #endif
93 
94 #ifdef _KERNEL
95 static void kdebug_secreplay __P((struct secreplay *));
96 #endif
97 
98 #ifndef _KERNEL
99 #define panic(param)	{ printf(param); exit(1); }
100 #endif
101 
102 #include "libpfkey.h"
103 /* NOTE: host byte order */
104 
105 /* %%%: about struct sadb_msg */
106 void
kdebug_sadb(base)107 kdebug_sadb(base)
108 	struct sadb_msg *base;
109 {
110 	struct sadb_ext *ext;
111 	int tlen, extlen;
112 
113 	/* sanity check */
114 	if (base == NULL)
115 		panic("kdebug_sadb: NULL pointer was passed.\n");
116 
117 	printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n",
118 	    base->sadb_msg_version, base->sadb_msg_type,
119 	    base->sadb_msg_errno, base->sadb_msg_satype);
120 	printf("  len=%u reserved=%u seq=%u pid=%u\n",
121 	    base->sadb_msg_len, base->sadb_msg_reserved,
122 	    base->sadb_msg_seq, base->sadb_msg_pid);
123 
124 	tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
125 	ext = (void *)((caddr_t)(void *)base + sizeof(struct sadb_msg));
126 
127 	while (tlen > 0) {
128 		printf("sadb_ext{ len=%u type=%u }\n",
129 		    ext->sadb_ext_len, ext->sadb_ext_type);
130 
131 		if (ext->sadb_ext_len == 0) {
132 			printf("kdebug_sadb: invalid ext_len=0 was passed.\n");
133 			return;
134 		}
135 		if (ext->sadb_ext_len > tlen) {
136 			printf("kdebug_sadb: ext_len exceeds end of buffer.\n");
137 			return;
138 		}
139 
140 		switch (ext->sadb_ext_type) {
141 		case SADB_EXT_SA:
142 			kdebug_sadb_sa(ext);
143 			break;
144 		case SADB_EXT_LIFETIME_CURRENT:
145 		case SADB_EXT_LIFETIME_HARD:
146 		case SADB_EXT_LIFETIME_SOFT:
147 			kdebug_sadb_lifetime(ext);
148 			break;
149 		case SADB_EXT_ADDRESS_SRC:
150 		case SADB_EXT_ADDRESS_DST:
151 		case SADB_EXT_ADDRESS_PROXY:
152 			kdebug_sadb_address(ext);
153 			break;
154 		case SADB_EXT_KEY_AUTH:
155 		case SADB_EXT_KEY_ENCRYPT:
156 			kdebug_sadb_key(ext);
157 			break;
158 		case SADB_EXT_IDENTITY_SRC:
159 		case SADB_EXT_IDENTITY_DST:
160 			kdebug_sadb_identity(ext);
161 			break;
162 		case SADB_EXT_SENSITIVITY:
163 			break;
164 		case SADB_EXT_PROPOSAL:
165 			kdebug_sadb_prop(ext);
166 			break;
167 		case SADB_EXT_SUPPORTED_AUTH:
168 		case SADB_EXT_SUPPORTED_ENCRYPT:
169 			kdebug_sadb_supported(ext);
170 			break;
171 		case SADB_EXT_SPIRANGE:
172 		case SADB_X_EXT_KMPRIVATE:
173 			break;
174 		case SADB_X_EXT_POLICY:
175 			kdebug_sadb_x_policy(ext);
176 			break;
177 		case SADB_X_EXT_SA2:
178 			kdebug_sadb_x_sa2(ext);
179 			break;
180 #ifdef SADB_X_EXT_NAT_T_TYPE
181 		case SADB_X_EXT_NAT_T_TYPE:
182 			kdebug_sadb_x_nat_t_type(ext);
183 			break;
184 		case SADB_X_EXT_NAT_T_SPORT:
185 		case SADB_X_EXT_NAT_T_DPORT:
186 			kdebug_sadb_x_nat_t_port(ext);
187 			break;
188 		case SADB_X_EXT_NAT_T_OA:
189 			kdebug_sadb_address(ext);
190 			break;
191 #endif
192 #ifdef SADB_X_EXT_PACKET
193 		case SADB_X_EXT_PACKET:
194 			kdebug_sadb_x_packet(ext);
195 			break;
196 #endif
197 		default:
198 			printf("kdebug_sadb: invalid ext_type %u was passed.\n",
199 			    ext->sadb_ext_type);
200 			return;
201 		}
202 
203 		extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
204 		tlen -= extlen;
205 		ext = (void *)((caddr_t)(void *)ext + extlen);
206 	}
207 
208 	return;
209 }
210 
211 static void
kdebug_sadb_prop(ext)212 kdebug_sadb_prop(ext)
213 	struct sadb_ext *ext;
214 {
215 	struct sadb_prop *prop = (void *)ext;
216 	struct sadb_comb *comb;
217 	int len;
218 
219 	/* sanity check */
220 	if (ext == NULL)
221 		panic("kdebug_sadb_prop: NULL pointer was passed.\n");
222 
223 	len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop))
224 		/ sizeof(*comb);
225 	comb = (void *)(prop + 1);
226 	printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay);
227 
228 	while (len--) {
229 		printf("sadb_comb{ auth=%u encrypt=%u "
230 			"flags=0x%04x reserved=0x%08x\n",
231 			comb->sadb_comb_auth, comb->sadb_comb_encrypt,
232 			comb->sadb_comb_flags, comb->sadb_comb_reserved);
233 
234 		printf("  auth_minbits=%u auth_maxbits=%u "
235 			"encrypt_minbits=%u encrypt_maxbits=%u\n",
236 			comb->sadb_comb_auth_minbits,
237 			comb->sadb_comb_auth_maxbits,
238 			comb->sadb_comb_encrypt_minbits,
239 			comb->sadb_comb_encrypt_maxbits);
240 
241 		printf("  soft_alloc=%u hard_alloc=%u "
242 			"soft_bytes=%lu hard_bytes=%lu\n",
243 			comb->sadb_comb_soft_allocations,
244 			comb->sadb_comb_hard_allocations,
245 			(unsigned long)comb->sadb_comb_soft_bytes,
246 			(unsigned long)comb->sadb_comb_hard_bytes);
247 
248 		printf("  soft_alloc=%lu hard_alloc=%lu "
249 			"soft_bytes=%lu hard_bytes=%lu }\n",
250 			(unsigned long)comb->sadb_comb_soft_addtime,
251 			(unsigned long)comb->sadb_comb_hard_addtime,
252 			(unsigned long)comb->sadb_comb_soft_usetime,
253 			(unsigned long)comb->sadb_comb_hard_usetime);
254 		comb++;
255 	}
256 	printf("}\n");
257 
258 	return;
259 }
260 
261 static void
kdebug_sadb_identity(ext)262 kdebug_sadb_identity(ext)
263 	struct sadb_ext *ext;
264 {
265 	struct sadb_ident *id = (void *)ext;
266 	int len;
267 
268 	/* sanity check */
269 	if (ext == NULL)
270 		panic("kdebug_sadb_identity: NULL pointer was passed.\n");
271 
272 	len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id);
273 	printf("sadb_ident_%s{",
274 	    id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst");
275 	switch (id->sadb_ident_type) {
276 	default:
277 		printf(" type=%d id=%lu",
278 			id->sadb_ident_type, (u_long)id->sadb_ident_id);
279 		if (len) {
280 #ifdef _KERNEL
281 			ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
282 #else
283 			char *p, *ep;
284 			printf("\n  str=\"");
285 			p = (void *)(id + 1);
286 			ep = p + len;
287 			for (/*nothing*/; *p && p < ep; p++) {
288 				if (isprint((int)*p))
289 					printf("%c", *p & 0xff);
290 				else
291 					printf("\\%03o", *p & 0xff);
292 			}
293 #endif
294 			printf("\"");
295 		}
296 		break;
297 	}
298 
299 	printf(" }\n");
300 
301 	return;
302 }
303 
304 static void
kdebug_sadb_supported(ext)305 kdebug_sadb_supported(ext)
306 	struct sadb_ext *ext;
307 {
308 	struct sadb_supported *sup = (void *)ext;
309 	struct sadb_alg *alg;
310 	int len;
311 
312 	/* sanity check */
313 	if (ext == NULL)
314 		panic("kdebug_sadb_supported: NULL pointer was passed.\n");
315 
316 	len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup))
317 		/ sizeof(*alg);
318 	alg = (void *)(sup + 1);
319 	printf("sadb_sup{\n");
320 	while (len--) {
321 		printf("  { id=%d ivlen=%d min=%d max=%d }\n",
322 			alg->sadb_alg_id, alg->sadb_alg_ivlen,
323 			alg->sadb_alg_minbits, alg->sadb_alg_maxbits);
324 		alg++;
325 	}
326 	printf("}\n");
327 
328 	return;
329 }
330 
331 static void
kdebug_sadb_lifetime(ext)332 kdebug_sadb_lifetime(ext)
333 	struct sadb_ext *ext;
334 {
335 	struct sadb_lifetime *lft = (void *)ext;
336 
337 	/* sanity check */
338 	if (ext == NULL)
339 		printf("kdebug_sadb_lifetime: NULL pointer was passed.\n");
340 
341 	printf("sadb_lifetime{ alloc=%u, bytes=%u\n",
342 		lft->sadb_lifetime_allocations,
343 		(u_int32_t)lft->sadb_lifetime_bytes);
344 	printf("  addtime=%u, usetime=%u }\n",
345 		(u_int32_t)lft->sadb_lifetime_addtime,
346 		(u_int32_t)lft->sadb_lifetime_usetime);
347 
348 	return;
349 }
350 
351 static void
kdebug_sadb_sa(ext)352 kdebug_sadb_sa(ext)
353 	struct sadb_ext *ext;
354 {
355 	struct sadb_sa *sa = (void *)ext;
356 
357 	/* sanity check */
358 	if (ext == NULL)
359 		panic("kdebug_sadb_sa: NULL pointer was passed.\n");
360 
361 	printf("sadb_sa{ spi=%u replay=%u state=%u\n",
362 	    (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay,
363 	    sa->sadb_sa_state);
364 	printf("  auth=%u encrypt=%u flags=0x%08x }\n",
365 	    sa->sadb_sa_auth, sa->sadb_sa_encrypt, sa->sadb_sa_flags);
366 
367 	return;
368 }
369 
370 static void
kdebug_sadb_address(ext)371 kdebug_sadb_address(ext)
372 	struct sadb_ext *ext;
373 {
374 	struct sadb_address *addr = (void *)ext;
375 
376 	/* sanity check */
377 	if (ext == NULL)
378 		panic("kdebug_sadb_address: NULL pointer was passed.\n");
379 
380 	printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n",
381 	    addr->sadb_address_proto, addr->sadb_address_prefixlen,
382 	    ((u_char *)(void *)&addr->sadb_address_reserved)[0],
383 	    ((u_char *)(void *)&addr->sadb_address_reserved)[1]);
384 
385 	kdebug_sockaddr((void *)((caddr_t)(void *)ext + sizeof(*addr)));
386 
387 	return;
388 }
389 
390 static void
kdebug_sadb_key(ext)391 kdebug_sadb_key(ext)
392 	struct sadb_ext *ext;
393 {
394 	struct sadb_key *key = (void *)ext;
395 
396 	/* sanity check */
397 	if (ext == NULL)
398 		panic("kdebug_sadb_key: NULL pointer was passed.\n");
399 
400 	printf("sadb_key{ bits=%u reserved=%u\n",
401 	    key->sadb_key_bits, key->sadb_key_reserved);
402 	printf("  key=");
403 
404 	/* sanity check 2 */
405 	if (((uint32_t)key->sadb_key_bits >> 3) >
406 		(PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) {
407 		printf("kdebug_sadb_key: key length mismatch, bit:%d len:%ld.\n",
408 			(uint32_t)key->sadb_key_bits >> 3,
409 			(long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key));
410 	}
411 
412 	ipsec_hexdump(key + sizeof(struct sadb_key),
413 	              (int)((uint32_t)key->sadb_key_bits >> 3));
414 	printf(" }\n");
415 	return;
416 }
417 
418 static void
kdebug_sadb_x_sa2(ext)419 kdebug_sadb_x_sa2(ext)
420 	struct sadb_ext *ext;
421 {
422 	struct sadb_x_sa2 *sa2 = (void *)ext;
423 
424 	/* sanity check */
425 	if (ext == NULL)
426 		panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n");
427 
428 	printf("sadb_x_sa2{ mode=%u reqid=%u\n",
429 	    sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid);
430 	printf("  reserved1=%u reserved2=%u sequence=%u }\n",
431 	    sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2,
432 	    sa2->sadb_x_sa2_sequence);
433 
434 	return;
435 }
436 
437 void
kdebug_sadb_x_policy(ext)438 kdebug_sadb_x_policy(ext)
439 	struct sadb_ext *ext;
440 {
441 	struct sadb_x_policy *xpl = (void *)ext;
442 	struct sockaddr *addr;
443 
444 	/* sanity check */
445 	if (ext == NULL)
446 		panic("kdebug_sadb_x_policy: NULL pointer was passed.\n");
447 
448 #ifdef HAVE_PFKEY_POLICY_PRIORITY
449 	printf("sadb_x_policy{ type=%u dir=%u id=%x priority=%u }\n",
450 #else
451 	printf("sadb_x_policy{ type=%u dir=%u id=%x }\n",
452 #endif
453 		xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
454 #ifdef HAVE_PFKEY_POLICY_PRIORITY
455 		xpl->sadb_x_policy_id, xpl->sadb_x_policy_priority);
456 #else
457 		xpl->sadb_x_policy_id);
458 #endif
459 
460 	if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
461 		int tlen;
462 		struct sadb_x_ipsecrequest *xisr;
463 
464 		tlen = PFKEY_UNUNIT64(xpl->sadb_x_policy_len) - sizeof(*xpl);
465 		xisr = (void *)(xpl + 1);
466 
467 		while (tlen > 0) {
468 			printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n",
469 				xisr->sadb_x_ipsecrequest_len,
470 				xisr->sadb_x_ipsecrequest_proto,
471 				xisr->sadb_x_ipsecrequest_mode,
472 				xisr->sadb_x_ipsecrequest_level,
473 				xisr->sadb_x_ipsecrequest_reqid);
474 
475 			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
476 				addr = (void *)(xisr + 1);
477 				kdebug_sockaddr(addr);
478 				addr = (void *)((caddr_t)(void *)addr
479 							+ sysdep_sa_len(addr));
480 				kdebug_sockaddr(addr);
481 			}
482 
483 			printf(" }\n");
484 
485 			/* prevent infinite loop */
486 			if (xisr->sadb_x_ipsecrequest_len == 0) {
487 				printf("kdebug_sadb_x_policy: wrong policy struct.\n");
488 				return;
489 			}
490 			/* prevent overflow */
491 			if (xisr->sadb_x_ipsecrequest_len > tlen) {
492 				printf("invalid ipsec policy length\n");
493 				return;
494 			}
495 
496 			tlen -= xisr->sadb_x_ipsecrequest_len;
497 
498 			xisr = (void *)((caddr_t)(void *)xisr
499 			                + xisr->sadb_x_ipsecrequest_len);
500 		}
501 
502 		if (tlen != 0)
503 			panic("kdebug_sadb_x_policy: wrong policy struct.\n");
504 	}
505 
506 	return;
507 }
508 
509 #ifdef SADB_X_EXT_NAT_T_TYPE
510 static void
kdebug_sadb_x_nat_t_type(struct sadb_ext * ext)511 kdebug_sadb_x_nat_t_type(struct sadb_ext *ext)
512 {
513 	struct sadb_x_nat_t_type *ntt = (void *)ext;
514 
515 	/* sanity check */
516 	if (ext == NULL)
517 		panic("kdebug_sadb_x_nat_t_type: NULL pointer was passed.\n");
518 
519 	printf("sadb_x_nat_t_type{ type=%u }\n", ntt->sadb_x_nat_t_type_type);
520 
521 	return;
522 }
523 
524 static void
kdebug_sadb_x_nat_t_port(struct sadb_ext * ext)525 kdebug_sadb_x_nat_t_port(struct sadb_ext *ext)
526 {
527 	struct sadb_x_nat_t_port *ntp = (void *)ext;
528 
529 	/* sanity check */
530 	if (ext == NULL)
531 		panic("kdebug_sadb_x_nat_t_port: NULL pointer was passed.\n");
532 
533 	printf("sadb_x_nat_t_port{ port=%u }\n", ntohs(ntp->sadb_x_nat_t_port_port));
534 
535 	return;
536 }
537 #endif
538 
539 #ifdef SADB_X_EXT_PACKET
540 static void
kdebug_sadb_x_packet(ext)541 kdebug_sadb_x_packet(ext)
542 	struct sadb_ext *ext;
543 {
544 	struct sadb_x_packet *pkt = (struct sadb_x_packet *)ext;
545 
546 	/* sanity check */
547 	if (ext == NULL)
548 		panic("kdebug_sadb_x_packet: NULL pointer was passed.\n");
549 
550 	printf("sadb_x_packet{ copylen=%u\n", pkt->sadb_x_packet_copylen);
551 	printf("  packet=");
552 	ipsec_hexdump((caddr_t)pkt + sizeof(struct sadb_x_packet),
553 		      pkt->sadb_x_packet_copylen);
554 	printf(" }\n");
555 	return;
556 }
557 #endif
558 
559 
560 #ifdef _KERNEL
561 /* %%%: about SPD and SAD */
562 void
kdebug_secpolicy(sp)563 kdebug_secpolicy(sp)
564 	struct secpolicy *sp;
565 {
566 	/* sanity check */
567 	if (sp == NULL)
568 		panic("kdebug_secpolicy: NULL pointer was passed.\n");
569 
570 	printf("secpolicy{ refcnt=%u state=%u policy=%u\n",
571 		sp->refcnt, sp->state, sp->policy);
572 
573 	kdebug_secpolicyindex(&sp->spidx);
574 
575 	switch (sp->policy) {
576 	case IPSEC_POLICY_DISCARD:
577 		printf("  type=discard }\n");
578 		break;
579 	case IPSEC_POLICY_NONE:
580 		printf("  type=none }\n");
581 		break;
582 	case IPSEC_POLICY_IPSEC:
583 	    {
584 		struct ipsecrequest *isr;
585 		for (isr = sp->req; isr != NULL; isr = isr->next) {
586 
587 			printf("  level=%u\n", isr->level);
588 			kdebug_secasindex(&isr->saidx);
589 
590 			if (isr->sav != NULL)
591 				kdebug_secasv(isr->sav);
592 		}
593 		printf("  }\n");
594 	    }
595 		break;
596 	case IPSEC_POLICY_BYPASS:
597 		printf("  type=bypass }\n");
598 		break;
599 	case IPSEC_POLICY_ENTRUST:
600 		printf("  type=entrust }\n");
601 		break;
602 	default:
603 		printf("kdebug_secpolicy: Invalid policy found. %d\n",
604 			sp->policy);
605 		break;
606 	}
607 
608 	return;
609 }
610 
611 void
kdebug_secpolicyindex(spidx)612 kdebug_secpolicyindex(spidx)
613 	struct secpolicyindex *spidx;
614 {
615 	/* sanity check */
616 	if (spidx == NULL)
617 		panic("kdebug_secpolicyindex: NULL pointer was passed.\n");
618 
619 	printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n",
620 		spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto);
621 
622 	ipsec_hexdump((caddr_t)&spidx->src,
623 		sysdep_sa_len((struct sockaddr *)&spidx->src));
624 	printf("\n");
625 	ipsec_hexdump((caddr_t)&spidx->dst,
626 		sysdep_sa_len((struct sockaddr *)&spidx->dst));
627 	printf("}\n");
628 
629 	return;
630 }
631 
632 void
kdebug_secasindex(saidx)633 kdebug_secasindex(saidx)
634 	struct secasindex *saidx;
635 {
636 	/* sanity check */
637 	if (saidx == NULL)
638 		panic("kdebug_secpolicyindex: NULL pointer was passed.\n");
639 
640 	printf("secasindex{ mode=%u proto=%u\n",
641 		saidx->mode, saidx->proto);
642 
643 	ipsec_hexdump((caddr_t)&saidx->src,
644 		sysdep_sa_len((struct sockaddr *)&saidx->src));
645 	printf("\n");
646 	ipsec_hexdump((caddr_t)&saidx->dst,
647 		sysdep_sa_len((struct sockaddr *)&saidx->dst));
648 	printf("\n");
649 
650 	return;
651 }
652 
653 void
kdebug_secasv(sav)654 kdebug_secasv(sav)
655 	struct secasvar *sav;
656 {
657 	/* sanity check */
658 	if (sav == NULL)
659 		panic("kdebug_secasv: NULL pointer was passed.\n");
660 
661 	printf("secas{");
662 	kdebug_secasindex(&sav->sah->saidx);
663 
664 	printf("  refcnt=%u state=%u auth=%u enc=%u\n",
665 	    sav->refcnt, sav->state, sav->alg_auth, sav->alg_enc);
666 	printf("  spi=%u flags=%u\n",
667 	    (u_int32_t)ntohl(sav->spi), sav->flags);
668 
669 	if (sav->key_auth != NULL)
670 		kdebug_sadb_key((struct sadb_ext *)sav->key_auth);
671 	if (sav->key_enc != NULL)
672 		kdebug_sadb_key((struct sadb_ext *)sav->key_enc);
673 	if (sav->iv != NULL) {
674 		printf("  iv=");
675 		ipsec_hexdump(sav->iv, sav->ivlen ? sav->ivlen : 8);
676 		printf("\n");
677 	}
678 
679 	if (sav->replay != NULL)
680 		kdebug_secreplay(sav->replay);
681 	if (sav->lft_c != NULL)
682 		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_c);
683 	if (sav->lft_h != NULL)
684 		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_h);
685 	if (sav->lft_s != NULL)
686 		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_s);
687 
688 #if notyet
689 	/* XXX: misc[123] ? */
690 #endif
691 
692 	return;
693 }
694 
695 static void
kdebug_secreplay(rpl)696 kdebug_secreplay(rpl)
697 	struct secreplay *rpl;
698 {
699 	int len, l;
700 
701 	/* sanity check */
702 	if (rpl == NULL)
703 		panic("kdebug_secreplay: NULL pointer was passed.\n");
704 
705 	printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u",
706 	    rpl->count, rpl->wsize, rpl->seq, rpl->lastseq);
707 
708 	if (rpl->bitmap == NULL) {
709 		printf(" }\n");
710 		return;
711 	}
712 
713 	printf("\n   bitmap { ");
714 
715 	for (len = 0; len < rpl->wsize; len++) {
716 		for (l = 7; l >= 0; l--)
717 			printf("%u", (((rpl->bitmap)[len] >> l) & 1) ? 1 : 0);
718 	}
719 	printf(" }\n");
720 
721 	return;
722 }
723 
724 void
kdebug_mbufhdr(m)725 kdebug_mbufhdr(m)
726 	struct mbuf *m;
727 {
728 	/* sanity check */
729 	if (m == NULL)
730 		return;
731 
732 	printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
733 	       "m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
734 		m, m->m_next, m->m_nextpkt, m->m_data,
735 		m->m_len, m->m_type, m->m_flags);
736 
737 	if (m->m_flags & M_PKTHDR) {
738 		printf("  m_pkthdr{ len:%d rcvif:%p }\n",
739 		    m->m_pkthdr.len, m->m_pkthdr.rcvif);
740 	}
741 
742 #ifdef __FreeBSD__
743 	if (m->m_flags & M_EXT) {
744 		printf("  m_ext{ ext_buf:%p ext_free:%p "
745 		       "ext_size:%u ext_ref:%p }\n",
746 			m->m_ext.ext_buf, m->m_ext.ext_free,
747 			m->m_ext.ext_size, m->m_ext.ext_ref);
748 	}
749 #endif
750 
751 	return;
752 }
753 
754 void
kdebug_mbuf(m0)755 kdebug_mbuf(m0)
756 	struct mbuf *m0;
757 {
758 	struct mbuf *m = m0;
759 	int i, j;
760 
761 	for (j = 0; m; m = m->m_next) {
762 		kdebug_mbufhdr(m);
763 		printf("  m_data:\n");
764 		for (i = 0; i < m->m_len; i++) {
765 			if (i && i % 32 == 0)
766 				printf("\n");
767 			if (i % 4 == 0)
768 				printf(" ");
769 			printf("%02x", mtod(m, u_char *)[i]);
770 			j++;
771 		}
772 		printf("\n");
773 	}
774 
775 	return;
776 }
777 #endif /* _KERNEL */
778 
779 static void
kdebug_sockaddr(addr)780 kdebug_sockaddr(addr)
781 	struct sockaddr *addr;
782 {
783 	struct sockaddr_in *sin4;
784 #ifdef INET6
785 	struct sockaddr_in6 *sin6;
786 #endif
787 
788 	/* sanity check */
789 	if (addr == NULL)
790 		panic("kdebug_sockaddr: NULL pointer was passed.\n");
791 
792 	/* NOTE: We deal with port number as host byte order. */
793 	printf("sockaddr{ len=%u family=%u", sysdep_sa_len(addr), addr->sa_family);
794 
795 	switch (addr->sa_family) {
796 	case AF_INET:
797 		sin4 = (void *)addr;
798 		printf(" port=%u\n", ntohs(sin4->sin_port));
799 		ipsec_hexdump(&sin4->sin_addr, sizeof(sin4->sin_addr));
800 		break;
801 #ifdef INET6
802 	case AF_INET6:
803 		sin6 = (void *)addr;
804 		printf(" port=%u\n", ntohs(sin6->sin6_port));
805 		printf("  flowinfo=0x%08x, scope_id=0x%08x\n",
806 		    sin6->sin6_flowinfo, sin6->sin6_scope_id);
807 		ipsec_hexdump(&sin6->sin6_addr, sizeof(sin6->sin6_addr));
808 		break;
809 #endif
810 	}
811 
812 	printf("  }\n");
813 
814 	return;
815 }
816 
817 void
ipsec_bindump(buf,len)818 ipsec_bindump(buf, len)
819 	caddr_t buf;
820 	int len;
821 {
822 	int i;
823 
824 	for (i = 0; i < len; i++)
825 		printf("%c", (unsigned char)buf[i]);
826 
827 	return;
828 }
829 
830 
831 void
ipsec_hexdump(buf,len)832 ipsec_hexdump(buf, len)
833 	const void *buf;
834 	int len;
835 {
836 	int i;
837 
838 	for (i = 0; i < len; i++) {
839 		if (i != 0 && i % 32 == 0) printf("\n");
840 		if (i % 4 == 0) printf(" ");
841 		printf("%02x", ((const unsigned char *)buf)[i]);
842 	}
843 #if 0
844 	if (i % 32 != 0) printf("\n");
845 #endif
846 
847 	return;
848 }
849