sync with kame tree as of july00. tons of bug fixes/improvements.

API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
author: itojun <itojun@FreeBSD.org> 2000-07-04 16:35:15 +0000
committer: itojun <itojun@FreeBSD.org> 2000-07-04 16:35:15 +0000
commit: 5f4e854de19331a53788d6100bbcd42845056bc1 (patch)
tree: 3ff8c876a5868b103fb8713055d83e29a3fa38d5 /sys/netkey/key_debug.c
parent: bdc16885232d771a99d7dfc247cd27a44cd061f9 (diff)
download: FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.zip
FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.tar.gz
1 files changed, 127 insertions, 57 deletions
diff --git a/sys/netkey/key_debug.c b/sys/netkey/key_debug.c
index 6b7e77c..b88ace8 100644
--- a/sys/netkey/key_debug.c
+++ b/sys/netkey/key_debug.c
@@ -1,3 +1,6 @@
+/*	$FreeBSD$	*/
+/*	$KAME: key_debug.c,v 1.23 2000/07/04 04:08:15 itojun Exp $	*/
+
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
@@ -25,15 +28,11 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $FreeBSD$
  */
 
-/* KAME @(#)$Id: key_debug.c,v 1.1.6.2.4.3 1999/07/06 12:05:13 itojun Exp $ */
-
 #ifdef _KERNEL
+#include "opt_inet.h"
 #include "opt_inet6.h"
-#include "opt_ipsec.h"
 #endif
 
 #include <sys/types.h>
@@ -47,17 +46,20 @@
 #include <net/route.h>
 
 #include <netkey/key_var.h>
+#ifdef IPSEC_DEBUG
 #include <netkey/key_debug.h>
+#else
+#define	KEYDEBUG(lev,arg)
+#endif
 
 #include <netinet/in.h>
-#include <netinet6/in6.h>
 #include <netinet6/ipsec.h>
 
 #ifndef _KERNEL
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
-#endif
+#endif /* !_KERNEL */
 
 #if !defined(_KERNEL) || (defined(_KERNEL) && defined(IPSEC_DEBUG))
 
@@ -68,13 +70,14 @@ static void kdebug_sadb_lifetime __P((struct sadb_ext *));
 static void kdebug_sadb_sa __P((struct sadb_ext *));
 static void kdebug_sadb_address __P((struct sadb_ext *));
 static void kdebug_sadb_key __P((struct sadb_ext *));
+static void kdebug_sadb_x_sa2 __P((struct sadb_ext *));
 
 #ifdef _KERNEL
 static void kdebug_secreplay __P((struct secreplay *));
 #endif
 
 #ifndef _KERNEL
-#define	panic(param)	{ printf(param); exit(-1); }
+#define panic(param)	{ printf(param); exit(-1); }
 #endif
 
 /* NOTE: host byte order */
@@ -94,9 +97,9 @@ kdebug_sadb(base)
 	printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n",
 	    base->sadb_msg_version, base->sadb_msg_type,
 	    base->sadb_msg_errno, base->sadb_msg_satype);
-	printf("  len=%u mode=%u reserved=%u seq=%u pid=%u }\n",
-	    base->sadb_msg_len, base->sadb_msg_mode,
-	    base->sadb_msg_reserved, base->sadb_msg_seq, base->sadb_msg_pid);
+	printf("  len=%u reserved=%u seq=%u pid=%u\n",
+	    base->sadb_msg_len, base->sadb_msg_reserved,
+	    base->sadb_msg_seq, base->sadb_msg_pid);
 
 	tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
 	ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg));
@@ -109,6 +112,10 @@ kdebug_sadb(base)
 			printf("kdebug_sadb: invalid ext_len=0 was passed.\n");
 			return;
 		}
+		if (ext->sadb_ext_len > tlen) {
+			printf("kdebug_sadb: ext_len exceeds end of buffer.\n");
+			return;
+		}
 
 		switch (ext->sadb_ext_type) {
 		case SADB_EXT_SA:
@@ -147,6 +154,9 @@ kdebug_sadb(base)
 		case SADB_X_EXT_POLICY:
 			kdebug_sadb_x_policy(ext);
 			break;
+		case SADB_X_EXT_SA2:
+			kdebug_sadb_x_sa2(ext);
+			break;
 		default:
 			printf("kdebug_sadb: invalid ext_type %u was passed.\n",
 			    ext->sadb_ext_type);
@@ -225,25 +235,30 @@ kdebug_sadb_identity(ext)
 	len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id);
 	printf("sadb_ident_%s{",
 	    id->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC ? "src" : "dst");
-	printf(" type=%d id=%lu",
-	    id->sadb_ident_type, (u_long)id->sadb_ident_id);
-	if (len) {
+	switch (id->sadb_ident_type) {
+	default:
+		printf(" type=%d id=%lu",
+			id->sadb_ident_type, (u_long)id->sadb_ident_id);
+		if (len) {
 #ifdef _KERNEL
-		ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
+			ipsec_hexdump((caddr_t)(id + 1), len); /*XXX cast ?*/
 #else
-		char *p, *ep;
-		printf("\n  str=\"");
-		p = (char *)(id + 1);
-		ep = p + len;
-		for (/*nothing*/; *p && p < ep; p++) {
-			if (isprint(*p))
-				printf("%c", *p & 0xff);
-			else
-				printf("\\%03o", *p & 0xff);
-		}
+			char *p, *ep;
+			printf("\n  str=\"");
+			p = (char *)(id + 1);
+			ep = p + len;
+			for (/*nothing*/; *p && p < ep; p++) {
+				if (isprint(*p))
+					printf("%c", *p & 0xff);
+				else
+					printf("\\%03o", *p & 0xff);
+			}
 #endif
-		printf("\"");
+			printf("\"");
+		}
+		break;
 	}
+
 	printf(" }\n");
 
 	return;
@@ -363,6 +378,25 @@ kdebug_sadb_key(ext)
 	return;
 }
 
+static void
+kdebug_sadb_x_sa2(ext)
+	struct sadb_ext *ext;
+{
+	struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext;
+
+	/* sanity check */
+	if (ext == NULL)
+		panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n");
+
+	printf("sadb_x_sa2{ mode=%u reqid=%u\n",
+	    sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid);
+	printf("  reserved1=%u reserved2=%u reserved3=%u }\n",
+	    sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved1,
+	    sa2->sadb_x_sa2_reserved1);
+
+	return;
+}
+
 void
 kdebug_sadb_x_policy(ext)
 	struct sadb_ext *ext;
@@ -374,9 +408,9 @@ kdebug_sadb_x_policy(ext)
 	if (ext == NULL)
 		panic("kdebug_sadb_x_policy: NULL pointer was passed.\n");
 
-	printf("sadb_x_policy{ type=%u dir=%u reserved=%x }\n",
+	printf("sadb_x_policy{ type=%u dir=%u id=%x }\n",
 		xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
-		xpl->sadb_x_policy_reserved);
+		xpl->sadb_x_policy_id);
 
 	if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
 		int tlen;
@@ -386,22 +420,33 @@ kdebug_sadb_x_policy(ext)
 		xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
 
 		while (tlen > 0) {
-			printf(" { len=%u proto=%u mode=%u level=%u\n",
+			printf(" { len=%u proto=%u mode=%u level=%u reqid=%u\n",
 				xisr->sadb_x_ipsecrequest_len,
 				xisr->sadb_x_ipsecrequest_proto,
 				xisr->sadb_x_ipsecrequest_mode,
-				xisr->sadb_x_ipsecrequest_level);
+				xisr->sadb_x_ipsecrequest_level,
+				xisr->sadb_x_ipsecrequest_reqid);
 
-			addr = (struct sockaddr *)(xisr + 1);
-			kdebug_sockaddr(addr);
-			addr = (struct sockaddr *)((caddr_t)addr + addr->sa_len);
-			kdebug_sockaddr(addr);
+			if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
+				addr = (struct sockaddr *)(xisr + 1);
+				kdebug_sockaddr(addr);
+				addr = (struct sockaddr *)((caddr_t)addr
+							+ addr->sa_len);
+				kdebug_sockaddr(addr);
+			}
 
 			printf(" }\n");
 
 			/* prevent infinite loop */
-			if (xisr->sadb_x_ipsecrequest_len <= 0)
-				panic("kdebug_sadb_x_policy: wrong policy struct.\n");
+			if (xisr->sadb_x_ipsecrequest_len <= 0) {
+				printf("kdebug_sadb_x_policy: wrong policy struct.\n");
+				return;
+			}
+			/* prevent overflow */
+			if (xisr->sadb_x_ipsecrequest_len > tlen) {
+				printf("invalid ipsec policy length\n");
+				return;
+			}
 
 			tlen -= xisr->sadb_x_ipsecrequest_len;
 
@@ -478,9 +523,11 @@ kdebug_secpolicyindex(spidx)
 	printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n",
 		spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto);
 
-	ipsec_hexdump((caddr_t)&spidx->src, spidx->src.ss_len);
+	ipsec_hexdump((caddr_t)&spidx->src,
+		((struct sockaddr *)&spidx->src)->sa_len);
 	printf("\n");
-	ipsec_hexdump((caddr_t)&spidx->dst, spidx->dst.ss_len);
+	ipsec_hexdump((caddr_t)&spidx->dst,
+		((struct sockaddr *)&spidx->dst)->sa_len);
 	printf("}\n");
 
 	return;
@@ -497,9 +544,11 @@ kdebug_secasindex(saidx)
 	printf("secasindex{ mode=%u proto=%u\n",
 		saidx->mode, saidx->proto);
 
-	ipsec_hexdump((caddr_t)&saidx->src, saidx->src.ss_len);
+	ipsec_hexdump((caddr_t)&saidx->src,
+		((struct sockaddr *)&saidx->src)->sa_len);
 	printf("\n");
-	ipsec_hexdump((caddr_t)&saidx->dst, saidx->dst.ss_len);
+	ipsec_hexdump((caddr_t)&saidx->dst,
+		((struct sockaddr *)&saidx->dst)->sa_len);
 	printf("\n");
 
 	return;
@@ -540,6 +589,10 @@ kdebug_secasv(sav)
 	if (sav->lft_s != NULL)
 		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_s);
 
+#if notyet
+	/* XXX: misc[123] ? */
+#endif
+
 	return;
 }
 
@@ -578,7 +631,7 @@ kdebug_mbufhdr(m)
 {
 	/* sanity check */
 	if (m == NULL)
-		panic("debug_mbufhdr: NULL pointer was passed.\n");
+		return;
 
 	printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
 	       "m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
@@ -589,12 +642,14 @@ kdebug_mbufhdr(m)
 		printf("  m_pkthdr{ len:%d rcvif:%p }\n",
 		    m->m_pkthdr.len, m->m_pkthdr.rcvif);
 	}
+
 	if (m->m_flags & M_EXT) {
 		printf("  m_ext{ ext_buf:%p ext_free:%p "
 		       "ext_size:%u ext_ref:%p }\n",
 			m->m_ext.ext_buf, m->m_ext.ext_free,
 			m->m_ext.ext_size, m->m_ext.ext_ref);
 	}
+
 	return;
 }
 
@@ -605,19 +660,20 @@ kdebug_mbuf(m0)
 	struct mbuf *m = m0;
 	int i, j;
 
-	kdebug_mbufhdr(m);
-	printf("  m_data=\n");
 	for (j = 0; m; m = m->m_next) {
+		kdebug_mbufhdr(m);
+		printf("  m_data:\n");
 		for (i = 0; i < m->m_len; i++) {
-			if (i != 0 && i % 32 == 0) printf("\n");
-			if (i % 4 == 0) printf(" ");
+			if (i && i % 32 == 0)
+				printf("\n");
+			if (i % 4 == 0)
+				printf(" ");
 			printf("%02x", mtod(m, u_char *)[i]);
 			j++;
 		}
+		printf("\n");
 	}
 
-	printf("\n");
-
 	return;
 }
 #endif /* _KERNEL */
@@ -626,31 +682,41 @@ void
 kdebug_sockaddr(addr)
 	struct sockaddr *addr;
 {
+	struct sockaddr_in *sin;
+#ifdef INET6
+	struct sockaddr_in6 *sin6;
+#endif
+
 	/* sanity check */
 	if (addr == NULL)
 		panic("kdebug_sockaddr: NULL pointer was passed.\n");
 
 	/* NOTE: We deal with port number as host byte order. */
-	printf("sockaddr{ len=%u family=%u port=%u\n",
-		addr->sa_len, addr->sa_family, ntohs(_INPORTBYSA(addr)));
+	printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family);
 
+	switch (addr->sa_family) {
+	case AF_INET:
+		sin = (struct sockaddr_in *)addr;
+		printf(" port=%u\n", ntohs(sin->sin_port));
+		ipsec_hexdump((caddr_t)&sin->sin_addr, sizeof(sin->sin_addr));
+		break;
 #ifdef INET6
-	if (addr->sa_family == PF_INET6) {
-		struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)addr;
+	case AF_INET6:
+		sin6 = (struct sockaddr_in6 *)addr;
+		printf(" port=%u\n", ntohs(sin6->sin6_port));
 		printf("  flowinfo=0x%08x, scope_id=0x%08x\n",
-		    in6->sin6_flowinfo, in6->sin6_scope_id);
-	}
+		    sin6->sin6_flowinfo, sin6->sin6_scope_id);
+		ipsec_hexdump((caddr_t)&sin6->sin6_addr,
+		    sizeof(sin6->sin6_addr));
+		break;
 #endif
-
-	ipsec_hexdump(_INADDRBYSA(addr), _INALENBYAF(addr->sa_family));
+	}
 
 	printf("  }\n");
 
 	return;
 }
 
-#endif /* !defined(_KERNEL) || (defined(_KERNEL) && defined(IPSEC_DEBUG)) */
-
 void
 ipsec_bindump(buf, len)
 	caddr_t buf;
@@ -677,7 +743,11 @@ ipsec_hexdump(buf, len)
 		if (i % 4 == 0) printf(" ");
 		printf("%02x", (unsigned char)buf[i]);
 	}
+#if 0
+	if (i % 32 != 0) printf("\n");
+#endif
 
 	return;
 }
 
+#endif /* !defined(_KERNEL) || (defined(_KERNEL) && defined(IPSEC_DEBUG)) */
author	itojun <itojun@FreeBSD.org>	2000-07-04 16:35:15 +0000
committer	itojun <itojun@FreeBSD.org>	2000-07-04 16:35:15 +0000
commit	5f4e854de19331a53788d6100bbcd42845056bc1 (patch)
tree	3ff8c876a5868b103fb8713055d83e29a3fa38d5 /sys/netkey/key_debug.c
parent	bdc16885232d771a99d7dfc247cd27a44cd061f9 (diff)
download	FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.zip FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.tar.gz