1f6bdcf8sam/*	$FreeBSD$	*/
2f6bdcf8sam/*	$KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $	*/
3f6bdcf8sam
4a50ffc2imp/*-
54736ccfpfg * SPDX-License-Identifier: BSD-3-Clause
64736ccfpfg *
7f6bdcf8sam * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8f6bdcf8sam * All rights reserved.
9f6bdcf8sam *
10f6bdcf8sam * Redistribution and use in source and binary forms, with or without
11f6bdcf8sam * modification, are permitted provided that the following conditions
12f6bdcf8sam * are met:
13f6bdcf8sam * 1. Redistributions of source code must retain the above copyright
14f6bdcf8sam *    notice, this list of conditions and the following disclaimer.
15f6bdcf8sam * 2. Redistributions in binary form must reproduce the above copyright
16f6bdcf8sam *    notice, this list of conditions and the following disclaimer in the
17f6bdcf8sam *    documentation and/or other materials provided with the distribution.
18f6bdcf8sam * 3. Neither the name of the project nor the names of its contributors
19f6bdcf8sam *    may be used to endorse or promote products derived from this software
20f6bdcf8sam *    without specific prior written permission.
21f6bdcf8sam *
22f6bdcf8sam * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23f6bdcf8sam * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24f6bdcf8sam * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25f6bdcf8sam * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26f6bdcf8sam * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27f6bdcf8sam * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28f6bdcf8sam * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29f6bdcf8sam * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30f6bdcf8sam * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31f6bdcf8sam * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32f6bdcf8sam * SUCH DAMAGE.
33f6bdcf8sam */
34f6bdcf8sam
35f6bdcf8sam#ifdef _KERNEL
36f6bdcf8sam#include "opt_inet.h"
37f6bdcf8sam#include "opt_inet6.h"
38f6bdcf8sam#include "opt_ipsec.h"
39f6bdcf8sam#endif
40f6bdcf8sam
41f6bdcf8sam#include <sys/param.h>
42f6bdcf8sam#ifdef _KERNEL
43f6bdcf8sam#include <sys/systm.h>
44908652femaste#include <sys/lock.h>
45306a6faglebius#include <sys/malloc.h>
46f6bdcf8sam#include <sys/mbuf.h>
47908652femaste#include <sys/mutex.h>
48f6bdcf8sam#include <sys/queue.h>
49f6bdcf8sam#endif
50f6bdcf8sam#include <sys/socket.h>
51f6bdcf8sam
5257ca458rwatson#include <net/vnet.h>
53f6bdcf8sam
54f6bdcf8sam#include <netipsec/key_var.h>
55f6bdcf8sam#include <netipsec/key_debug.h>
56f6bdcf8sam
57f6bdcf8sam#include <netinet/in.h>
58f6bdcf8sam#include <netipsec/ipsec.h>
59767a262bz#ifdef _KERNEL
60767a262bz#include <netipsec/keydb.h>
610fb6ad5ae#include <netipsec/xform.h>
62767a262bz#endif
63f6bdcf8sam
64f6bdcf8sam#ifndef _KERNEL
65f6bdcf8sam#include <ctype.h>
66f6bdcf8sam#include <stdio.h>
67f6bdcf8sam#include <stdlib.h>
68cb2e093ae#include <arpa/inet.h>
69f6bdcf8sam#endif /* !_KERNEL */
70f6bdcf8sam
7190acc68aestatic void kdebug_sadb_prop(struct sadb_ext *);
7290acc68aestatic void kdebug_sadb_identity(struct sadb_ext *);
7390acc68aestatic void kdebug_sadb_supported(struct sadb_ext *);
7490acc68aestatic void kdebug_sadb_lifetime(struct sadb_ext *);
7590acc68aestatic void kdebug_sadb_sa(struct sadb_ext *);
7690acc68aestatic void kdebug_sadb_address(struct sadb_ext *);
7790acc68aestatic void kdebug_sadb_key(struct sadb_ext *);
7890acc68aestatic void kdebug_sadb_x_sa2(struct sadb_ext *);
79cb2e093aestatic void kdebug_sadb_x_sa_replay(struct sadb_ext *);
80cb2e093aestatic void kdebug_sadb_x_natt(struct sadb_ext *);
81f6bdcf8sam
82f6bdcf8sam#ifndef _KERNEL
830cd74dbgnn#define panic(fmt, ...)	{ printf(fmt, ## __VA_ARGS__); exit(-1); }
84f6bdcf8sam#endif
85f6bdcf8sam
86f6bdcf8sam/* NOTE: host byte order */
87f6bdcf8sam
88fc7108aemastestatic const char*
89e7d9f57aekdebug_sadb_type(uint8_t type)
90e7d9f57ae{
91e7d9f57ae#define	SADB_NAME(n)	case SADB_ ## n: return (#n)
92e7d9f57ae
93e7d9f57ae	switch (type) {
94e7d9f57ae	SADB_NAME(RESERVED);
95e7d9f57ae	SADB_NAME(GETSPI);
96e7d9f57ae	SADB_NAME(UPDATE);
97e7d9f57ae	SADB_NAME(ADD);
98e7d9f57ae	SADB_NAME(DELETE);
99e7d9f57ae	SADB_NAME(GET);
100e7d9f57ae	SADB_NAME(ACQUIRE);
101e7d9f57ae	SADB_NAME(REGISTER);
102e7d9f57ae	SADB_NAME(EXPIRE);
103e7d9f57ae	SADB_NAME(FLUSH);
104e7d9f57ae	SADB_NAME(DUMP);
105e7d9f57ae	SADB_NAME(X_PROMISC);
106e7d9f57ae	SADB_NAME(X_PCHANGE);
107e7d9f57ae	SADB_NAME(X_SPDUPDATE);
108e7d9f57ae	SADB_NAME(X_SPDADD);
109e7d9f57ae	SADB_NAME(X_SPDDELETE);
110e7d9f57ae	SADB_NAME(X_SPDGET);
111e7d9f57ae	SADB_NAME(X_SPDACQUIRE);
112e7d9f57ae	SADB_NAME(X_SPDDUMP);
113e7d9f57ae	SADB_NAME(X_SPDFLUSH);
114e7d9f57ae	SADB_NAME(X_SPDSETIDX);
115e7d9f57ae	SADB_NAME(X_SPDEXPIRE);
116e7d9f57ae	SADB_NAME(X_SPDDELETE2);
117e7d9f57ae	default:
118e7d9f57ae		return ("UNKNOWN");
119e7d9f57ae	}
120e7d9f57ae#undef SADB_NAME
121e7d9f57ae}
122e7d9f57ae
123fc7108aemastestatic const char*
124e7d9f57aekdebug_sadb_exttype(uint16_t type)
125e7d9f57ae{
126e7d9f57ae#define	EXT_NAME(n)	case SADB_EXT_ ## n: return (#n)
127e7d9f57ae#define	X_NAME(n)	case SADB_X_EXT_ ## n: return (#n)
128e7d9f57ae
129e7d9f57ae	switch (type) {
130e7d9f57ae	EXT_NAME(RESERVED);
131e7d9f57ae	EXT_NAME(SA);
132e7d9f57ae	EXT_NAME(LIFETIME_CURRENT);
133e7d9f57ae	EXT_NAME(LIFETIME_HARD);
134e7d9f57ae	EXT_NAME(LIFETIME_SOFT);
135e7d9f57ae	EXT_NAME(ADDRESS_SRC);
136e7d9f57ae	EXT_NAME(ADDRESS_DST);
137e7d9f57ae	EXT_NAME(ADDRESS_PROXY);
138e7d9f57ae	EXT_NAME(KEY_AUTH);
139e7d9f57ae	EXT_NAME(KEY_ENCRYPT);
140e7d9f57ae	EXT_NAME(IDENTITY_SRC);
141e7d9f57ae	EXT_NAME(IDENTITY_DST);
142e7d9f57ae	EXT_NAME(SENSITIVITY);
143e7d9f57ae	EXT_NAME(PROPOSAL);
144e7d9f57ae	EXT_NAME(SUPPORTED_AUTH);
145e7d9f57ae	EXT_NAME(SUPPORTED_ENCRYPT);
146e7d9f57ae	EXT_NAME(SPIRANGE);
147e7d9f57ae	X_NAME(KMPRIVATE);
148e7d9f57ae	X_NAME(POLICY);
149e7d9f57ae	X_NAME(SA2);
150e7d9f57ae	X_NAME(NAT_T_TYPE);
151e7d9f57ae	X_NAME(NAT_T_SPORT);
152e7d9f57ae	X_NAME(NAT_T_DPORT);
153e7d9f57ae	X_NAME(NAT_T_OAI);
154e7d9f57ae	X_NAME(NAT_T_OAR);
155e7d9f57ae	X_NAME(NAT_T_FRAG);
156e7d9f57ae	X_NAME(SA_REPLAY);
157e7d9f57ae	X_NAME(NEW_ADDRESS_SRC);
158e7d9f57ae	X_NAME(NEW_ADDRESS_DST);
159e7d9f57ae	default:
160e7d9f57ae		return ("UNKNOWN");
161e7d9f57ae	};
162e7d9f57ae#undef EXT_NAME
163e7d9f57ae#undef X_NAME
164e7d9f57ae}
165e7d9f57ae
166e7d9f57ae
167f6bdcf8sam/* %%%: about struct sadb_msg */
168f6bdcf8samvoid
169ef3a17baekdebug_sadb(struct sadb_msg *base)
170f6bdcf8sam{
171f6bdcf8sam	struct sadb_ext *ext;
172f6bdcf8sam	int tlen, extlen;
173f6bdcf8sam
174f6bdcf8sam	/* sanity check */
175f6bdcf8sam	if (base == NULL)
1760a6c1d4sam		panic("%s: NULL pointer was passed.\n", __func__);
177f6bdcf8sam
178e7d9f57ae	printf("sadb_msg{ version=%u type=%u(%s) errno=%u satype=%u\n",
179f6bdcf8sam	    base->sadb_msg_version, base->sadb_msg_type,
180e7d9f57ae	    kdebug_sadb_type(base->sadb_msg_type),
181f6bdcf8sam	    base->sadb_msg_errno, base->sadb_msg_satype);
182f6bdcf8sam	printf("  len=%u reserved=%u seq=%u pid=%u\n",
183f6bdcf8sam	    base->sadb_msg_len, base->sadb_msg_reserved,
184f6bdcf8sam	    base->sadb_msg_seq, base->sadb_msg_pid);
185f6bdcf8sam
186f6bdcf8sam	tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
187f6bdcf8sam	ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg));
188f6bdcf8sam
189f6bdcf8sam	while (tlen > 0) {
190e7d9f57ae		printf("sadb_ext{ len=%u type=%u(%s) }\n",
191e7d9f57ae		    ext->sadb_ext_len, ext->sadb_ext_type,
192e7d9f57ae		    kdebug_sadb_exttype(ext->sadb_ext_type));
193f6bdcf8sam
194f6bdcf8sam		if (ext->sadb_ext_len == 0) {
1950a6c1d4sam			printf("%s: invalid ext_len=0 was passed.\n", __func__);
196f6bdcf8sam			return;
197f6bdcf8sam		}
198f6bdcf8sam		if (ext->sadb_ext_len > tlen) {
1990a6c1d4sam			printf("%s: ext_len too big (%u > %u).\n",
2000a6c1d4sam				__func__, ext->sadb_ext_len, tlen);
201f6bdcf8sam			return;
202f6bdcf8sam		}
203f6bdcf8sam
204f6bdcf8sam		switch (ext->sadb_ext_type) {
205f6bdcf8sam		case SADB_EXT_SA:
206f6bdcf8sam			kdebug_sadb_sa(ext);
207f6bdcf8sam			break;
208f6bdcf8sam		case SADB_EXT_LIFETIME_CURRENT:
209f6bdcf8sam		case SADB_EXT_LIFETIME_HARD:
210f6bdcf8sam		case SADB_EXT_LIFETIME_SOFT:
211f6bdcf8sam			kdebug_sadb_lifetime(ext);
212f6bdcf8sam			break;
213f6bdcf8sam		case SADB_EXT_ADDRESS_SRC:
214f6bdcf8sam		case SADB_EXT_ADDRESS_DST:
215f6bdcf8sam		case SADB_EXT_ADDRESS_PROXY:
216cb2e093ae		case SADB_X_EXT_NAT_T_OAI:
217cb2e093ae		case SADB_X_EXT_NAT_T_OAR:
218cb2e093ae		case SADB_X_EXT_NEW_ADDRESS_SRC:
219cb2e093ae		case SADB_X_EXT_NEW_ADDRESS_DST:
220f6bdcf8sam			kdebug_sadb_address(ext);
221f6bdcf8sam			break;
222f6bdcf8sam		case SADB_EXT_KEY_AUTH:
223f6bdcf8sam		case SADB_EXT_KEY_ENCRYPT:
224f6bdcf8sam			kdebug_sadb_key(ext);
225f6bdcf8sam			break;
226f6bdcf8sam		case SADB_EXT_IDENTITY_SRC:
227f6bdcf8sam		case SADB_EXT_IDENTITY_DST:
228f6bdcf8sam			kdebug_sadb_identity(ext);
229f6bdcf8sam			break;
230f6bdcf8sam		case SADB_EXT_SENSITIVITY:
231f6bdcf8sam			break;
232f6bdcf8sam		case SADB_EXT_PROPOSAL:
233f6bdcf8sam			kdebug_sadb_prop(ext);
234f6bdcf8sam			break;
235f6bdcf8sam		case SADB_EXT_SUPPORTED_AUTH:
236f6bdcf8sam		case SADB_EXT_SUPPORTED_ENCRYPT:
237f6bdcf8sam			kdebug_sadb_supported(ext);
238f6bdcf8sam			break;
239f6bdcf8sam		case SADB_EXT_SPIRANGE:
240f6bdcf8sam		case SADB_X_EXT_KMPRIVATE:
241f6bdcf8sam			break;
242f6bdcf8sam		case SADB_X_EXT_POLICY:
243f6bdcf8sam			kdebug_sadb_x_policy(ext);
244f6bdcf8sam			break;
245f6bdcf8sam		case SADB_X_EXT_SA2:
246f6bdcf8sam			kdebug_sadb_x_sa2(ext);
247f6bdcf8sam			break;
248cb2e093ae		case SADB_X_EXT_SA_REPLAY:
249cb2e093ae			kdebug_sadb_x_sa_replay(ext);
250cb2e093ae			break;
251cb2e093ae		case SADB_X_EXT_NAT_T_TYPE:
252cb2e093ae		case SADB_X_EXT_NAT_T_SPORT:
253cb2e093ae		case SADB_X_EXT_NAT_T_DPORT:
254cb2e093ae			kdebug_sadb_x_natt(ext);
255cb2e093ae			break;
256f6bdcf8sam		default:
2570a6c1d4sam			printf("%s: invalid ext_type %u\n", __func__,
258f6bdcf8sam			    ext->sadb_ext_type);
259f6bdcf8sam			return;
260f6bdcf8sam		}
261f6bdcf8sam
262f6bdcf8sam		extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
263f6bdcf8sam		tlen -= extlen;
264f6bdcf8sam		ext = (struct sadb_ext *)((caddr_t)ext + extlen);
265f6bdcf8sam	}
266f6bdcf8sam
267f6bdcf8sam	return;
268f6bdcf8sam}
269f6bdcf8sam
270f6bdcf8samstatic void
271ef3a17baekdebug_sadb_prop(struct sadb_ext *ext)
272f6bdcf8sam{
273f6bdcf8sam	struct sadb_prop *prop = (struct sadb_prop *)ext;
274f6bdcf8sam	struct sadb_comb *comb;
275f6bdcf8sam	int len;
276f6bdcf8sam
277f6bdcf8sam	/* sanity check */
278f6bdcf8sam	if (ext == NULL)
2790a6c1d4sam		panic("%s: NULL pointer was passed.\n", __func__);
280f6bdcf8sam
281f6bdcf8sam	len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop))
282f6bdcf8sam		/ sizeof(*comb);
283f6bdcf8sam	comb = (struct sadb_comb *)(prop + 1);
284f6bdcf8sam	printf("sadb_prop{ replay=%u\n", prop->sadb_prop_replay);
285f6bdcf8sam
286f6bdcf8sam	while (len--) {
287f6bdcf8sam		printf("sadb_comb{ auth=%u encrypt=%u "
288f6bdcf8sam			"flags=0x%04x reserved=0x%08x\n",
289f6bdcf8sam			comb->sadb_comb_auth, comb->sadb_comb_encrypt,
290f6bdcf8sam			comb->sadb_comb_flags, comb->sadb_comb_reserved);
291f6bdcf8sam
292f6bdcf8sam		printf("  auth_minbits=%u auth_maxbits=%u "
293f6bdcf8sam			"encrypt_minbits=%u encrypt_maxbits=%u\n",
294f6bdcf8sam			comb->sadb_comb_auth_minbits,
295f6bdcf8sam			comb->sadb_comb_auth_maxbits,
296f6bdcf8sam			comb->sadb_comb_encrypt_minbits,
297f6bdcf8sam			comb->sadb_comb_encrypt_maxbits);
298f6bdcf8sam
299f6bdcf8sam		printf("  soft_alloc=%u hard_alloc=%u "
300f6bdcf8sam			"soft_bytes=%lu hard_bytes=%lu\n",
301f6bdcf8sam			comb->sadb_comb_soft_allocations,
302f6bdcf8sam			comb->sadb_comb_hard_allocations,
303f6bdcf8sam			(unsigned long)comb->sadb_comb_soft_bytes,
304f6bdcf8sam			(unsigned long)comb->sadb_comb_hard_bytes);
305f6bdcf8sam
306f6bdcf8sam		printf("  soft_alloc=%lu hard_alloc=%lu "
307f6bdcf8sam			"soft_bytes=%lu hard_bytes=%lu }\n",
308f6bdcf8sam			(unsigned long)comb->sadb_comb_soft_addtime,
309f6bdcf8sam			(unsigned long)comb->sadb_comb_hard_addtime,
310f6bdcf8sam			(unsigned long)comb->sadb_comb_soft_usetime,
311f6bdcf8sam			(unsigned long)comb->sadb_comb_hard_usetime);
312f6bdcf8sam		comb++;
313f6bdcf8sam	}
314f6bdcf8sam	printf("}\n");
315f6bdcf8sam
316f6bdcf8sam	return;
317f6bdcf8sam}
318f6bdcf8sam
319f6bdcf8samstatic void
320ef3a17baekdebug_sadb_identity(struct sadb_ext *ext)
321f6bdcf8sam{
322f6bdcf8sam	struct sadb_ident *id = (struct sadb_ident *)ext;
323f6bdcf8sam	int len;
324f6bdcf8sam
325f6bdcf8sam	/* sanity check */
326f6bdcf8sam	if (ext == NULL)
3270a6c1d4sam		panic("%s: NULL pointer was passed.\n", __func__);
328f6bdcf8sam
329f6bdcf8sam	len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id);
330f6bdcf8sam	printf("sadb_ident_%s{",
331f6bdcf8sam	    id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst");
332f6bdcf8sam	switch (id->sadb_ident_type) {
333f6bdcf8sam	default:
334f6bdcf8sam		printf(" type=%d id=%lu",
335f6bdcf8sam			id->sadb_ident_type, (u_long)id->sadb_ident_id);
336f6bdcf8sam		if (len) {
337f6bdcf8sam#ifdef _KERNEL
338f6bdcf8sam			ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
339f6bdcf8sam#else
340f6bdcf8sam			char *p, *ep;
341f6bdcf8sam			printf("\n  str=\"");
342f6bdcf8sam			p = (char *)(id + 1);
343f6bdcf8sam			ep = p + len;
344f6bdcf8sam			for (/*nothing*/; *p && p < ep; p++) {
345f6bdcf8sam				if (isprint(*p))
346f6bdcf8sam					printf("%c", *p & 0xff);
347f6bdcf8sam				else
348f6bdcf8sam					printf("\\%03o", *p & 0xff);
349f6bdcf8sam			}
350f6bdcf8sam#endif
351f6bdcf8sam			printf("\"");
352f6bdcf8sam		}
353f6bdcf8sam		break;
354f6bdcf8sam	}
355f6bdcf8sam
356f6bdcf8sam	printf(" }\n");
357f6bdcf8sam
358f6bdcf8sam	return;
359f6bdcf8sam}
360f6bdcf8sam
361f6bdcf8samstatic void
362ef3a17baekdebug_sadb_supported(struct sadb_ext *ext)
363f6bdcf8sam{
364f6bdcf8sam	struct sadb_supported *sup = (struct sadb_supported *)ext;
365f6bdcf8sam	struct sadb_alg *alg;
366f6bdcf8sam	int len;
367f6bdcf8sam
368f6bdcf8sam	/* sanity check */
369f6bdcf8sam	if (ext == NULL)
3700a6c1d4sam		panic("%s: NULL pointer was passed.\n", __func__);
371f6bdcf8sam
372f6bdcf8sam	len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup))
373f6bdcf8sam		/ sizeof(*alg);
374f6bdcf8sam	alg = (struct sadb_alg *)(sup + 1);
375f6bdcf8sam	printf("sadb_sup{\n");
376f6bdcf8sam	while (len--) {
377f6bdcf8sam		printf("  { id=%d ivlen=%d min=%d max=%d }\n",
378f6bdcf8sam			alg->sadb_alg_id, alg->sadb_alg_ivlen,
379f6bdcf8sam			alg->sadb_alg_minbits, alg->sadb_alg_maxbits);
380f6bdcf8sam		alg++;
381f6bdcf8sam	}
382f6bdcf8sam	printf("}\n");
383f6bdcf8sam
384f6bdcf8sam	return;
385f6bdcf8sam}
386f6bdcf8sam
387f6bdcf8samstatic void
388ef3a17baekdebug_sadb_lifetime(struct sadb_ext *ext)
389f6bdcf8sam{
390f6bdcf8sam	struct sadb_lifetime *lft = (struct sadb_lifetime *)ext;
391f6bdcf8sam
392f6bdcf8sam	/* sanity check */
393f6bdcf8sam	if (ext == NULL)
394767a262bz		panic("%s: NULL pointer was passed.\n", __func__);
395f6bdcf8sam
396f6bdcf8sam	printf("sadb_lifetime{ alloc=%u, bytes=%u\n",
397f6bdcf8sam		lft->sadb_lifetime_allocations,
398f6bdcf8sam		(u_int32_t)lft->sadb_lifetime_bytes);
399f6bdcf8sam	printf("  addtime=%u, usetime=%u }\n",
400f6bdcf8sam		(u_int32_t)lft->sadb_lifetime_addtime,
401