1 /* $FreeBSD: src/sys/netkey/key_debug.c,v 1.10.2.2 2001/07/03 11:01:59 ume Exp $ */
2 /* $KAME: key_debug.c,v 1.25 2000/07/24 13:23:12 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include "opt_inet6.h"
36 #include "opt_ipsec.h"
39 #include <sys/types.h>
40 #include <sys/param.h>
42 #include <sys/systm.h>
44 #include <sys/queue.h>
46 #include <sys/socket.h>
48 #include <net/route.h>
50 #include <netkey/key_var.h>
52 #include <netinet/in.h>
53 #include <netinet6/ipsec.h>
61 #if !defined(_KERNEL) || (defined(_KERNEL) && defined(IPSEC_DEBUG))
63 static void kdebug_sadb_prop
__P((struct sadb_ext
*));
64 static void kdebug_sadb_identity
__P((struct sadb_ext
*));
65 static void kdebug_sadb_supported
__P((struct sadb_ext
*));
66 static void kdebug_sadb_lifetime
__P((struct sadb_ext
*));
67 static void kdebug_sadb_sa
__P((struct sadb_ext
*));
68 static void kdebug_sadb_address
__P((struct sadb_ext
*));
69 static void kdebug_sadb_key
__P((struct sadb_ext
*));
70 static void kdebug_sadb_x_sa2
__P((struct sadb_ext
*));
73 static void kdebug_secreplay
__P((struct secreplay
*));
77 #define panic(param) { printf(param); exit(-1); }
80 /* NOTE: host byte order */
82 /* %%%: about struct sadb_msg */
85 struct sadb_msg
*base
;
92 panic("kdebug_sadb: NULL pointer was passed.\n");
94 printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n",
95 base
->sadb_msg_version
, base
->sadb_msg_type
,
96 base
->sadb_msg_errno
, base
->sadb_msg_satype
);
97 printf(" len=%u reserved=%u seq=%u pid=%u\n",
98 base
->sadb_msg_len
, base
->sadb_msg_reserved
,
99 base
->sadb_msg_seq
, base
->sadb_msg_pid
);
101 tlen
= PFKEY_UNUNIT64(base
->sadb_msg_len
) - sizeof(struct sadb_msg
);
102 ext
= (struct sadb_ext
*)((caddr_t
)base
+ sizeof(struct sadb_msg
));
105 printf("sadb_ext{ len=%u type=%u }\n",
106 ext
->sadb_ext_len
, ext
->sadb_ext_type
);
108 if (ext
->sadb_ext_len
== 0) {
109 printf("kdebug_sadb: invalid ext_len=0 was passed.\n");
112 if (ext
->sadb_ext_len
> tlen
) {
113 printf("kdebug_sadb: ext_len exceeds end of buffer.\n");
117 switch (ext
->sadb_ext_type
) {
121 case SADB_EXT_LIFETIME_CURRENT
:
122 case SADB_EXT_LIFETIME_HARD
:
123 case SADB_EXT_LIFETIME_SOFT
:
124 kdebug_sadb_lifetime(ext
);
126 case SADB_EXT_ADDRESS_SRC
:
127 case SADB_EXT_ADDRESS_DST
:
128 case SADB_EXT_ADDRESS_PROXY
:
129 kdebug_sadb_address(ext
);
131 case SADB_EXT_KEY_AUTH
:
132 case SADB_EXT_KEY_ENCRYPT
:
133 kdebug_sadb_key(ext
);
135 case SADB_EXT_IDENTITY_SRC
:
136 case SADB_EXT_IDENTITY_DST
:
137 kdebug_sadb_identity(ext
);
139 case SADB_EXT_SENSITIVITY
:
141 case SADB_EXT_PROPOSAL
:
142 kdebug_sadb_prop(ext
);
144 case SADB_EXT_SUPPORTED_AUTH
:
145 case SADB_EXT_SUPPORTED_ENCRYPT
:
146 kdebug_sadb_supported(ext
);
148 case SADB_EXT_SPIRANGE
:
149 case SADB_X_EXT_KMPRIVATE
:
151 case SADB_X_EXT_POLICY
:
152 kdebug_sadb_x_policy(ext
);
155 kdebug_sadb_x_sa2(ext
);
158 printf("kdebug_sadb: invalid ext_type %u was passed.\n",
163 extlen
= PFKEY_UNUNIT64(ext
->sadb_ext_len
);
165 ext
= (struct sadb_ext
*)((caddr_t
)ext
+ extlen
);
172 kdebug_sadb_prop(ext
)
173 struct sadb_ext
*ext
;
175 struct sadb_prop
*prop
= (struct sadb_prop
*)ext
;
176 struct sadb_comb
*comb
;
181 panic("kdebug_sadb_prop: NULL pointer was passed.\n");
183 len
= (PFKEY_UNUNIT64(prop
->sadb_prop_len
) - sizeof(*prop
))
185 comb
= (struct sadb_comb
*)(prop
+ 1);
186 printf("sadb_prop{ replay=%u\n", prop
->sadb_prop_replay
);
189 printf("sadb_comb{ auth=%u encrypt=%u "
190 "flags=0x%04x reserved=0x%08x\n",
191 comb
->sadb_comb_auth
, comb
->sadb_comb_encrypt
,
192 comb
->sadb_comb_flags
, comb
->sadb_comb_reserved
);
194 printf(" auth_minbits=%u auth_maxbits=%u "
195 "encrypt_minbits=%u encrypt_maxbits=%u\n",
196 comb
->sadb_comb_auth_minbits
,
197 comb
->sadb_comb_auth_maxbits
,
198 comb
->sadb_comb_encrypt_minbits
,
199 comb
->sadb_comb_encrypt_maxbits
);
201 printf(" soft_alloc=%u hard_alloc=%u "
202 "soft_bytes=%lu hard_bytes=%lu\n",
203 comb
->sadb_comb_soft_allocations
,
204 comb
->sadb_comb_hard_allocations
,
205 (unsigned long)comb
->sadb_comb_soft_bytes
,
206 (unsigned long)comb
->sadb_comb_hard_bytes
);
208 printf(" soft_alloc=%lu hard_alloc=%lu "
209 "soft_bytes=%lu hard_bytes=%lu }\n",
210 (unsigned long)comb
->sadb_comb_soft_addtime
,
211 (unsigned long)comb
->sadb_comb_hard_addtime
,
212 (unsigned long)comb
->sadb_comb_soft_usetime
,
213 (unsigned long)comb
->sadb_comb_hard_usetime
);
222 kdebug_sadb_identity(ext
)
223 struct sadb_ext
*ext
;
225 struct sadb_ident
*id
= (struct sadb_ident
*)ext
;
230 panic("kdebug_sadb_identity: NULL pointer was passed.\n");
232 len
= PFKEY_UNUNIT64(id
->sadb_ident_len
) - sizeof(*id
);
233 printf("sadb_ident_%s{",
234 id
->sadb_ident_exttype
== SADB_EXT_IDENTITY_SRC
? "src" : "dst");
235 switch (id
->sadb_ident_type
) {
237 printf(" type=%d id=%lu",
238 id
->sadb_ident_type
, (u_long
)id
->sadb_ident_id
);
241 ipsec_hexdump((caddr_t
)(id
+ 1), len
); /*XXX cast ?*/
245 p
= (char *)(id
+ 1);
247 for (/*nothing*/; *p
&& p
< ep
; p
++) {
249 printf("%c", *p
& 0xff);
251 printf("\\%03o", *p
& 0xff);
265 kdebug_sadb_supported(ext
)
266 struct sadb_ext
*ext
;
268 struct sadb_supported
*sup
= (struct sadb_supported
*)ext
;
269 struct sadb_alg
*alg
;
274 panic("kdebug_sadb_supported: NULL pointer was passed.\n");
276 len
= (PFKEY_UNUNIT64(sup
->sadb_supported_len
) - sizeof(*sup
))
278 alg
= (struct sadb_alg
*)(sup
+ 1);
279 printf("sadb_sup{\n");
281 printf(" { id=%d ivlen=%d min=%d max=%d }\n",
282 alg
->sadb_alg_id
, alg
->sadb_alg_ivlen
,
283 alg
->sadb_alg_minbits
, alg
->sadb_alg_maxbits
);
292 kdebug_sadb_lifetime(ext
)
293 struct sadb_ext
*ext
;
295 struct sadb_lifetime
*lft
= (struct sadb_lifetime
*)ext
;
299 printf("kdebug_sadb_lifetime: NULL pointer was passed.\n");
301 printf("sadb_lifetime{ alloc=%u, bytes=%u\n",
302 lft
->sadb_lifetime_allocations
,
303 (u_int32_t
)lft
->sadb_lifetime_bytes
);
304 printf(" addtime=%u, usetime=%u }\n",
305 (u_int32_t
)lft
->sadb_lifetime_addtime
,
306 (u_int32_t
)lft
->sadb_lifetime_usetime
);
313 struct sadb_ext
*ext
;
315 struct sadb_sa
*sa
= (struct sadb_sa
*)ext
;
319 panic("kdebug_sadb_sa: NULL pointer was passed.\n");
321 printf("sadb_sa{ spi=%u replay=%u state=%u\n",
322 (u_int32_t
)ntohl(sa
->sadb_sa_spi
), sa
->sadb_sa_replay
,
324 printf(" auth=%u encrypt=%u flags=0x%08x }\n",
325 sa
->sadb_sa_auth
, sa
->sadb_sa_encrypt
, sa
->sadb_sa_flags
);
331 kdebug_sadb_address(ext
)
332 struct sadb_ext
*ext
;
334 struct sadb_address
*addr
= (struct sadb_address
*)ext
;
338 panic("kdebug_sadb_address: NULL pointer was passed.\n");
340 printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n",
341 addr
->sadb_address_proto
, addr
->sadb_address_prefixlen
,
342 ((u_char
*)&addr
->sadb_address_reserved
)[0],
343 ((u_char
*)&addr
->sadb_address_reserved
)[1]);
345 kdebug_sockaddr((struct sockaddr
*)((caddr_t
)ext
+ sizeof(*addr
)));
352 struct sadb_ext
*ext
;
354 struct sadb_key
*key
= (struct sadb_key
*)ext
;
358 panic("kdebug_sadb_key: NULL pointer was passed.\n");
360 printf("sadb_key{ bits=%u reserved=%u\n",
361 key
->sadb_key_bits
, key
->sadb_key_reserved
);
365 if ((key
->sadb_key_bits
>> 3) >
366 (PFKEY_UNUNIT64(key
->sadb_key_len
) - sizeof(struct sadb_key
))) {
367 printf("kdebug_sadb_key: key length mismatch, bit:%d len:%ld.\n",
368 key
->sadb_key_bits
>> 3,
369 (long)PFKEY_UNUNIT64(key
->sadb_key_len
) - sizeof(struct sadb_key
));
372 ipsec_hexdump((caddr_t
)key
+ sizeof(struct sadb_key
),
373 key
->sadb_key_bits
>> 3);
379 kdebug_sadb_x_sa2(ext
)
380 struct sadb_ext
*ext
;
382 struct sadb_x_sa2
*sa2
= (struct sadb_x_sa2
*)ext
;
386 panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n");
388 printf("sadb_x_sa2{ mode=%u reqid=%u\n",
389 sa2
->sadb_x_sa2_mode
, sa2
->sadb_x_sa2_reqid
);
390 printf(" reserved1=%u reserved2=%u reserved3=%u }\n",
391 sa2
->sadb_x_sa2_reserved1
, sa2
->sadb_x_sa2_reserved1
,
392 sa2
->sadb_x_sa2_reserved1
);
398 kdebug_sadb_x_policy(ext
)
399 struct sadb_ext
*ext
;
401 struct sadb_x_policy
*xpl
= (struct sadb_x_policy
*)ext
;
402 struct sockaddr
*addr
;
406 panic("kdebug_sadb_x_policy: NULL pointer was passed.\n");
408 printf("sadb_x_policy{ type=%u dir=%u id=%x }\n",
409 xpl
->sadb_x_policy_type
, xpl
->sadb_x_policy_dir
,
410 xpl
->sadb_x_policy_id
);
412 if (xpl
->sadb_x_policy_type
== IPSEC_POLICY_IPSEC
) {
414 struct sadb_x_ipsecrequest
*xisr
;
416 tlen
= PFKEY_UNUNIT64(xpl
->sadb_x_policy_len
) - sizeof(*xpl
);
417 xisr
= (struct sadb_x_ipsecrequest
*)(xpl
+ 1);
420 printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n",
421 xisr
->sadb_x_ipsecrequest_len
,
422 xisr
->sadb_x_ipsecrequest_proto
,
423 xisr
->sadb_x_ipsecrequest_mode
,
424 xisr
->sadb_x_ipsecrequest_level
,
425 xisr
->sadb_x_ipsecrequest_reqid
);
427 if (xisr
->sadb_x_ipsecrequest_len
> sizeof(*xisr
)) {
428 addr
= (struct sockaddr
*)(xisr
+ 1);
429 kdebug_sockaddr(addr
);
430 addr
= (struct sockaddr
*)((caddr_t
)addr
432 kdebug_sockaddr(addr
);
437 /* prevent infinite loop */
438 if (xisr
->sadb_x_ipsecrequest_len
<= 0) {
439 printf("kdebug_sadb_x_policy: wrong policy struct.\n");
442 /* prevent overflow */
443 if (xisr
->sadb_x_ipsecrequest_len
> tlen
) {
444 printf("invalid ipsec policy length\n");
448 tlen
-= xisr
->sadb_x_ipsecrequest_len
;
450 xisr
= (struct sadb_x_ipsecrequest
*)((caddr_t
)xisr
451 + xisr
->sadb_x_ipsecrequest_len
);
455 panic("kdebug_sadb_x_policy: wrong policy struct.\n");
462 /* %%%: about SPD and SAD */
465 struct secpolicy
*sp
;
469 panic("kdebug_secpolicy: NULL pointer was passed.\n");
471 printf("secpolicy{ refcnt=%u state=%u policy=%u\n",
472 sp
->refcnt
, sp
->state
, sp
->policy
);
474 kdebug_secpolicyindex(&sp
->spidx
);
476 switch (sp
->policy
) {
477 case IPSEC_POLICY_DISCARD
:
478 printf(" type=discard }\n");
480 case IPSEC_POLICY_NONE
:
481 printf(" type=none }\n");
483 case IPSEC_POLICY_IPSEC
:
485 struct ipsecrequest
*isr
;
486 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
488 printf(" level=%u\n", isr
->level
);
489 kdebug_secasindex(&isr
->saidx
);
491 if (isr
->sav
!= NULL
)
492 kdebug_secasv(isr
->sav
);
497 case IPSEC_POLICY_BYPASS
:
498 printf(" type=bypass }\n");
500 case IPSEC_POLICY_ENTRUST
:
501 printf(" type=entrust }\n");
504 printf("kdebug_secpolicy: Invalid policy found. %d\n",
513 kdebug_secpolicyindex(spidx
)
514 struct secpolicyindex
*spidx
;
518 panic("kdebug_secpolicyindex: NULL pointer was passed.\n");
520 printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n",
521 spidx
->dir
, spidx
->prefs
, spidx
->prefd
, spidx
->ul_proto
);
523 ipsec_hexdump((caddr_t
)&spidx
->src
,
524 ((struct sockaddr
*)&spidx
->src
)->sa_len
);
526 ipsec_hexdump((caddr_t
)&spidx
->dst
,
527 ((struct sockaddr
*)&spidx
->dst
)->sa_len
);
534 kdebug_secasindex(saidx
)
535 struct secasindex
*saidx
;
539 panic("kdebug_secpolicyindex: NULL pointer was passed.\n");
541 printf("secasindex{ mode=%u proto=%u\n",
542 saidx
->mode
, saidx
->proto
);
544 ipsec_hexdump((caddr_t
)&saidx
->src
,
545 ((struct sockaddr
*)&saidx
->src
)->sa_len
);
547 ipsec_hexdump((caddr_t
)&saidx
->dst
,
548 ((struct sockaddr
*)&saidx
->dst
)->sa_len
);
556 struct secasvar
*sav
;
560 panic("kdebug_secasv: NULL pointer was passed.\n");
563 kdebug_secasindex(&sav
->sah
->saidx
);
565 printf(" refcnt=%u state=%u auth=%u enc=%u\n",
566 sav
->refcnt
, sav
->state
, sav
->alg_auth
, sav
->alg_enc
);
567 printf(" spi=%u flags=%u\n",
568 (u_int32_t
)ntohl(sav
->spi
), sav
->flags
);
570 if (sav
->key_auth
!= NULL
)
571 kdebug_sadb_key((struct sadb_ext
*)sav
->key_auth
);
572 if (sav
->key_enc
!= NULL
)
573 kdebug_sadb_key((struct sadb_ext
*)sav
->key_enc
);
574 if (sav
->iv
!= NULL
) {
576 ipsec_hexdump(sav
->iv
, sav
->ivlen
? sav
->ivlen
: 8);
580 if (sav
->replay
!= NULL
)
581 kdebug_secreplay(sav
->replay
);
582 if (sav
->lft_c
!= NULL
)
583 kdebug_sadb_lifetime((struct sadb_ext
*)sav
->lft_c
);
584 if (sav
->lft_h
!= NULL
)
585 kdebug_sadb_lifetime((struct sadb_ext
*)sav
->lft_h
);
586 if (sav
->lft_s
!= NULL
)
587 kdebug_sadb_lifetime((struct sadb_ext
*)sav
->lft_s
);
590 /* XXX: misc[123] ? */
597 kdebug_secreplay(rpl
)
598 struct secreplay
*rpl
;
604 panic("kdebug_secreplay: NULL pointer was passed.\n");
606 printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u",
607 rpl
->count
, rpl
->wsize
, rpl
->seq
, rpl
->lastseq
);
609 if (rpl
->bitmap
== NULL
) {
614 printf("\n bitmap { ");
616 for (len
= 0; len
< rpl
->wsize
; len
++) {
617 for (l
= 7; l
>= 0; l
--)
618 printf("%u", (((rpl
->bitmap
)[len
] >> l
) & 1) ? 1 : 0);
633 printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
634 "m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
635 m
, m
->m_next
, m
->m_nextpkt
, m
->m_data
,
636 m
->m_len
, m
->m_type
, m
->m_flags
);
638 if (m
->m_flags
& M_PKTHDR
) {
639 printf(" m_pkthdr{ len:%d rcvif:%p }\n",
640 m
->m_pkthdr
.len
, m
->m_pkthdr
.rcvif
);
643 if (m
->m_flags
& M_EXT
) {
644 printf(" m_ext{ ext_buf:%p ext_free:%p "
645 "ext_size:%u ext_ref:%p }\n",
646 m
->m_ext
.ext_buf
, m
->m_ext
.ext_free
,
647 m
->m_ext
.ext_size
, m
->m_ext
.ext_ref
);
660 for (j
= 0; m
; m
= m
->m_next
) {
662 printf(" m_data:\n");
663 for (i
= 0; i
< m
->m_len
; i
++) {
664 if (i
&& i
% 32 == 0)
668 printf("%02x", mtod(m
, u_char
*)[i
]);
679 kdebug_sockaddr(addr
)
680 struct sockaddr
*addr
;
682 struct sockaddr_in
*sin
;
684 struct sockaddr_in6
*sin6
;
689 panic("kdebug_sockaddr: NULL pointer was passed.\n");
691 /* NOTE: We deal with port number as host byte order. */
692 printf("sockaddr{ len=%u family=%u", addr
->sa_len
, addr
->sa_family
);
694 switch (addr
->sa_family
) {
696 sin
= (struct sockaddr_in
*)addr
;
697 printf(" port=%u\n", ntohs(sin
->sin_port
));
698 ipsec_hexdump((caddr_t
)&sin
->sin_addr
, sizeof(sin
->sin_addr
));
702 sin6
= (struct sockaddr_in6
*)addr
;
703 printf(" port=%u\n", ntohs(sin6
->sin6_port
));
704 printf(" flowinfo=0x%08x, scope_id=0x%08x\n",
705 sin6
->sin6_flowinfo
, sin6
->sin6_scope_id
);
706 ipsec_hexdump((caddr_t
)&sin6
->sin6_addr
,
707 sizeof(sin6
->sin6_addr
));
718 ipsec_bindump(buf
, len
)
724 for (i
= 0; i
< len
; i
++)
725 printf("%c", (unsigned char)buf
[i
]);
732 ipsec_hexdump(buf
, len
)
738 for (i
= 0; i
< len
; i
++) {
739 if (i
!= 0 && i
% 32 == 0) printf("\n");
740 if (i
% 4 == 0) printf(" ");
741 printf("%02x", (unsigned char)buf
[i
]);
744 if (i
% 32 != 0) printf("\n");
750 #endif /* !defined(_KERNEL) || (defined(_KERNEL) && defined(IPSEC_DEBUG)) */