d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This is the `netkey' kernel key-management service (the PF_KEY analogue

Browse Source 
to PF_ROUTE) from NRL's IPv6 distribution, heavily modified by me for
better source layout, formatting, and textual conventions.  I am told
that this code is no longer under active development, but it's a useful
hack for those interested in doing work on network security, key management,
etc.  This code has only been tested twice, so it should be considered
highly experimental.

Obtained from: ftp.ripe.net
This commit is contained in:
wollman 1996-06-14 17:22:18 +00:00
parent 538b5f1d1a
commit c4e276cdda
7 changed files with 3446 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sys/conf/files
View File

@ -266,6 +266,7 @@ netipx/spx_usrreq.c optional ipx
#netiso/tuba_subr.c optional iso tuba
#netiso/tuba_table.c optional iso tuba
#netiso/tuba_usrreq.c optional iso tuba
netkey/key.c optional key
#netns/idp_usrreq.c optional ns
#netns/ns.c optional ns
#netns/ns_error.c optional ns

2270
sys/netkey/key.c Normal file
View File

File diff suppressed because it is too large Load Diff

284
sys/netkey/key.h Normal file
View File

@ -0,0 +1,284 @@
/*----------------------------------------------------------------------
* key.h : Declarations and Definitions for Key Engine for BSD.
*
* Copyright 1995 by Bao Phan, Randall Atkinson, & Dan McDonald,
* All Rights Reserved. All rights have been assigned to the US
* Naval Research Laboratory (NRL). The NRL Copyright Notice and
* License Agreement governs distribution and use of this software.
*
* Patents are pending on this technology. NRL grants a license
* to use this technology at no cost under the terms below with
* the additional requirement that software, hardware, and
* documentation relating to use of this technology must include
* the note that:
* This product includes technology developed at and
* licensed from the Information Technology Division,
* US Naval Research Laboratory.
*
----------------------------------------------------------------------*/
/*----------------------------------------------------------------------
# @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
COPYRIGHT NOTICE
All of the documentation and software included in this software
distribution from the US Naval Research Laboratory (NRL) are
copyrighted by their respective developers.
This software and documentation were developed at NRL by various
people. Those developers have each copyrighted the portions that they
developed at NRL and have assigned All Rights for those portions to
NRL. Outside the USA, NRL also has copyright on the software
developed at NRL. The affected files all contain specific copyright
notices and those notices must be retained in any derived work.
NRL LICENSE
NRL grants permission for redistribution and use in source and binary
forms, with or without modification, of the software and documentation
created at NRL provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed at the Information
Technology Division, US Naval Research Laboratory.
4. Neither the name of the NRL nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation
are those of the authors and should not be interpreted as representing
official policies, either expressed or implied, of the US Naval
Research Laboratory (NRL).
----------------------------------------------------------------------*/
#ifndef _netkey_key_h
#define _netkey_key_h 1
/*
* PF_KEY messages
*/
#define KEY_ADD 1
#define KEY_DELETE 2
#define KEY_UPDATE 3
#define KEY_GET 4
#define KEY_ACQUIRE 5
#define KEY_GETSPI 6
#define KEY_REGISTER 7
#define KEY_EXPIRE 8
#define KEY_DUMP 9
#define KEY_FLUSH 10
#define KEY_VERSION 1
#define POLICY_VERSION 1
#define SECURITY_TYPE_NONE 0
#define KEY_TYPE_AH 1
#define KEY_TYPE_ESP 2
#define KEY_TYPE_RSVP 3
#define KEY_TYPE_OSPF 4
#define KEY_TYPE_RIPV2 5
#define KEY_TYPE_MIPV4 6
#define KEY_TYPE_MIPV6 7
#define KEY_TYPE_MAX 7
/*
* Security association state
*/
#define K_USED 0x1 /* Key used/not used */
#define K_UNIQUE 0x2 /* Key unique/reusable */
#define K_LARVAL 0x4 /* SPI assigned, but sa incomplete */
#define K_ZOMBIE 0x8 /* sa expired but still useable */
#define K_DEAD 0x10 /* sa marked for deletion, ready for reaping */
#define K_INBOUND 0x20 /* sa for inbound packets, ie. dst=myhost */
#define K_OUTBOUND 0x40 /* sa for outbound packets, ie. src=myhost */
#ifndef MAX_SOCKADDR_SZ
#ifdef INET6
#define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in6))
#else /* INET6 */
#define MAX_SOCKADDR_SZ (sizeof(struct sockaddr_in))
#endif /* INET6 */
#endif /* MAX_SOCKADDR_SZ */
#ifndef MAX_KEY_SZ
#define MAX_KEY_SZ 16
#endif /* MAX_KEY_SZ */
#ifndef MAX_IV_SZ
#define MAX_IV_SZ 16
#endif /* MAX_IV_SZ */
/* Security association data for IP Security */
struct key_secassoc {
u_int8_t len; /* Length of the data (for radix) */
u_int8_t type; /* Type of association */
u_int8_t state; /* State of the association */
u_int8_t label; /* Sensitivity label (unused) */
u_int32_t spi; /* SPI */
u_int8_t keylen; /* Key length */
u_int8_t ivlen; /* Initialization vector length */
u_int8_t algorithm; /* Algorithm switch index */
u_int8_t lifetype; /* Type of lifetime */
caddr_t iv; /* Initialization vector */
caddr_t key; /* Key */
u_int32_t lifetime1; /* Lifetime value 1 */
u_int32_t lifetime2; /* Lifetime value 2 */
struct sockaddr *src; /* Source host address */
struct sockaddr *dst; /* Destination host address */
struct sockaddr *from; /* Originator of association */
};
/*
* Structure for key message header. PF_KEY message consists of key_msghdr
* followed by src struct sockaddr, dest struct sockaddr, from struct
* sockaddr, key, and iv. Assumes size of key message header less than MHLEN.
*/
struct key_msghdr {
u_short key_msglen; /* length of message including
* src/dst/from/key/iv */
u_char key_msgvers; /* key version number */
u_char key_msgtype; /* key message type, eg. KEY_ADD */
pid_t key_pid;/* process id of message sender */
int key_seq;/* message sequence number */
int key_errno; /* error code */
u_int8_t type; /* type of security association */
u_int8_t state; /* state of security association */
u_int8_t label; /* sensitivity level */
u_int8_t pad; /* padding for allignment */
u_int32_t spi; /* spi value */
u_int8_t keylen; /* key length */
u_int8_t ivlen; /* iv length */
u_int8_t algorithm; /* algorithm identifier */
u_int8_t lifetype; /* type of lifetime */
u_int32_t lifetime1; /* lifetime value 1 */
u_int32_t lifetime2; /* lifetime value 2 */
};
struct key_msgdata {
struct sockaddr *src; /* source host address */
struct sockaddr *dst; /* destination host address */
struct sockaddr *from; /* originator of security association */
caddr_t iv; /* initialization vector */
caddr_t key; /* key */
int ivlen; /* key length */
int keylen; /* iv length */
};
struct policy_msghdr {
u_short policy_msglen; /* message length */
u_char policy_msgvers; /* message version */
u_char policy_msgtype; /* message type */
int policy_seq; /* message sequence number */
int policy_errno; /* error code */
};
/*
* Key engine table structures
*/
struct socketlist {
struct socket *socket; /* pointer to socket */
struct socketlist *next;/* next */
};
struct key_tblnode {
int alloc_count; /* number of sockets allocated to
* secassoc */
int ref_count; /* number of sockets referencing
* secassoc */
struct socketlist *solist; /* list of sockets allocated to
* secassoc */
struct key_secassoc *secassoc; /* security association */
struct key_tblnode *next; /* next node */
};
struct key_allocnode {
struct key_tblnode *keynode;
struct key_allocnode *next;
};
struct key_so2spinode {
struct socket *socket; /* socket pointer */
struct key_tblnode *keynode; /* pointer to tblnode containing
* secassoc */
/* info for socket */
struct key_so2spinode *next;
};
struct key_registry {
u_int8_t type; /* secassoc type that key mgnt. daemon can
* acquire */
struct socket *socket; /* key management daemon socket pointer */
struct key_registry *next;
};
struct key_acquirelist {
u_int8_t type; /* secassoc type to acquire */
struct sockaddr *target;/* destination address of secassoc */
u_int32_t count; /* number of acquire messages sent */
u_long expiretime; /* expiration time for acquire
* message */
struct key_acquirelist *next;
};
struct keyso_cb {
int ip4_count; /* IPv4 */
#ifdef INET6
int ip6_count; /* IPv6 */
#endif /* INET6 */
int any_count; /* Sum of above counters */
};
#ifdef KERNEL
int key_inittables __P((void));
int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *,
struct key_msgdata *));
int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *,
struct key_msgdata *));
int key_add __P((struct key_secassoc *));
int key_delete __P((struct key_secassoc *));
int key_get __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
struct key_secassoc **));
void key_flush __P((void));
int key_dump __P((struct socket *));
int key_getspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
u_int32_t, u_int32_t *));
int key_update __P((struct key_secassoc *));
int key_register __P((struct socket *, u_int));
void key_unregister __P((struct socket *, u_int, int));
int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *));
int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t,
struct key_tblnode **));
int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *,
struct socket *, u_int, struct key_tblnode **));
void key_free __P((struct key_tblnode *));
int key_parse __P((struct key_msghdr ** km, struct socket * so, int *));
#endif /* KERNEL */
#endif /* _netkey_key_h */

730
sys/netkey/key_debug.c Normal file
View File

@ -0,0 +1,730 @@
/*
* in6_debug.c -- Insipired by Craig Metz's Net/2 in6_debug.c, but
* not quite as heavyweight (initially, anyway).
*
* The idea is to have globals here, and dump netinet6/ data structures.
*
* Copyright 1995 by Dan McDonald, Bao Phan, and Randall Atkinson,
* All Rights Reserved.
* All Rights under this copyright have been assigned to NRL.
*/
/*----------------------------------------------------------------------
# @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
COPYRIGHT NOTICE
All of the documentation and software included in this software
distribution from the US Naval Research Laboratory (NRL) are
copyrighted by their respective developers.
This software and documentation were developed at NRL by various
people. Those developers have each copyrighted the portions that they
developed at NRL and have assigned All Rights for those portions to
NRL. Outside the USA, NRL also has copyright on the software
developed at NRL. The affected files all contain specific copyright
notices and those notices must be retained in any derived work.
NRL LICENSE
NRL grants permission for redistribution and use in source and binary
forms, with or without modification, of the software and documentation
created at NRL provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed at the Information
Technology Division, US Naval Research Laboratory.
4. Neither the name of the NRL nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation
are those of the authors and should not be interpreted as representing
official policies, either expressed or implied, of the US Naval
Research Laboratory (NRL).
----------------------------------------------------------------------*/
#define INET6_DEBUG_C
#include <netkey/osdep_44bsd.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/mbuf.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#ifdef INET6
#include <netinet6/in6.h>
#include <netinet6/in6_var.h>
#include <netinet6/ipv6.h>
#include <netinet6/ipv6_var.h>
#include <netinet6/ipv6_icmp.h>
#else /* INET6 */
#if 0
#include "in6_types.h"
#endif
#endif /* INET6 */
#define SA_LEN 1
#define SIN_LEN 1
#ifdef KEY_DEBUG
#include <netkey/key.h>
#endif /* KEY_DEBUG */
#ifdef IPSEC_DEBUG
#include <netsec/ipsec.h>
#endif /* IPSEC_DEBUG */
#if 0
#include <netinet6/in6_debug.h>
#endif
#ifndef DEFARGS
#define DEFARGS(arglist, args) arglist args;
#define AND ;
#endif /* DEFARGS */
/*
* Globals
*/
/* The following should be sysctl-tweakable. */
unsigned int in6_debug_level = IDL_FINISHED + 1; /* 0 is no debugging */
/*
* Functions and macros.
*/
void in6_debug_init DEFARGS((), void)
{
/* For now, nothing. */
}
/*----------------------------------------------------------------------
* dump_* dumps various data structures. These should be called within
* the context of a DDO() macro. They assume address and port fields
* are in network order.
----------------------------------------------------------------------*/
#ifdef INET6
/*----------------------------------------------------------------------
* Dump an IPv6 address. Don't compress 0's out because of debugging.
----------------------------------------------------------------------*/
void dump_in_addr6 DEFARGS((in_addr6),
struct in_addr6 *in_addr6)
{
u_short *shorts = (u_short *)in_addr6;
int i = 0;
if (!in_addr6) {
printf("Dereference a NULL in_addr6? I don't think so.\n");
return;
}
printf("(conv. for printing) ");
while (i < 7)
printf("%4x:",htons(shorts[i++]));
printf("%4x\n",htons(shorts[7]));
}
#endif /* INET6 */
/*----------------------------------------------------------------------
* Dump and IPv4 address in x.x.x.x form.
----------------------------------------------------------------------*/
void dump_in_addr DEFARGS((in_addr),
struct in_addr *in_addr)
{
u_char *chars = (u_char *)in_addr;
int i = 0;
if (!in_addr) {
printf("Dereference a NULL in_addr? I don't think so.\n");
return;
}
while (i < 3)
printf("%d.",chars[i++]);
printf("%d\n",chars[3]);
}
#ifdef INET6
/*----------------------------------------------------------------------
* Dump an IPv6 socket address.
----------------------------------------------------------------------*/
void dump_sockaddr_in6 DEFARGS((sin6),
struct sockaddr_in6 *sin6)
{
if (!sin6) {
printf("Dereference a NULL sockaddr_in6? I don't think so.\n");
return;
}
printf("sin6_len = %d, sin6_family = %d, sin6_port = %d (0x%x)\n",
sin6->sin6_len,sin6->sin6_family, htons(sin6->sin6_port),
htons(sin6->sin6_port));
printf("sin6_flowinfo = 0x%x\n",sin6->sin6_flowinfo);
printf("sin6_addr = ");
dump_in_addr6(&sin6->sin6_addr);
}
#endif /* INET6 */
/*----------------------------------------------------------------------
* Dump an IPv4 socket address.
----------------------------------------------------------------------*/
void dump_sockaddr_in DEFARGS((sin),
struct sockaddr_in *sin)
{
int i;
if (!sin) {
printf("Dereference a NULL sockaddr_in? I don't think so.\n");
return;
}
#ifdef SIN_LEN
printf("sin_len = %d, ", sin->sin_len);
#endif /* SIN_LEN */
printf("sin_family = %d, sin_port (conv.) = %d (0x%x)\n",
sin->sin_family, htons(sin->sin_port),
htons(sin->sin_port));
printf("sin_addr = ");
dump_in_addr(&sin->sin_addr);
printf("sin_zero == ");
for(i=0;i<8;i++)
printf("0x%2x ",sin->sin_zero[i]);
printf("\n");
}
/*----------------------------------------------------------------------
* Dump a generic socket address. Use if no family-specific routine is
* available.
----------------------------------------------------------------------*/
void dump_sockaddr DEFARGS((sa),
SOCKADDR *sa)
{
if (!sa) {
printf("Dereference a NULL sockaddr? I don't think so.\n");
return;
}
#ifdef SA_LEN
printf("sa_len = %d, ", sa->sa_len);
#endif /* SA_LEN */
printf("sa_family = %d", sa->sa_family);
#ifdef SA_LEN
printf(", remaining bytes are:\n");
{
int i;
for (i = 0; i <sa->sa_len - 2; i++)
printf("0x%2x ",(unsigned char)sa->sa_data[i]);
}
#endif /* SA_LEN */
printf("\n");
}
/*----------------------------------------------------------------------
* Dump a link-layer socket address. (Not that there are user-level link
* layer sockets, but there are plenty of link-layer addresses in the kernel.)
----------------------------------------------------------------------*/
void dump_sockaddr_dl DEFARGS((sdl),
struct sockaddr_dl *sdl)
{
char buf[256];
if (!sdl) {
printf("Dereference a NULL sockaddr_dl? I don't think so.\n");
return;
}
printf("sdl_len = %d, sdl_family = %d, sdl_index = %d, sdl_type = %d,\n",
sdl->sdl_len, sdl->sdl_family, sdl->sdl_index, sdl->sdl_type);
buf[sdl->sdl_nlen] = 0;
if (sdl->sdl_nlen)
bcopy(sdl->sdl_data,buf,sdl->sdl_nlen);
printf("sdl_nlen = %d, (name = '%s'\n",sdl->sdl_nlen,buf);
printf("sdl_alen = %d, ",sdl->sdl_alen);
if (sdl->sdl_alen)
{
int i;
printf("(addr = ");
for (i = 0; i<sdl->sdl_alen; i++)
printf("0x%2x ",(unsigned char)sdl->sdl_data[i+sdl->sdl_nlen]);
}
printf("\n");
printf("sdl_slen = %d, ",sdl->sdl_slen);
if (sdl->sdl_slen)
{
int i;
printf("(addr = ");
for (i = 0; i<sdl->sdl_slen; i++)
printf("0x%2x ",
(unsigned char)sdl->sdl_data[i+sdl->sdl_nlen+sdl->sdl_alen]);
}
printf("\n");
}
/*----------------------------------------------------------------------
* Dump a socket address, calling a family-specific routine if available.
----------------------------------------------------------------------*/
void dump_smart_sockaddr DEFARGS((sa),
SOCKADDR *sa)
{
DPRINTF(IDL_MAJOR_EVENT, ("Entering dump_smart_sockaddr\n"));
if (!sa) {
printf("Dereference a NULL sockaddr? I don't think so.\n");
return;
}
switch (sa->sa_family)
{
#ifdef INET6
case AF_INET6:
dump_sockaddr_in6((struct sockaddr_in6 *)sa);
break;
#endif /* INET6 */
case AF_INET:
dump_sockaddr_in((struct sockaddr_in *)sa);
break;
case AF_LINK:
dump_sockaddr_dl((struct sockaddr_dl *)sa);
break;
default:
dump_sockaddr(sa);
break;
}
}
#ifdef INET6
/*----------------------------------------------------------------------
* Dump an IPv6 header.
----------------------------------------------------------------------*/
void dump_ipv6 DEFARGS((ipv6),
struct ipv6 *ipv6)
{
if (!ipv6) {
printf("Dereference a NULL ipv6? I don't think so.\n");
return;
}
printf("Vers & flow label (conv to host order) 0x%x\n",
htonl(ipv6->ipv6_versfl));
printf("Length (conv) = %d, nexthdr = %d, hoplimit = %d.\n",
htons(ipv6->ipv6_length),ipv6->ipv6_nexthdr,ipv6->ipv6_hoplimit);
printf("Src: ");
dump_in_addr6(&ipv6->ipv6_src);
printf("Dst: ");
dump_in_addr6(&ipv6->ipv6_dst);
}
/*----------------------------------------------------------------------
* Dump an ICMPv6 header. This function is not very smart beyond the
* type, code, and checksum.
----------------------------------------------------------------------*/
dump_ipv6_icmp DEFARGS((icp),
struct ipv6_icmp *icp)
{
int i;
if (!icp) {
printf("Dereference a NULL ipv6_icmp? I don't think so.\n");
return;
}
printf("type %d, code %d, cksum (conv) = 0x%x\n",icp->icmp_type,
icp->icmp_code,htons(icp->icmp_cksum));
printf("First four bytes: 0x%x",htonl(icp->icmp_unused));
printf("Next four bytes: 0x");
for (i=0;i<4;i++)
printf("%x",icp->icmp_echodata[i]);
printf("\n");
}
#endif /* INET6 */
/*----------------------------------------------------------------------
* Dump only the header fields of a single mbuf.
----------------------------------------------------------------------*/
void dump_mbuf_hdr DEFARGS((m),
struct mbuf *m)
{
if (!m) {
printf("Dereference a NULL mbuf? I don't think so.\n");
return;
}
printf("Single mbuf at %08x\n", m);
printf("m_len = %d, m_data = 0x%x, m_type = %d\n",m->m_len,
m->m_data, m->m_type);
printf("m_flags = 0x%x ",m->m_flags);
if (m->m_flags & M_PKTHDR)
printf("m_pkthdr.len = %d, m_pkthdr.rcvif = 0x%x",m->m_pkthdr.len,
m->m_pkthdr.rcvif);
if (m->m_flags & M_EXT)
printf(" (IS CLUSTER MBUF)");
printf("\nm_next = 0x%x m_nextpkt = 0x%x\n",m->m_next, m->m_nextpkt);
}
/*----------------------------------------------------------------------
* Dump the entire contents of a single mbuf.
----------------------------------------------------------------------*/
void dump_mbuf DEFARGS((m),
struct mbuf *m)
{
int i;
dump_mbuf_hdr(m);
printf("m_data:\n");
for (i = 0; i < m->m_len; i++)
printf("0x%2x%s",(unsigned char)m->m_data[i] , ((i+1) % 16)?" ":"\n");
printf((i % 16)?"\n":"");
}
/*----------------------------------------------------------------------
* Dump the contents of an mbuf chain. (WARNING: Lots of text may
* result.
----------------------------------------------------------------------*/
void dump_mchain DEFARGS((m),
struct mbuf *m)
{
struct mbuf *walker;
int i;
for (walker = m, i = 0; walker != NULL && (i < 10);
walker = walker->m_next, i++)
dump_mbuf(walker);
}
/*----------------------------------------------------------------------
* Dump an mbuf chain's data in a format similar to tcpdump(8).
----------------------------------------------------------------------*/
void dump_tcpdump DEFARGS((m),
struct mbuf *m)
{
struct mbuf *walker;
int i, j, count;
for (i = count = 0; m && (i < 10); m = m->m_next, i++) {
for (j = 0; j < m->m_len; j++, count++) {
if (!(count % (2 * 8)))
printf("\n\t\t\t");
if (!(count % 2))
printf(" ");
printf("%02x", (u_int8)(m->m_data[j]));
}
}
}
#ifdef INET6
/*----------------------------------------------------------------------
* Dump an IPv6 header index table, which is terminated by an entry with
* a NULL mbuf pointer.
----------------------------------------------------------------------*/
void dump_ihitab DEFARGS((ihi),
struct in6_hdrindex *ihi)
{
int i=0;
if (!ihi) {
printf("Dereference a NULL hdrindex/ihi? I don't think so.\n");
return;
}
/* This is dangerous, make sure ihitab was bzeroed. */
while (ihi[i].ihi_mbuf)
{
printf("ihi_nexthdr = %d, ihi_mbuf = 0x%x.\n",ihi[i].ihi_nexthdr,
ihi[i].ihi_mbuf);
i++;
}
}
#endif /* INET6 */
/*----------------------------------------------------------------------
* Dump an interface address.
----------------------------------------------------------------------*/
void dump_ifa DEFARGS((ifa),
struct ifaddr *ifa)
{
if (ifa == NULL)
{
printf("ifa of NULL.\n");
return;
}
printf("ifa_addr: ");
dump_smart_sockaddr(ifa->ifa_addr);
printf("ifa_netmask: ");
dump_smart_sockaddr(ifa->ifa_netmask);
}
/*----------------------------------------------------------------------
* Dump an interface structure.
----------------------------------------------------------------------*/
void dump_ifp DEFARGS((ifp),
struct ifnet *ifp)
{
if (!ifp) {
printf("Dereference a NULL ifnet/ifp? I don't think so.\n");
return;
}
printf("Interface name: %s.\n",ifp->if_name);
printf("Interface type: %d. ",ifp->if_type);
printf("MTU: %d.\n",ifp->if_mtu);
}
/*----------------------------------------------------------------------
* Dump a route structure (sockaddr/rtentry pair).
----------------------------------------------------------------------*/
void dump_route DEFARGS((ro),
struct route *ro)
{
if (!ro) {
printf("Dereference a NULL route? I don't think so.\n");
return;
}
printf("ro_rt = 0x%x, ro_dst is:\n",ro->ro_rt);
dump_smart_sockaddr(&ro->ro_dst);
}
/*----------------------------------------------------------------------
* Dump a routing entry.
----------------------------------------------------------------------*/
void dump_rtentry DEFARGS((rt),
struct rtentry *rt)
{
if (!rt) {
printf("Dereference a NULL rtentry? I don't think so.\n");
return;
}
printf("rt_key is:\n");
dump_smart_sockaddr(rt_key(rt));
printf("rt_mask is:\n");
dump_smart_sockaddr(rt_mask(rt));
printf("rt_llinfo = 0x%x ",rt->rt_llinfo);
printf("rt_rmx.rmx_mtu = %d ",rt->rt_rmx.rmx_mtu);
printf("rt_refcnt = %d ",rt->rt_refcnt);
printf("rt_flags = 0x%x\n",rt->rt_flags);
printf("rt_ifp is:\n");
dump_ifp(rt->rt_ifp);
printf("rt_ifa is:\n");
dump_ifa(rt->rt_ifa);
}
/*----------------------------------------------------------------------
* Dump an Internet (v4/v6) protocol control block.
----------------------------------------------------------------------*/
void dump_inpcb DEFARGS((inp),
struct inpcb *inp)
{
if (!inp) {
printf("Dereference a NULL inpcb? I don't think so.\n");
return;
}
printf("inp_next = 0x%x, inp_prev = 0x%x, inp_head = 0x%x.\n",inp->inp_next,
inp->inp_prev, inp->inp_head);
printf("inp_socket = 0x%x, inp_ppcb\n",inp->inp_socket,inp->inp_ppcb);
#ifdef INET6
printf("faddr, faddr6:\n");
dump_in_addr(&inp->inp_faddr); dump_in_addr6(&inp->inp_faddr6);
printf("laddr, laddr6:\n");
dump_in_addr(&inp->inp_laddr); dump_in_addr6(&inp->inp_laddr6);
#else /* INET6 */
printf("faddr:\n");
dump_in_addr(&inp->inp_faddr);
printf("laddr:\n");
dump_in_addr(&inp->inp_laddr);
#endif /* INET6 */
printf("inp_route: ");
dump_route(&inp->inp_route);
#ifdef INET6
printf("inp_ipv6:");
dump_ipv6(&inp->inp_ipv6);
#endif /* INET6 */
printf("inp_ip:");
printf("<Coming soon.>\n");
printf("inp_options = 0x%x, inp_moptions{6,} = 0x%x,\n",inp->inp_options,
inp->inp_moptions);
printf("inp_flags = 0x%x, inp_fport = %d, inp_lport = %d.\n",
(unsigned)inp->inp_flags,inp->inp_fport, inp->inp_lport);
}
#ifdef INET6
/*----------------------------------------------------------------------
* Dump an IPv6 discovery queue structure.
----------------------------------------------------------------------*/
void dump_discq DEFARGS((dq),
struct discq *dq)
{
if (!dq) {
printf("Dereference a NULL discq? I don't think so.\n");
return;
}
printf("dq_next = 0x%x, dq_prev = 0x%x, dq_rt = 0x%x,\n",dq->dq_next,
dq->dq_prev, dq->dq_rt);
printf("dq_queue = 0x%x.\n",dq->dq_queue);
/* Dump first mbuf chain? */
/*printf("dq_expire = %d (0x%x).\n",dq->dq_expire,dq->dq_expire);*/
}
#endif /* INET6 */
/*----------------------------------------------------------------------
* Dump a data buffer
----------------------------------------------------------------------*/
void dump_buf DEFARGS((buf, len),
char *buf AND
int len)
{
int i;
printf("buf=0x%x len=%d:\n", (unsigned int)buf, len);
for (i = 0; i < len; i++) {
printf("0x%x ", (u_int8)*(buf+i));
}
printf("\n");
}
/*----------------------------------------------------------------------
* Dump a key_tblnode structrue
----------------------------------------------------------------------*/
void dump_keytblnode DEFARGS((ktblnode),
struct key_tblnode *ktblnode)
{
if (!ktblnode) {
printf("NULL key table node pointer!\n");
return;
}
printf("solist=0x%x ", (unsigned int)ktblnode->solist);
printf("secassoc=0x%x ", (unsigned int)ktblnode->secassoc);
printf("next=0x%x\n", (unsigned int)ktblnode->next);
}
/*----------------------------------------------------------------------
* Dump an ipsec_assoc structure
----------------------------------------------------------------------*/
void dump_secassoc DEFARGS((seca),
struct key_secassoc *seca)
{
u_int8 *p;
int i;
if (seca) {
printf("secassoc_len=%u ", seca->len);
printf("secassoc_type=%d ", seca->type);
printf("secassoc_state=0x%x\n", seca->state);
printf("secassoc_label=%u ", seca->label);
printf("secassoc_spi=0x%x ", (unsigned int)seca->spi);
printf("secassoc_keylen=%u\n", seca->keylen);
printf("secassoc_ivlen=%u ", seca->ivlen);
printf("secassoc_algorithm=%u ", seca->algorithm);
printf("secassoc_lifetype=%u\n", seca->lifetype);
printf("secassoc_iv=0x%x:\n", (unsigned int)seca->iv);
p = (u_int8 *)(seca->iv);
for (i = 0 ; i < seca->ivlen; i++)
printf("0x%x ", *(p + i));
printf("secassoc_key=0x%x:\n", (unsigned int)seca->key);
p = (u_int8 *)(seca->key);
for (i = 0 ; i < seca->keylen; i++)
printf("0x%x ", *(p + i));
printf("secassoc_lifetime1=%u ", (unsigned int)seca->lifetime1);
printf("secassoc_lifetime2=%u\n", (unsigned int)seca->lifetime2);
dump_smart_sockaddr(seca->src);
dump_smart_sockaddr(seca->dst);
dump_smart_sockaddr(seca->from);
} else
printf("can't dump null secassoc pointer!\n");
}
/*----------------------------------------------------------------------
* Dump a key_msghdr structure
----------------------------------------------------------------------*/
void dump_keymsghdr DEFARGS((km),
struct key_msghdr *km)
{
if (km) {
printf("key_msglen=%d\n", km->key_msglen);
printf("key_msgvers=%d\n", km->key_msgvers);
printf("key_msgtype=%d\n", km->key_msgtype);
printf("key_pid=%d\n", km->key_pid);
printf("key_seq=%d\n", km->key_seq);
printf("key_errno=%d\n", km->key_errno);
printf("type=0x%x\n", (unsigned int)km->type);
printf("state=0x%x\n", (unsigned int)km->state);
printf("label=0x%x\n", (unsigned int)km->label);
printf("spi=0x%x\n", (unsigned int)km->spi);
printf("keylen=%d\n", km->keylen);
printf("ivlen=%d\n", km->ivlen);
printf("algorithm=%d\n", km->algorithm);
printf("lifetype=0x%x\n", (unsigned int)km->lifetype);
printf("lifetime1=%u\n", (unsigned int)km->lifetime1);
printf("lifetime2=%u\n", (unsigned int)km->lifetime2);
} else
printf("key_msghdr pointer is NULL!\n");
}
/*----------------------------------------------------------------------
* Dump a key_msgdata structure
----------------------------------------------------------------------*/
void dump_keymsginfo DEFARGS((kp),
struct key_msgdata *kp)
{
int i;
if (kp) {
printf("src addr:\n");
dump_smart_sockaddr(kp->src);
printf("dest addr:\n");
dump_smart_sockaddr(kp->dst);
printf("from addr:\n");
dump_smart_sockaddr(kp->from);
#define dumpbuf(a, b) \
{ for (i= 0; i < (b); i++) \
printf("0x%2x%s", (unsigned char)(*((caddr_t)a+i)),((i+1)%16)?" ":"\n");\
printf("\n"); }
printf("iv is:\n");
dumpbuf(kp->iv, kp->ivlen);
printf("key is:\n");
dumpbuf(kp->key, kp->keylen);
#undef dumpbuf
} else
printf("key_msgdata point is NULL!\n");
}

151
sys/netkey/key_debug.h Normal file
View File

@ -0,0 +1,151 @@
/*
* in6_debug.h -- Insipired by Craig Metz's Net/2 in6_debug.h, but
* not quite as heavyweight (initially, anyway).
*
* In particular, if function exit-entries are to be
* documented, do them in a lightweight fashion.
*
* Copyright 1995 by Dan McDonald, Bao Phan, and Randall Atkinson,
* All Rights Reserved.
* All Rights under this copyright have been assigned to NRL.
*/
/*----------------------------------------------------------------------
# @(#)COPYRIGHT 1.1a (NRL) 17 August 1995
COPYRIGHT NOTICE
All of the documentation and software included in this software
distribution from the US Naval Research Laboratory (NRL) are
copyrighted by their respective developers.
This software and documentation were developed at NRL by various
people. Those developers have each copyrighted the portions that they
developed at NRL and have assigned All Rights for those portions to
NRL. Outside the USA, NRL also has copyright on the software
developed at NRL. The affected files all contain specific copyright
notices and those notices must be retained in any derived work.
NRL LICENSE
NRL grants permission for redistribution and use in source and binary
forms, with or without modification, of the software and documentation
created at NRL provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed at the Information
Technology Division, US Naval Research Laboratory.
4. Neither the name of the NRL nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The views and conclusions contained in the software and documentation
are those of the authors and should not be interpreted as representing
official policies, either expressed or implied, of the US Naval
Research Laboratory (NRL).
----------------------------------------------------------------------*/
/* IDL_* is IPv6 Debug Level */
#define IDL_ALL 0xFFFFFFFE /* Report all messages. */
#define IDL_NONE 0 /* Report no messages. */
#define IDL_CRITICAL 3
#define IDL_ERROR 7
#define IDL_MAJOR_EVENT 10
#define IDL_EVENT 15
#define IDL_GROSS_EVENT 20
#define IDL_FINISHED 0xFFFFFFF0
/*
* Make sure argument for DPRINTF is in parentheses.
*
* For both DPRINTF and DDO, and attempt was made to make both macros
* be usable as normal C statments. There is a small amount of compiler
* trickery (if-else clauses with effectively null statements), which may
* cause a few compilers to complain.
*/
#ifdef INET6_DEBUG
/*
* DPRINTF() is a general printf statement. The "arg" is literally what
* would follow the function name printf, which means it has to be in
* parenthesis. Unlimited arguments can be used this way.
*
* EXAMPLE:
* DPRINTF(IDL_MAJOR_EVENT,("Hello, world. IP version %d.\n",vers));
*/
#define DPRINTF(lev,arg) if ((lev) < in6_debug_level) { \
printf arg; \
} \
else in6_debug_level = in6_debug_level
/*
* DDO() executes a series of statements at a certain debug level. The
* "stmt" argument is a statement in the sense of a "statement list" in a
* C grammar. "stmt" does not have to end with a semicolon.
*
* EXAMPLE:
* DDO(IDL_CRITICAL,dump_ipv6(header), dump_inpcb(inp));
*/
#define DDO(lev,stmt) if ((lev) < in6_debug_level) { stmt ; } \
else in6_debug_level = in6_debug_level
/*
* DP() is a shortcut for DPRINTF(). Basically:
*
* DP(lev, var, fmt) == DPRINTF(IDL_lev, ("var = %fmt\n", var))
*
* It is handy for printing single variables without a lot of typing.
*
* EXAMPLE:
*
* DP(CRITICAL,length,d);
* same as DPRINTF(IDL_CRITICAL, ("length = %d\n", length))
*/
#define DP(lev, var, fmt) DPRINTF(IDL_ ## lev, (#var " = %" #fmt "\n", var))
#ifndef SOCKADDR
#define SOCKADDR struct sockaddr
#endif /* SOCKADDR */
void dump_buf __P((char *, int));
void dump_sockaddr __P((SOCKADDR *));
void dump_smart_sockaddr __P((SOCKADDR *));
void dump_keytblnode __P((struct key_tblnode *));
void dump_secassoc __P((struct key_secassoc *));
void dump_keymsghdr __P((struct key_msghdr *));
#else /* ! INET6_DEBUG */
#define DPRINTF(lev,arg)
#define DDO(lev, stmt)
#define DP(x, y, z)
#endif /* INET6_DEBUG */
#ifndef INET6_DEBUG_C
extern unsigned int in6_debug_level;
#endif

6
sys/sys/malloc.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)malloc.h 8.5 (Berkeley) 5/3/95
* $Id: malloc.h,v 1.12 1996/03/11 02:08:50 hsu Exp $
* $Id: malloc.h,v 1.13 1996/05/02 14:21:02 phk Exp $
*/
#ifndef _SYS_MALLOC_H_
@ -125,7 +125,8 @@
#define M_DEVL 78 /* isa_device lists in userconfig() */
#define M_PKTCLASS 79 /* structures used in packet classifier */
#define M_SYSCTL 80 /* sysctl internal magic */
#define M_LAST 81 /* Must be last type + 1 */
#define M_SECA 81 /* security associations, key management */
#define M_LAST 82 /* Must be last type + 1 */
#define INITKMEMNAMES { \
"free", /* 0 M_FREE */ \
@ -206,6 +207,7 @@
"isa_devlist", /* 78 M_DEVL */ \
"PktClass", /* 79 M_PKTCLASS */ \
"sysctl", /* 80 M_SYSCTL */ \
"key mgmt", /* 81 M_SECA */ \
}
struct kmemstats {

8
sys/sys/socket.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)socket.h 8.4 (Berkeley) 2/21/94
* $Id: socket.h,v 1.10 1996/02/07 16:19:02 wollman Exp $
* $Id: socket.h,v 1.11 1996/05/09 20:15:21 wollman Exp $
*/
#ifndef _SYS_SOCKET_H_
@ -124,8 +124,9 @@ struct linger {
#define pseudo_AF_PIP 25 /* Help Identify PIP packets */
#define AF_ISDN 26 /* Integrated Services Digital Network*/
#define AF_E164 AF_ISDN /* CCITT E.164 recommendation */
#define pseudo_AF_KEY 27 /* Internal key-management function */
#define AF_MAX 27
#define AF_MAX 28
/*
* Structure used by kernel to store most
@ -178,6 +179,7 @@ struct sockproto {
#define PF_RTIP pseudo_AF_FTIP /* same format as AF_INET */
#define PF_PIP pseudo_AF_PIP
#define PF_ISDN AF_ISDN
#define PF_KEY AF_KEY
#define PF_MAX AF_MAX
@ -218,6 +220,8 @@ struct sockproto {
{ "ipx", CTLTYPE_NODE }, \
{ "sip", CTLTYPE_NODE }, \
{ "pip", CTLTYPE_NODE }, \
{ "isdn", CTLTYPE_NODE }, \
{ "key", CTLTYPE_NODE }, \
}
/*