cosmetic fixes:

- __func__ in printfs
	- no space after sizeof
	- eliminate useless casts
	- u_intX_t -> uintX_t
This commit is contained in:
christos 2017-04-15 22:01:57 +00:00
parent 0c8a82569b
commit 3d6520b363
4 changed files with 282 additions and 281 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $ */
/* $NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -94,7 +94,7 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $
*/
#define HDRSIZE(sav) \
(((sav)->flags & SADB_X_EXT_OLD) ? \
sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
sizeof(struct ah) : sizeof(struct ah) + sizeof(uint32_t))
/*
* Return authenticator size in bytes. The old protocol is known
* to use a fixed 16-byte authenticator. The new algorithm gets
@ -121,8 +121,8 @@ SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS,
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
static int ah_input_cb(struct cryptop *);
static int ah_output_cb(struct cryptop *);
const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
@ -169,10 +169,10 @@ ah_hdrsiz(const struct secasvar *sav)
("%s: null xform", __func__));
/*XXX not right for null algorithm--does it matter??*/
authsize = AUTHSIZE(sav);
size = roundup(authsize, sizeof (u_int32_t)) + HDRSIZE(sav);
size = roundup(authsize, sizeof(uint32_t)) + HDRSIZE(sav);
} else {
/* default guess */
size = sizeof (struct ah) + sizeof (u_int32_t) + 16;
size = sizeof(struct ah) + sizeof(uint32_t) + 16;
}
return size;
}
@ -223,7 +223,7 @@ ah_init0(struct secasvar *sav, const struct xformsw *xsp,
sav->tdb_authalgxform = thash;
/* Initialize crypto session. */
memset(cria, 0, sizeof (*cria));
memset(cria, 0, sizeof(*cria));
cria->cri_alg = sav->tdb_authalgxform->type;
cria->cri_klen = _KEYBITS(sav->key_auth);
cria->cri_key = _KEYBUF(sav->key_auth);
@ -284,6 +284,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
#ifdef INET6
struct ip6_ext *ip6e;
struct ip6_hdr ip6;
struct ip6_rthdr *rh;
int alloc, ad, nxt;
#endif /* INET6 */
@ -325,7 +326,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
#define TOHOST(x) (ntohs(x))
#endif
if (!out) {
u_int16_t inlen = TOHOST(ip->ip_len);
uint16_t inlen = TOHOST(ip->ip_len);
#ifdef __FreeBSD__
ip->ip_len = htons(inlen + skip);
@ -408,9 +409,10 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
* will look like.
*/
if (out)
bcopy(ptr + off + ptr[off + 1] -
memcpy(&ip->ip_dst,
ptr + off + ptr[off + 1] -
sizeof(struct in_addr),
&(ip->ip_dst), sizeof(struct in_addr));
sizeof(struct in_addr));
/* Fall through */
default:
@ -472,8 +474,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
/* Let's deal with the remaining headers (if any). */
if (skip - sizeof(struct ip6_hdr) > 0) {
if (m->m_len <= skip) {
ptr = (unsigned char *) malloc(
skip - sizeof(struct ip6_hdr),
ptr = malloc(skip - sizeof(struct ip6_hdr),
M_XDATA, M_NOWAIT);
if (ptr == NULL) {
DPRINTF(("%s: failed to allocate "
@ -561,48 +562,44 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
* Always include routing headers in
* computation.
*/
{
struct ip6_rthdr *rh;
ip6e = (struct ip6_ext *) (ptr + off);
rh = (struct ip6_rthdr *)(ptr + off);
/*
* must adjust content to make it look like
* its final form (as seen at the final
* destination).
* we only know how to massage type 0 routing
* header.
*/
if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
struct ip6_rthdr0 *rh0;
struct in6_addr *addr, finaldst;
int i;
ip6e = (struct ip6_ext *) (ptr + off);
rh = (struct ip6_rthdr *)(ptr + off);
/*
* must adjust content to make it look like
* its final form (as seen at the final
* destination).
* we only know how to massage type 0 routing
* header.
*/
if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
struct ip6_rthdr0 *rh0;
struct in6_addr *addr, finaldst;
int i;
rh0 = (struct ip6_rthdr0 *)rh;
addr = (struct in6_addr *)(rh0 + 1);
rh0 = (struct ip6_rthdr0 *)rh;
addr = (struct in6_addr *)(rh0 + 1);
for (i = 0; i < rh0->ip6r0_segleft; i++)
in6_clearscope(&addr[i]);
for (i = 0; i < rh0->ip6r0_segleft; i++)
in6_clearscope(&addr[i]);
finaldst = addr[rh0->ip6r0_segleft - 1];
memmove(&addr[1], &addr[0],
sizeof(struct in6_addr) *
(rh0->ip6r0_segleft - 1));
finaldst = addr[rh0->ip6r0_segleft - 1];
memmove(&addr[1], &addr[0],
sizeof(struct in6_addr) *
(rh0->ip6r0_segleft - 1));
m_copydata(m, 0, sizeof(ip6), &ip6);
addr[0] = ip6.ip6_dst;
ip6.ip6_dst = finaldst;
m_copyback(m, 0, sizeof(ip6), &ip6);
m_copydata(m, 0, sizeof(ip6), &ip6);
addr[0] = ip6.ip6_dst;
ip6.ip6_dst = finaldst;
m_copyback(m, 0, sizeof(ip6), &ip6);
rh0->ip6r0_segleft = 0;
}
/* advance */
off += ((ip6e->ip6e_len + 1) << 3);
nxt = ip6e->ip6e_nxt;
break;
rh0->ip6r0_segleft = 0;
}
/* advance */
off += ((ip6e->ip6e_len + 1) << 3);
nxt = ip6e->ip6e_nxt;
break;
default:
DPRINTF(("%s: unexpected IPv6 header type %d\n",
__func__, off));
@ -643,7 +640,7 @@ ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
struct cryptodesc *crda;
struct cryptop *crp;
IPSEC_SPLASSERT_SOFTNET("ah_input");
IPSEC_SPLASSERT_SOFTNET(__func__);
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
IPSEC_ASSERT(sav->key_auth != NULL,
@ -673,13 +670,13 @@ ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
}
/* Verify AH header length. */
hl = ah->ah_len * sizeof (u_int32_t);
hl = ah->ah_len * sizeof(uint32_t);
ahx = sav->tdb_authalgxform;
authsize = AUTHSIZE(sav);
if (hl != authsize + rplen - sizeof (struct ah)) {
if (hl != authsize + rplen - sizeof(struct ah)) {
DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
" for packet in SA %s/%08lx\n", __func__,
hl, (u_long) (authsize + rplen - sizeof (struct ah)),
hl, (u_long) (authsize + rplen - sizeof(struct ah)),
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
@ -717,7 +714,7 @@ ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
if (tdbi->proto == sav->sah->saidx.proto &&
tdbi->spi == sav->spi &&
!memcmp(&tdbi->dst, &sav->sah->saidx.dst,
sizeof (union sockaddr_union)))
sizeof(union sockaddr_union)))
break;
}
@ -822,20 +819,20 @@ ah_input_cb(struct cryptop *crp)
struct m_tag *mtag;
struct secasvar *sav;
struct secasindex *saidx;
u_int8_t nxt;
uint8_t nxt;
char *ptr;
int s, authsize;
u_int16_t dport;
u_int16_t sport;
uint16_t dport;
uint16_t sport;
tc = (struct tdb_crypto *) crp->crp_opaque;
tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
__func__));
skip = tc->tc_skip;
nxt = tc->tc_nxt;
protoff = tc->tc_protoff;
mtag = (struct m_tag *) tc->tc_ptr;
m = (struct mbuf *) crp->crp_buf;
mtag = tc->tc_ptr;
m = crp->crp_buf;
/* find the source port for NAT-T */
@ -902,8 +899,8 @@ ah_input_cb(struct cryptop *crp)
* it has been verified by an IPsec-aware NIC.
*/
if (mtag == NULL) {
ptr = (char *) (tc + 1);
const u_int8_t *pppp = ptr + skip + rplen;
ptr = (char *)(tc + 1);
const uint8_t *pppp = ptr + skip + rplen;
/* Verify authenticator. */
if (!consttime_memequal(pppp, calc, authsize)) {
@ -928,13 +925,13 @@ ah_input_cb(struct cryptop *crp)
}
/* Fix the Next Protocol field. */
((u_int8_t *) ptr)[protoff] = nxt;
ptr[protoff] = nxt;
/* Copyback the saved (uncooked) network headers. */
m_copyback(m, 0, skip, ptr);
} else {
/* Fix the Next Protocol field. */
m_copyback(m, protoff, sizeof(u_int8_t), &nxt);
m_copyback(m, protoff, sizeof(uint8_t), &nxt);
}
free(tc, M_XDATA), tc = NULL; /* No longer needed */
@ -948,10 +945,10 @@ ah_input_cb(struct cryptop *crp)
* Update replay sequence number, if appropriate.
*/
if (sav->replay) {
u_int32_t seq;
uint32_t seq;
m_copydata(m, skip + offsetof(struct newah, ah_seq),
sizeof (seq), &seq);
sizeof(seq), &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
AH_STATINC(AH_STAT_REPLAY);
error = ENOBUFS; /*XXX as above*/
@ -1014,7 +1011,7 @@ ah_output(
uint8_t prot;
struct newah *ah;
IPSEC_SPLASSERT_SOFTNET("ah_output");
IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
@ -1096,8 +1093,8 @@ ah_output(
ah = (struct newah *)(mtod(mi, char *) + roff);
/* Initialize the AH header. */
m_copydata(m, protoff, sizeof(u_int8_t), &ah->ah_nxt);
ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(u_int32_t);
m_copydata(m, protoff, sizeof(uint8_t), &ah->ah_nxt);
ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(uint32_t);
ah->ah_reserve = 0;
ah->ah_spi = sav->spi;
@ -1221,11 +1218,11 @@ ah_output_cb(struct cryptop *crp)
void *ptr;
int s, err;
tc = (struct tdb_crypto *) crp->crp_opaque;
tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
skip = tc->tc_skip;
ptr = (tc + 1);
m = (struct mbuf *) crp->crp_buf;
m = crp->crp_buf;
s = splsoftnet();
mutex_enter(softnet_lock);

View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $ */
/* $NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -154,11 +154,11 @@ esp_hdrsiz(const struct secasvar *sav)
if (sav != NULL) {
/*XXX not right for null algorithm--does it matter??*/
IPSEC_ASSERT(sav->tdb_encalgxform != NULL,
("esp_hdrsiz: SA with null xform"));
("%s: SA with null xform", __func__));
if (sav->flags & SADB_X_EXT_OLD)
size = sizeof (struct esp);
size = sizeof(struct esp);
else
size = sizeof (struct newesp);
size = sizeof(struct newesp);
size += sav->tdb_encalgxform->ivsize + 9;
/*XXX need alg check???*/
if (sav->tdb_authalgxform != NULL && sav->replay)
@ -168,11 +168,11 @@ esp_hdrsiz(const struct secasvar *sav)
* base header size
* + max iv length for CBC mode
* + max pad length
* + sizeof (pad length field)
* + sizeof (next header field)
* + sizeof(pad length field)
* + sizeof(next header field)
* + max icv supported.
*/
size = sizeof (struct newesp) + esp_max_ivlen + 9 + 16;
size = sizeof(struct newesp) + esp_max_ivlen + 9 + 16;
}
return size;
}
@ -259,7 +259,7 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
}
/* Initialize crypto session. */
memset(&crie, 0, sizeof (crie));
memset(&crie, 0, sizeof(crie));
crie.cri_alg = sav->tdb_encalgxform->type;
crie.cri_klen = _KEYBITS(sav->key_enc);
crie.cri_key = _KEYBUF(sav->key_enc);
@ -316,26 +316,26 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
struct cryptodesc *crde;
struct cryptop *crp;
IPSEC_SPLASSERT_SOFTNET("esp_input");
IPSEC_SPLASSERT_SOFTNET(__func__);
IPSEC_ASSERT(sav != NULL, ("esp_input: null SA"));
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
IPSEC_ASSERT(sav->tdb_encalgxform != NULL,
("esp_input: null encoding xform"));
("%s: null encoding xform", __func__));
IPSEC_ASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0,
("esp_input: misaligned packet, skip %u pkt len %u",
skip, m->m_pkthdr.len));
("%s: misaligned packet, skip %u pkt len %u", __func__,
skip, m->m_pkthdr.len));
/* XXX don't pullup, just copy header */
IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct newesp));
IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof(struct newesp));
esph = sav->tdb_authalgxform;
espx = sav->tdb_encalgxform;
/* Determine the ESP header length */
if (sav->flags & SADB_X_EXT_OLD)
hlen = sizeof (struct esp) + sav->ivlen;
hlen = sizeof(struct esp) + sav->ivlen;
else
hlen = sizeof (struct newesp) + sav->ivlen;
hlen = sizeof(struct newesp) + sav->ivlen;
/* Authenticator hash size */
alen = esph ? esph->authsize : 0;
@ -349,10 +349,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
*/
plen = m->m_pkthdr.len - (skip + hlen + alen);
if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
DPRINTF(("esp_input: "
"payload of %d octets not a multiple of %d octets,"
" SA %s/%08lx\n",
plen, espx->blocksize,
DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
" SA %s/%08lx\n", __func__, plen, espx->blocksize,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_BADILEN);
@ -364,8 +362,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
* Check sequence number.
*/
if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
DPRINTF(("esp_input: packet replay check for %s\n",
ipsec_logsastr(sav))); /*XXX*/
DPRINTF(("%s: packet replay check for %s\n",
__func__, ipsec_logsastr(sav))); /*XXX*/
ESP_STATINC(ESP_STAT_REPLAY);
m_freem(m);
return ENOBUFS; /*XXX*/
@ -389,35 +387,25 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
/* Get crypto descriptors */
crp = crypto_getreq(esph && espx ? 2 : 1);
if (crp == NULL) {
DPRINTF(("esp_input: failed to acquire crypto descriptors\n"));
ESP_STATINC(ESP_STAT_CRYPTO);
m_freem(m);
return ENOBUFS;
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
error = ENOBUFS;
goto out;
}
/* Get IPsec-specific opaque pointer */
if (esph == NULL || mtag != NULL)
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
M_XDATA, M_NOWAIT|M_ZERO);
else
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto) + alen,
M_XDATA, M_NOWAIT|M_ZERO);
size_t extra = esph == NULL || mtag != NULL ? 0 : alen;
tc = malloc(sizeof(*tc) + extra, M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("esp_input: failed to allocate tdb_crypto\n"));
ESP_STATINC(ESP_STAT_CRYPTO);
m_freem(m);
return ENOBUFS;
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
error = ENOBUFS;
goto out1;
}
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
if (error) {
m_freem(m);
free(tc, M_XDATA);
crypto_freereq(crp);
DPRINTF(("esp_input: m_makewritable failed\n"));
ESP_STATINC(ESP_STAT_CRYPTO);
return error;
DPRINTF(("%s: m_makewritable failed\n", __func__));
goto out2;
}
tc->tc_ptr = mtag;
@ -425,7 +413,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
if (esph) {
struct cryptodesc *crda = crp->crp_desc;
IPSEC_ASSERT(crda != NULL, ("esp_input: null ah crypto descriptor"));
IPSEC_ASSERT(crda != NULL, ("%s: null ah crypto descriptor",
__func__));
/* Authentication descriptor */
crda->crd_skip = skip;
@ -447,8 +436,7 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
/* Copy the authenticator */
if (mtag == NULL)
m_copydata(m, m->m_pkthdr.len - alen, alen,
(tc + 1));
m_copydata(m, m->m_pkthdr.len - alen, alen, (tc + 1));
/* Chain authentication request */
crde = crda->crd_next;
@ -473,7 +461,8 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
/* Decryption descriptor */
if (espx) {
IPSEC_ASSERT(crde != NULL, ("esp_input: null esp crypto descriptor"));
IPSEC_ASSERT(crde != NULL, ("%s: null esp crypto descriptor",
__func__));
crde->crd_skip = skip + hlen;
if (espx->type == CRYPTO_AES_GMAC)
crde->crd_len = 0;
@ -491,6 +480,15 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
return crypto_dispatch(crp);
else
return esp_input_cb(crp);
out2:
free(tc, M_XDATA);
out1:
crypto_freereq(crp);
out:
ESP_STATINC(ESP_STAT_CRYPTO);
m_freem(m);
return error;
}
#ifdef INET6
@ -512,7 +510,7 @@ esp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
static int
esp_input_cb(struct cryptop *crp)
{
u_int8_t lastthree[3], aalg[AH_ALEN_MAX];
uint8_t lastthree[3], aalg[AH_ALEN_MAX];
int s, hlen, skip, protoff, error;
struct mbuf *m;
struct cryptodesc *crd __diagused;
@ -522,18 +520,19 @@ esp_input_cb(struct cryptop *crp)
struct secasvar *sav;
struct secasindex *saidx;
void *ptr;
u_int16_t dport;
u_int16_t sport;
uint16_t dport;
uint16_t sport;
crd = crp->crp_desc;
IPSEC_ASSERT(crd != NULL, ("esp_input_cb: null crypto descriptor!"));
IPSEC_ASSERT(crd != NULL, ("%s: null crypto descriptor!", __func__));
tc = (struct tdb_crypto *) crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("esp_input_cb: null opaque crypto data area!"));
tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
__func__));
skip = tc->tc_skip;
protoff = tc->tc_protoff;
mtag = (struct m_tag *) tc->tc_ptr;
m = (struct mbuf *) crp->crp_buf;
mtag = tc->tc_ptr;
m = crp->crp_buf;
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
@ -544,8 +543,9 @@ esp_input_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
if (sav == NULL) {
ESP_STATINC(ESP_STAT_NOTDB);
DPRINTF(("esp_input_cb: SA expired while in crypto "
"(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst),
DPRINTF(("%s: SA expired while in crypto "
"(SA %s/%08lx proto %u)\n", __func__,
ipsec_address(&tc->tc_dst),
(u_long) ntohl(tc->tc_spi), tc->tc_proto));
error = ENOBUFS; /*XXX*/
goto bad;
@ -553,9 +553,9 @@ esp_input_cb(struct cryptop *crp)
saidx = &sav->sah->saidx;
IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
("esp_input_cb: unexpected protocol family %u",
saidx->dst.sa.sa_family));
saidx->dst.sa.sa_family == AF_INET6,
("%s: unexpected protocol family %u", __func__,
saidx->dst.sa.sa_family));
esph = sav->tdb_authalgxform;
@ -573,7 +573,7 @@ esp_input_cb(struct cryptop *crp)
}
ESP_STATINC(ESP_STAT_NOXFORM);
DPRINTF(("esp_input_cb: crypto error %d\n", crp->crp_etype));
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
@ -581,7 +581,7 @@ esp_input_cb(struct cryptop *crp)
/* Shouldn't happen... */
if (m == NULL) {
ESP_STATINC(ESP_STAT_CRYPTO);
DPRINTF(("esp_input_cb: bogus returned buffer from crypto\n"));
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
@ -604,8 +604,8 @@ esp_input_cb(struct cryptop *crp)
/* Verify authenticator */
if (!consttime_memequal(ptr, aalg, esph->authsize)) {
DPRINTF(("esp_input_cb: "
"authentication hash mismatch for packet in SA %s/%08lx\n",
DPRINTF(("%s: authentication hash mismatch "
"for packet in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_BADAUTH);
@ -631,10 +631,10 @@ esp_input_cb(struct cryptop *crp)
* Update replay sequence number, if appropriate.
*/
if (sav->replay) {
u_int32_t seq;
uint32_t seq;
m_copydata(m, skip + offsetof(struct newesp, esp_seq),
sizeof (seq), &seq);
sizeof(seq), &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav)));
@ -646,15 +646,15 @@ esp_input_cb(struct cryptop *crp)
/* Determine the ESP header length */
if (sav->flags & SADB_X_EXT_OLD)
hlen = sizeof (struct esp) + sav->ivlen;
hlen = sizeof(struct esp) + sav->ivlen;
else
hlen = sizeof (struct newesp) + sav->ivlen;
hlen = sizeof(struct newesp) + sav->ivlen;
/* Remove the ESP header and IV from the mbuf. */
error = m_striphdr(m, skip, hlen);
if (error) {
ESP_STATINC(ESP_STAT_HDROPS);
DPRINTF(("esp_input_cb: bad mbuf chain, SA %s/%08lx\n",
DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
goto bad;
@ -666,11 +666,11 @@ esp_input_cb(struct cryptop *crp)
/* Verify pad length */
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
ESP_STATINC(ESP_STAT_BADILEN);
DPRINTF(("esp_input_cb: invalid padding length %d "
"for %u byte packet in SA %s/%08lx\n",
lastthree[1], m->m_pkthdr.len - skip,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
DPRINTF(("%s: invalid padding length %d "
"for %u byte packet in SA %s/%08lx\n", __func__,
lastthree[1], m->m_pkthdr.len - skip,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
error = EINVAL;
goto bad;
}
@ -679,11 +679,12 @@ esp_input_cb(struct cryptop *crp)
if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) {
if (lastthree[1] != lastthree[0] && lastthree[1] != 0) {
ESP_STATINC(ESP_STAT_BADENC);
DPRINTF(("esp_input_cb: decryption failed "
"for packet in SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1]));
DPRINTF(("%s: decryption failed for packet in SA "
"%s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
DPRINTF(("%s: %x %x\n", __func__, lastthree[0],
lastthree[1]));
error = EINVAL;
goto bad;
}
@ -693,7 +694,7 @@ DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1]));
m_adj(m, -(lastthree[1] + 2));
/* Restore the Next Protocol field */
m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2);
m_copyback(m, protoff, sizeof(uint8_t), lastthree + 2);
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag);
@ -735,24 +736,24 @@ esp_output(
const struct secasvar *sav;
struct secasindex *saidx;
unsigned char *pad;
u_int8_t prot;
uint8_t prot;
int error, maxpacketsize;
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp;
IPSEC_SPLASSERT_SOFTNET("esp_output");
IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
IPSEC_ASSERT(sav != NULL, ("esp_output: null SA"));
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
esph = sav->tdb_authalgxform;
espx = sav->tdb_encalgxform;
IPSEC_ASSERT(espx != NULL, ("esp_output: null encoding xform"));
IPSEC_ASSERT(espx != NULL, ("%s: null encoding xform", __func__));
if (sav->flags & SADB_X_EXT_OLD)
hlen = sizeof (struct esp) + sav->ivlen;
hlen = sizeof(struct esp) + sav->ivlen;
else
hlen = sizeof (struct newesp) + sav->ivlen;
hlen = sizeof(struct newesp) + sav->ivlen;
rlen = m->m_pkthdr.len - skip; /* Raw payload length. */
/*
@ -785,18 +786,17 @@ esp_output(
break;
#endif /* INET6 */
default:
DPRINTF(("esp_output: unknown/unsupported protocol "
"family %d, SA %s/%08lx\n",
saidx->dst.sa.sa_family, ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
DPRINTF(("%s: unknown/unsupported protocol family %d, "
"SA %s/%08lx\n", __func__, saidx->dst.sa.sa_family,
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_NOPF);
error = EPFNOSUPPORT;
goto bad;
}
if (skip + hlen + rlen + padding + alen > maxpacketsize) {
DPRINTF(("esp_output: packet in SA %s/%08lx got too big "
"(len %u, max len %u)\n",
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi),
DPRINTF(("%s: packet in SA %s/%08lx got too big (len %u, "
"max len %u)\n", __func__, ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi),
skip + hlen + rlen + padding + alen, maxpacketsize));
ESP_STATINC(ESP_STAT_TOOBIG);
error = EMSGSIZE;
@ -808,7 +808,7 @@ esp_output(
m = m_clone(m);
if (m == NULL) {
DPRINTF(("esp_output: cannot clone mbuf chain, SA %s/%08lx\n",
DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_HDROPS);
error = ENOBUFS;
@ -818,9 +818,8 @@ esp_output(
/* Inject ESP header. */
mo = m_makespace(m, skip, hlen, &roff);
if (mo == NULL) {
DPRINTF(("esp_output: failed to inject %u byte ESP hdr for SA "
"%s/%08lx\n",
hlen, ipsec_address(&saidx->dst),
DPRINTF(("%s: failed to inject %u byte ESP hdr for SA "
"%s/%08lx\n", __func__, hlen, ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_HDROPS); /* XXX diffs from openbsd */
error = ENOBUFS;
@ -828,9 +827,9 @@ esp_output(
}
/* Initialize ESP header. */
memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(u_int32_t));
memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(uint32_t));
if (sav->replay) {
u_int32_t replay;
uint32_t replay;
#ifdef IPSEC_DEBUG
/* Emulate replay attack when ipsec_replay is TRUE. */
@ -839,18 +838,17 @@ esp_output(
sav->replay->count++;
replay = htonl(sav->replay->count);
bcopy(&replay,
mtod(mo,char *) + roff + sizeof(u_int32_t),
sizeof(u_int32_t));
memcpy(mtod(mo,char *) + roff + sizeof(uint32_t), &replay,
sizeof(uint32_t));
}
/*
* Add padding -- better to do it ourselves than use the crypto engine,
* although if/when we support compression, we'd have to do that.
*/
pad = (u_char *) m_pad(m, padding + alen);
pad = m_pad(m, padding + alen);
if (pad == NULL) {
DPRINTF(("esp_output: m_pad failed for SA %s/%08lx\n",
DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
m = NULL; /* NB: free'd by m_pad */
error = ENOBUFS;
@ -876,16 +874,17 @@ esp_output(
/* Fix padding length and Next Protocol in padding itself. */
pad[padding - 2] = padding - 2;
m_copydata(m, protoff, sizeof(u_int8_t), pad + padding - 1);
m_copydata(m, protoff, sizeof(uint8_t), pad + padding - 1);
/* Fix Next Protocol in IPv4/IPv6 header. */
prot = IPPROTO_ESP;
m_copyback(m, protoff, sizeof(u_int8_t), (u_char *) &prot);
m_copyback(m, protoff, sizeof(uint8_t), &prot);
/* Get crypto descriptors. */
crp = crypto_getreq(esph && espx ? 2 : 1);
if (crp == NULL) {
DPRINTF(("esp_output: failed to acquire crypto descriptors\n"));
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
ESP_STATINC(ESP_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@ -913,11 +912,10 @@ esp_output(
crda = crp->crp_desc;
/* IPsec-specific opaque crypto info. */
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
M_XDATA, M_NOWAIT|M_ZERO);
tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("esp_output: failed to allocate tdb_crypto\n"));
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
ESP_STATINC(ESP_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@ -977,9 +975,9 @@ esp_output_cb(struct cryptop *crp)
struct mbuf *m;
int s, err, error;
tc = (struct tdb_crypto *) crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("esp_output_cb: null opaque data area!"));
m = (struct mbuf *) crp->crp_buf;
tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
m = crp->crp_buf;
s = splsoftnet();
mutex_enter(softnet_lock);
@ -988,14 +986,14 @@ esp_output_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
ESP_STATINC(ESP_STAT_NOTDB);
DPRINTF(("esp_output_cb: SA expired while in crypto "
"(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst),
DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
"proto %u)\n", __func__, ipsec_address(&tc->tc_dst),
(u_long) ntohl(tc->tc_spi), tc->tc_proto));
error = ENOBUFS; /*XXX*/
goto bad;
}
IPSEC_ASSERT(isr->sav == sav,
("esp_output_cb: SA changed was %p now %p\n", isr->sav, sav));
("%s: SA changed was %p now %p", __func__, isr->sav, sav));
/* Check for crypto errors. */
if (crp->crp_etype) {
@ -1011,7 +1009,7 @@ esp_output_cb(struct cryptop *crp)
}
ESP_STATINC(ESP_STAT_NOXFORM);
DPRINTF(("esp_output_cb: crypto error %d\n", crp->crp_etype));
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
@ -1019,7 +1017,7 @@ esp_output_cb(struct cryptop *crp)
/* Shouldn't happen... */
if (m == NULL) {
ESP_STATINC(ESP_STAT_CRYPTO);
DPRINTF(("esp_output_cb: bogus returned buffer from crypto\n"));
DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $ */
/* $NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@ -116,8 +116,8 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp)
/* NB: algorithm really comes in alg_enc and not alg_comp! */
tcomp = ipcomp_algorithm_lookup(sav->alg_enc);
if (tcomp == NULL) {
DPRINTF(("ipcomp_init: unsupported compression algorithm %d\n",
sav->alg_comp));
DPRINTF(("%s: unsupported compression algorithm %d\n",
__func__, sav->alg_comp));
return EINVAL;
}
sav->alg_comp = sav->alg_enc; /* set for doing histogram */
@ -125,7 +125,7 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp)
sav->tdb_compalgxform = tcomp;
/* Initialize crypto session */
memset(&cric, 0, sizeof (cric));
memset(&cric, 0, sizeof(cric));
cric.cri_alg = sav->tdb_compalgxform->type;
ses = crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support);
@ -156,29 +156,29 @@ ipcomp_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff)
struct cryptop *crp;
int error, hlen = IPCOMP_HLENGTH;
IPSEC_SPLASSERT_SOFTNET("ipcomp_input");
IPSEC_SPLASSERT_SOFTNET(__func__);
/* Get crypto descriptors */
crp = crypto_getreq(1);
if (crp == NULL) {
m_freem(m);
DPRINTF(("ipcomp_input: no crypto descriptors\n"));
DPRINTF(("%s: no crypto descriptors\n", __func__));
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
return ENOBUFS;
}
/* Get IPsec-specific opaque pointer */
tc = (struct tdb_crypto *) malloc(sizeof (*tc), M_XDATA, M_NOWAIT|M_ZERO);
tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
m_freem(m);
crypto_freereq(crp);
DPRINTF(("ipcomp_input: cannot allocate tdb_crypto\n"));
DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__));
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
return ENOBUFS;
}
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
if (error) {
DPRINTF(("ipcomp_input: m_makewritable failed\n"));
DPRINTF(("%s: m_makewritable failed\n", __func__));
m_freem(m);
free(tc, M_XDATA);
crypto_freereq(crp);
@ -241,16 +241,17 @@ ipcomp_input_cb(struct cryptop *crp)
struct secasvar *sav;
struct secasindex *saidx __diagused;
int s, hlen = IPCOMP_HLENGTH, error, clen;
u_int8_t nproto;
uint8_t nproto;
void *addr;
u_int16_t dport;
u_int16_t sport;
uint16_t dport;
uint16_t sport;
tc = (struct tdb_crypto *) crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("ipcomp_input_cb: null opaque crypto data area!"));
tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
__func__));
skip = tc->tc_skip;
protoff = tc->tc_protoff;
m = (struct mbuf *) crp->crp_buf;
m = crp->crp_buf;
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
@ -261,7 +262,7 @@ ipcomp_input_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
if (sav == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
DPRINTF(("ipcomp_input_cb: SA expired while in crypto\n"));
DPRINTF(("%s: SA expired while in crypto\n", __func__));
error = ENOBUFS; /*XXX*/
goto bad;
}
@ -269,7 +270,7 @@ ipcomp_input_cb(struct cryptop *crp)
saidx = &sav->sah->saidx;
IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
("ipcomp_input_cb: unexpected protocol family %u",
("%s: unexpected protocol family %u", __func__,
saidx->dst.sa.sa_family));
/* Check for crypto errors */
@ -286,14 +287,14 @@ ipcomp_input_cb(struct cryptop *crp)
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
DPRINTF(("ipcomp_input_cb: crypto error %d\n", crp->crp_etype));
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
/* Shouldn't happen... */
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
DPRINTF(("ipcomp_input_cb: null mbuf returned from crypto\n"));
DPRINTF(("%s: null mbuf returned from crypto\n", __func__));
error = EINVAL;
goto bad;
}
@ -314,7 +315,7 @@ ipcomp_input_cb(struct cryptop *crp)
if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS); /*XXX*/
DPRINTF(("ipcomp_input_cb: m_pullup failed\n"));
DPRINTF(("%s: m_pullup failed\n", __func__));
error = EINVAL; /*XXX*/
goto bad;
}
@ -322,27 +323,32 @@ ipcomp_input_cb(struct cryptop *crp)
/* Keep the next protocol field */
addr = (uint8_t*) mtod(m, struct ip *) + skip;
nproto = ((struct ipcomp *) addr)->comp_nxt;
if (nproto == IPPROTO_IPCOMP || nproto == IPPROTO_AH || nproto == IPPROTO_ESP) {
switch (nproto) {
case IPPROTO_IPCOMP:
case IPPROTO_AH:
case IPPROTO_ESP:
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("ipcomp_input_cb: nested ipcomp, IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
DPRINTF(("%s: nested ipcomp, IPCA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
error = EINVAL;
goto bad;
default:
break;
}
/* Remove the IPCOMP header */
error = m_striphdr(m, skip, hlen);
if (error) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("ipcomp_input_cb: bad mbuf chain, IPCA %s/%08lx\n",
DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
goto bad;
}
/* Restore the Next Protocol field */
m_copyback(m, protoff, sizeof (u_int8_t), (u_int8_t *) &nproto);
m_copyback(m, protoff, sizeof(uint8_t), (uint8_t *) &nproto);
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, NULL);
@ -383,11 +389,11 @@ ipcomp_output(
struct cryptop *crp;
struct tdb_crypto *tc;
IPSEC_SPLASSERT_SOFTNET("ipcomp_output");
IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
IPSEC_ASSERT(sav != NULL, ("ipcomp_output: null SA"));
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
ipcompx = sav->tdb_compalgxform;
IPSEC_ASSERT(ipcompx != NULL, ("ipcomp_output: null compression xform"));
IPSEC_ASSERT(ipcompx != NULL, ("%s: null compression xform", __func__));
ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */
@ -415,8 +421,8 @@ ipcomp_output(
#endif /* INET6 */
default:
IPCOMP_STATINC(IPCOMP_STAT_NOPF);
DPRINTF(("ipcomp_output: unknown/unsupported protocol family %d"
", IPCA %s/%08lx\n",
DPRINTF(("%s: unknown/unsupported protocol family %d"
", IPCA %s/%08lx\n", __func__,
sav->sah->saidx.dst.sa.sa_family,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
@ -425,8 +431,8 @@ ipcomp_output(
}
if (skip + hlen + ralen > maxpacketsize) {
IPCOMP_STATINC(IPCOMP_STAT_TOOBIG);
DPRINTF(("ipcomp_output: packet in IPCA %s/%08lx got too big "
"(len %u, max len %u)\n",
DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
"(len %u, max len %u)\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi),
skip + hlen + ralen, maxpacketsize));
@ -440,8 +446,8 @@ ipcomp_output(
m = m_clone(m);
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("ipcomp_output: cannot clone mbuf chain, IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst),
DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
__func__, ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
error = ENOBUFS;
goto bad;
@ -453,7 +459,8 @@ ipcomp_output(
crp = crypto_getreq(1);
if (crp == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
DPRINTF(("ipcomp_output: failed to acquire crypto descriptor\n"));
DPRINTF(("%s: failed to acquire crypto descriptor\n",
__func__));
error = ENOBUFS;
goto bad;
}
@ -469,11 +476,10 @@ ipcomp_output(
crdc->crd_alg = ipcompx->type;
/* IPsec-specific opaque crypto info */
tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
M_XDATA, M_NOWAIT|M_ZERO);
tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
DPRINTF(("ipcomp_output: failed to allocate tdb_crypto\n"));
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
crypto_freereq(crp);
error = ENOBUFS;
goto bad;
@ -512,14 +518,14 @@ ipcomp_output_cb(struct cryptop *crp)
struct secasvar *sav;
struct mbuf *m, *mo;
int s, error, skip, rlen, roff;
u_int8_t prot;
u_int16_t cpi;
uint8_t prot;
uint16_t cpi;
struct ipcomp * ipcomp;
tc = (struct tdb_crypto *) crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("ipcomp_output_cb: null opaque data area!"));
m = (struct mbuf *) crp->crp_buf;
tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
m = crp->crp_buf;
skip = tc->tc_skip;
rlen = crp->crp_ilen - skip;
@ -530,11 +536,11 @@ ipcomp_output_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
DPRINTF(("ipcomp_output_cb: SA expired while in crypto\n"));
DPRINTF(("%s: SA expired while in crypto\n", __func__));
error = ENOBUFS; /*XXX*/
goto bad;
}
IPSEC_ASSERT(isr->sav == sav, ("ipcomp_output_cb: SA changed\n"));
IPSEC_ASSERT(isr->sav == sav, ("%s: SA changed", __func__));
/* Check for crypto errors */
if (crp->crp_etype) {
@ -549,14 +555,14 @@ ipcomp_output_cb(struct cryptop *crp)
return crypto_dispatch(crp);
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
DPRINTF(("ipcomp_output_cb: crypto error %d\n", crp->crp_etype));
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
/* Shouldn't happen... */
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
DPRINTF(("ipcomp_output_cb: bogus return buffer from crypto\n"));
DPRINTF(("%s: bogus return buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
@ -567,10 +573,10 @@ ipcomp_output_cb(struct cryptop *crp)
mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff);
if (mo == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_WRAP);
DPRINTF(("ipcomp_output: failed to inject IPCOMP header for "
"IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
DPRINTF(("%s: failed to inject IPCOMP header for "
"IPCA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
error = ENOBUFS;
goto bad;
}
@ -600,7 +606,7 @@ ipcomp_output_cb(struct cryptop *crp)
/* Fix Next Protocol in IPv4/IPv6 header */
prot = IPPROTO_IPCOMP;
m_copyback(m, tc->tc_protoff, sizeof(u_int8_t), (u_char *)&prot);
m_copyback(m, tc->tc_protoff, sizeof(uint8_t), (u_char *)&prot);
/* Adjust the length in the IP header */
switch (sav->sah->saidx.dst.sa.sa_family) {

View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_ipip.c,v 1.44 2017/04/14 22:35:05 christos Exp $ */
/* $NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.44 2017/04/14 22:35:05 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $");
/*
* IP-inside-IP processing
@ -144,7 +144,7 @@ ip4_input6(struct mbuf **m, int *offp, int proto)
#if 0
/* If we do not accept IP-in-IP explicitly, drop. */
if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
DPRINTF(("ip4_input6: dropped due to policy\n"));
DPRINTF(("%s: dropped due to policy\n", __func__));
IPIP_STATINC(IPIP_STAT_PDROPS);
m_freem(*m);
return IPPROTO_DONE;
@ -166,7 +166,7 @@ ip4_input(struct mbuf *m, int off, int proto)
#if 0
/* If we do not accept IP-in-IP explicitly, drop. */
if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
DPRINTF(("ip4_input: dropped due to policy\n"));
DPRINTF(("%s: dropped due to policy\n", __func__));
IPIP_STATINC(IPIP_STAT_PDROPS);
m_freem(m);
return;
@ -195,10 +195,10 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
#ifdef INET6
register struct sockaddr_in6 *sin6;
struct ip6_hdr *ip6 = NULL;
u_int8_t itos;
uint8_t itos;
#endif
u_int8_t otos;
u_int8_t v;
uint8_t otos;
uint8_t v;
int hlen;
IPIP_STATINC(IPIP_STAT_IPACKETS);
@ -217,8 +217,8 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
break;
#endif
default:
DPRINTF(("_ipip_input: bad protocol version 0x%x (%u) "
"for outer header\n", v, v>>4));
DPRINTF(("%s: bad protocol version 0x%x (%u) "
"for outer header\n", __func__, v, v>>4));
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
return /* EAFNOSUPPORT */;
@ -227,7 +227,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
/* Bring the IP header in the first mbuf, if not there already */
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("ipip_input: m_pullup (1) failed\n"));
DPRINTF(("%s: m_pullup (1) failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
return;
}
@ -257,7 +257,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
break;
#endif
default:
panic("ipip_input: unknown ip version %u (outer)", v>>4);
panic("%s: unknown ip version %u (outer)", __func__, v >> 4);
}
/* Remove outer IP header */
@ -285,8 +285,8 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
break;
#endif
default:
DPRINTF(("_ipip_input: bad protocol version 0x%x (%u) "
"for inner header\n", v, v>>4));
DPRINTF(("%s: bad protocol version %#x (%u) "
"for inner header\n", __func__, v, v >> 4));
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
return; /* EAFNOSUPPORT */
@ -297,7 +297,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
*/
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("ipip_input: m_pullup (2) failed\n"));
DPRINTF(("%s: m_pullup (2) failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
return;
}
@ -323,11 +323,11 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
ip6->ip6_flow &= ~htonl(0xff << 20);
ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
ip6->ip6_flow |= htonl((uint32_t) itos << 20);
break;
#endif
default:
panic("ipip_input: unknown ip version %u (inner)", v>>4);
panic("%s: unknown ip version %u (inner)", __func__, v>>4);
}
/* Check for local address spoofing. */
@ -400,7 +400,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp)
break;
#endif
default:
panic("ipip_input: should never reach here");
panic("%s: should never reach here", __func__);
}
int s = splnet();
@ -421,22 +421,22 @@ ipip_output(
)
{
const struct secasvar *sav;
u_int8_t tp, otos;
uint8_t tp, otos;
struct secasindex *saidx;
int error;
#ifdef INET
u_int8_t itos;
uint8_t itos;
struct ip *ipo;
#endif /* INET */
#ifdef INET6
struct ip6_hdr *ip6, *ip6o;
#endif /* INET6 */
IPSEC_SPLASSERT_SOFTNET("ipip_output");
IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
IPSEC_ASSERT(sav != NULL, ("ipip_output: null SA"));
IPSEC_ASSERT(sav->sah != NULL, ("ipip_output: null SAH"));
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
IPSEC_ASSERT(sav->sah != NULL, ("%s: null SAH", __func__));
/* XXX Deal with empty TDB source/destination addresses. */
@ -450,8 +450,8 @@ ipip_output(
if (saidx->src.sa.sa_family != AF_INET ||
saidx->src.sin.sin_addr.s_addr == INADDR_ANY ||
saidx->dst.sin.sin_addr.s_addr == INADDR_ANY) {
DPRINTF(("ipip_output: unspecified tunnel endpoint "
"address in SA %s/%08lx\n",
DPRINTF(("%s: unspecified tunnel endpoint "
"address in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
IPIP_STATINC(IPIP_STAT_UNSPEC);
@ -461,7 +461,7 @@ ipip_output(
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == 0) {
DPRINTF(("ipip_output: M_PREPEND failed\n"));
DPRINTF(("%s: M_PREPEND failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -490,7 +490,7 @@ ipip_output(
/* Save ECN notification */
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip, ip_tos),
sizeof(u_int8_t), &itos);
sizeof(uint8_t), &itos);
ipo->ip_p = IPPROTO_IPIP;
@ -500,17 +500,17 @@ ipip_output(
*/
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip, ip_off),
sizeof(u_int16_t), &ipo->ip_off);
sizeof(uint16_t), &ipo->ip_off);
ipo->ip_off &= ~ IP_OFF_CONVERT(IP_DF | IP_MF | IP_OFFMASK);
}
#ifdef INET6
else if (tp == (IPV6_VERSION >> 4)) {
u_int32_t itos32;
uint32_t itos32;
/* Save ECN notification. */
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip6_hdr, ip6_flow),
sizeof(u_int32_t), &itos32);
sizeof(uint32_t), &itos32);
itos = ntohl(itos32) >> 20;
ipo->ip_p = IPPROTO_IPV6;
ipo->ip_off = 0;
@ -531,8 +531,8 @@ ipip_output(
if (IN6_IS_ADDR_UNSPECIFIED(&saidx->dst.sin6.sin6_addr) ||
saidx->src.sa.sa_family != AF_INET6 ||
IN6_IS_ADDR_UNSPECIFIED(&saidx->src.sin6.sin6_addr)) {
DPRINTF(("ipip_output: unspecified tunnel endpoint "
"address in SA %s/%08lx\n",
DPRINTF(("%s: unspecified tunnel endpoint "
"address in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
IPIP_STATINC(IPIP_STAT_UNSPEC);
@ -551,7 +551,7 @@ ipip_output(
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
if (m == 0) {
DPRINTF(("ipip_output: M_PREPEND failed\n"));
DPRINTF(("%s: M_PREPEND failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -575,7 +575,7 @@ ipip_output(
if (tp == IPVERSION) {
/* Save ECN notification */
m_copydata(m, sizeof(struct ip6_hdr) +
offsetof(struct ip, ip_tos), sizeof(u_int8_t),
offsetof(struct ip, ip_tos), sizeof(uint8_t),
&itos);
/* This is really IPVERSION. */
@ -583,12 +583,12 @@ ipip_output(
} else
#endif /* INET */
if (tp == (IPV6_VERSION >> 4)) {
u_int32_t itos32;
uint32_t itos32;
/* Save ECN notification. */
m_copydata(m, sizeof(struct ip6_hdr) +
offsetof(struct ip6_hdr, ip6_flow),
sizeof(u_int32_t), &itos32);
sizeof(uint32_t), &itos32);
itos = ntohl(itos32) >> 20;
ip6o->ip6_nxt = IPPROTO_IPV6;
@ -598,13 +598,13 @@ ipip_output(
otos = 0;
ip_ecn_ingress(ECN_ALLOWED, &otos, &itos);
ip6o->ip6_flow |= htonl((u_int32_t) otos << 20);
ip6o->ip6_flow |= htonl((uint32_t) otos << 20);
break;
#endif /* INET6 */
default:
nofamily:
DPRINTF(("ipip_output: unsupported protocol family %u\n",
DPRINTF(("%s: unsupported protocol family %u\n", __func__,
saidx->dst.sa.sa_family));
IPIP_STATINC(IPIP_STAT_FAMILY);
error = EAFNOSUPPORT; /* XXX diffs from openbsd */
@ -669,7 +669,7 @@ ipe4_input(
)
{
/* This is a rather serious mistake, so no conditional printing. */
printf("ipe4_input: should never be called\n");
printf("%s: should never be called\n", __func__);
if (m)
m_freem(m);
return EOPNOTSUPP;