Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make DPRINTF use varyadic cpp macros, and merge with IPSECLOG.

This commit is contained in:
christos 2019-06-12 22:23:50 +00:00
parent 38947c9111
commit 4a07f43718
7 changed files with 188 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/netipsec/ipsec.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec.h,v 1.87 2019/01/17 02:47:15 knakahara Exp $ */
/* $NetBSD: ipsec.h,v 1.88 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@ -237,13 +237,17 @@ extern int crypto_support;
#include <sys/syslog.h>
#define DPRINTF(x) do { if (ipsec_debug) printf x; } while (0)
#define DPRINTF(fmt, args...) \
do { \
if (ipsec_debug) \
log(LOG_DEBUG, "%s: " fmt, __func__, ##args); \
} while (/*CONSTCOND*/0)
#define IPSECLOG(level, fmt, args...) \
do { \
if (ipsec_debug) \
log(level, "%s: " fmt, __func__, ##args); \
} while (0)
} while (/*CONSTCOND*/0)
#define ipsec_indone(m) \
((m->m_flags & M_AUTHIPHDR) || (m->m_flags & M_DECRYPTED))

10
sys/netipsec/keysock.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: keysock.c,v 1.69 2019/02/26 06:52:34 maxv Exp $ */
/* $NetBSD: keysock.c,v 1.70 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.69 2019/02/26 06:52:34 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.70 2019/06/12 22:23:50 christos Exp $");
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
@ -437,7 +437,7 @@ key_accept(struct socket *so, struct sockaddr *nam)
{
KASSERT(solocked(so));
panic("key_accept");
panic("%s: unsupported", __func__);
return EOPNOTSUPP;
}
@ -513,7 +513,7 @@ key_abort(struct socket *so)
{
KASSERT(solocked(so));
panic("key_abort");
panic("%s: unsupported", __func__);
return EOPNOTSUPP;
}
@ -612,7 +612,7 @@ static int
key_purgeif(struct socket *so, struct ifnet *ifa)
{
panic("key_purgeif");
panic("%s: unsupported", __func__);
return EOPNOTSUPP;
}

136
sys/netipsec/xform_ah.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_ah.c,v 1.107 2019/01/27 02:08:48 pgoyette Exp $ */
/* $NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.107 2019/01/27 02:08:48 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -201,8 +201,8 @@ ah_init0(struct secasvar *sav, const struct xformsw *xsp,
thash = ah_algorithm_lookup(sav->alg_auth);
if (thash == NULL) {
DPRINTF(("%s: unsupported authentication algorithm %u\n",
__func__, sav->alg_auth));
DPRINTF("unsupported authentication algorithm %u\n",
sav->alg_auth);
return EINVAL;
}
/*
@ -212,22 +212,22 @@ ah_init0(struct secasvar *sav, const struct xformsw *xsp,
*/
/* NB: replay state is setup elsewhere (sigh) */
if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) {
DPRINTF(("%s: replay state block inconsistency, "
"%s algorithm %s replay state\n", __func__,
(sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
sav->replay == NULL ? "without" : "with"));
DPRINTF("replay state block inconsistency, "
"%s algorithm %s replay state\n",
(sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
sav->replay == NULL ? "without" : "with");
return EINVAL;
}
if (sav->key_auth == NULL) {
DPRINTF(("%s: no authentication key for %s algorithm\n",
__func__, thash->name));
DPRINTF("no authentication key for %s algorithm\n",
thash->name);
return EINVAL;
}
keylen = _KEYLEN(sav->key_auth);
if (keylen != thash->keysize && thash->keysize != 0) {
DPRINTF(("%s: invalid keylength %d, algorithm %s requires "
"keysize %d\n", __func__,
keylen, thash->name, thash->keysize));
DPRINTF("invalid keylength %d, algorithm %s requires "
"keysize %d\n",
keylen, thash->name, thash->keysize);
return EINVAL;
}
@ -310,7 +310,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
*/
*m0 = m = m_pullup(m, skip);
if (m == NULL) {
DPRINTF(("%s: m_pullup failed\n", __func__));
DPRINTF("m_pullup failed\n");
return ENOBUFS;
}
@ -398,7 +398,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
/* We don't do IPv6 Jumbograms. */
if (ip6.ip6_plen == 0) {
DPRINTF(("%s: unsupported IPv6 jumbogram\n", __func__));
DPRINTF("unsupported IPv6 jumbogram\n");
m_freem(m);
return EMSGSIZE;
}
@ -424,9 +424,8 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
if (m->m_len <= skip) {
ptr = malloc(ip6optlen, M_XDATA, M_NOWAIT);
if (ptr == NULL) {
DPRINTF(("%s: failed to allocate "
"memory for IPv6 headers\n",
__func__));
DPRINTF("failed to allocate "
"memory for IPv6 headers\n");
m_freem(m);
return ENOBUFS;
}
@ -555,8 +554,8 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Check replay window, if applicable. */
if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
char buf[IPSEC_LOGSASTRLEN];
DPRINTF(("%s: packet replay failure: %s\n", __func__,
ipsec_logsastr(sav, buf, sizeof(buf))));
DPRINTF("packet replay failure: %s\n",
ipsec_logsastr(sav, buf, sizeof(buf)));
stat = AH_STAT_REPLAY;
error = EACCES;
goto bad;
@ -569,22 +568,22 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
ahsize = ah_hdrsiz(sav);
if (hl != ahsize) {
char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
" for packet in SA %s/%08lx\n", __func__,
hl, (u_long)ahsize,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
DPRINTF("bad authenticator length %u (expecting %lu)"
" for packet in SA %s/%08lx\n",
hl, (u_long)ahsize,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi));
stat = AH_STAT_BADAUTHL;
error = EACCES;
goto bad;
}
if (skip + ahsize > m->m_pkthdr.len) {
char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n", __func__,
m->m_pkthdr.len, (u_long)(skip + ahsize),
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
DPRINTF("bad mbuf length %u (expecting >= %lu)"
" for packet in SA %s/%08lx\n",
m->m_pkthdr.len, (u_long)(skip + ahsize),
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi));
stat = AH_STAT_BADAUTHL;
error = EACCES;
goto bad;
@ -595,7 +594,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Get crypto descriptors. */
crp = crypto_getreq(1);
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptor\n", __func__));
DPRINTF("failed to acquire crypto descriptor\n");
stat = AH_STAT_CRYPTO;
error = ENOBUFS;
goto bad;
@ -627,7 +626,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
pool_used = false;
}
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
DPRINTF("failed to allocate tdb_crypto\n");
stat = AH_STAT_CRYPTO;
error = ENOBUFS;
goto bad;
@ -635,7 +634,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
error = m_makewritable(&m, 0, extra, M_NOWAIT);
if (error) {
DPRINTF(("%s: failed to m_makewritable\n", __func__));
DPRINTF("failed to m_makewritable\n");
goto bad;
}
@ -689,10 +688,10 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
tc->tc_skip = skip;
tc->tc_sav = sav;
DPRINTF(("%s: hash over %d bytes, skip %d: "
"crda len %d skip %d inject %d\n", __func__,
crp->crp_ilen, tc->tc_skip,
crda->crd_len, crda->crd_skip, crda->crd_inject));
DPRINTF("hash over %d bytes, skip %d: "
"crda len %d skip %d inject %d\n",
crp->crp_ilen, tc->tc_skip,
crda->crd_len, crda->crd_skip, crda->crd_inject);
return crypto_dispatch(crp);
@ -781,7 +780,7 @@ ah_input_cb(struct cryptop *crp)
}
AH_STATINC(AH_STAT_NOXFORM);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
} else {
@ -801,21 +800,19 @@ ah_input_cb(struct cryptop *crp)
/* Verify authenticator. */
if (!consttime_memequal(pppp, calc, authsize)) {
DPRINTF(("%s: authentication hash mismatch " \
DPRINTF("authentication hash mismatch " \
"over %d bytes " \
"for packet in SA %s/%08lx:\n" \
"%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \
"%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
__func__, authsize,
ipsec_address(&saidx->dst, buf, sizeof(buf)),
"%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \
"%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
authsize, ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi),
calc[0], calc[1], calc[2], calc[3],
calc[4], calc[5], calc[6], calc[7],
calc[8], calc[9], calc[10], calc[11],
pppp[0], pppp[1], pppp[2], pppp[3],
pppp[4], pppp[5], pppp[6], pppp[7],
pppp[8], pppp[9], pppp[10], pppp[11]
));
calc[0], calc[1], calc[2], calc[3],
calc[4], calc[5], calc[6], calc[7],
calc[8], calc[9], calc[10], calc[11],
pppp[0], pppp[1], pppp[2], pppp[3],
pppp[4], pppp[5], pppp[6], pppp[7],
pppp[8], pppp[9], pppp[10], pppp[11]);
AH_STATINC(AH_STAT_BADAUTH);
error = EACCES;
goto bad;
@ -858,9 +855,9 @@ ah_input_cb(struct cryptop *crp)
*/
error = m_striphdr(m, skip, ahsize);
if (error) {
DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
DPRINTF("mangled mbuf chain for SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
AH_STATINC(AH_STAT_HDROPS);
goto bad;
@ -935,21 +932,21 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
break;
#endif
default:
DPRINTF(("%s: unknown/unsupported protocol "
"family %u, SA %s/%08lx\n", __func__,
DPRINTF("unknown/unsupported protocol "
"family %u, SA %s/%08lx\n",
sav->sah->saidx.dst.sa.sa_family,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
AH_STATINC(AH_STAT_NOPF);
error = EPFNOSUPPORT;
goto bad;
}
if (ahsize + m->m_pkthdr.len > maxpacketsize) {
DPRINTF(("%s: packet in SA %s/%08lx got too big "
"(len %u, max len %u)\n", __func__,
DPRINTF("packet in SA %s/%08lx got too big "
"(len %u, max len %u)\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi),
ahsize + m->m_pkthdr.len, maxpacketsize));
ahsize + m->m_pkthdr.len, maxpacketsize);
AH_STATINC(AH_STAT_TOOBIG);
error = EMSGSIZE;
goto bad;
@ -960,9 +957,9 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
m = m_clone(m);
if (m == NULL) {
DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
DPRINTF("cannot clone mbuf chain, SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
AH_STATINC(AH_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -971,10 +968,10 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
/* Inject AH header. */
mi = m_makespace(m, skip, ahsize, &roff);
if (mi == NULL) {
DPRINTF(("%s: failed to inject %u byte AH header for SA "
"%s/%08lx\n", __func__, ahsize,
DPRINTF("failed to inject %u byte AH header for SA "
"%s/%08lx\n", ahsize,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
AH_STATINC(AH_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -1003,9 +1000,9 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
if (sav->replay) {
if (sav->replay->count == ~0 &&
(sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n",
__func__, ipsec_address(&sav->sah->saidx.dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi)));
DPRINTF("replay counter wrapped for SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi));
AH_STATINC(AH_STAT_WRAP);
error = EINVAL;
goto bad;
@ -1021,8 +1018,7 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
/* Get crypto descriptors. */
crp = crypto_getreq(1);
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
DPRINTF("failed to acquire crypto descriptors\n");
AH_STATINC(AH_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@ -1051,7 +1047,7 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
pool_used = false;
}
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
DPRINTF("failed to allocate tdb_crypto\n");
AH_STATINC(AH_STAT_CRYPTO);
error = ENOBUFS;
goto bad_crp;
@ -1176,7 +1172,7 @@ ah_output_cb(struct cryptop *crp)
}
AH_STATINC(AH_STAT_NOXFORM);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
}

110
sys/netipsec/xform_esp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_esp.c,v 1.97 2019/01/27 02:08:48 pgoyette Exp $ */
/* $NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.97 2019/01/27 02:08:48 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -186,25 +186,24 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
txform = esp_algorithm_lookup(sav->alg_enc);
if (txform == NULL) {
DPRINTF(("%s: unsupported encryption algorithm %d\n", __func__,
sav->alg_enc));
DPRINTF("unsupported encryption algorithm %d\n",
sav->alg_enc);
return EINVAL;
}
if (sav->key_enc == NULL) {
DPRINTF(("%s: no encoding key for %s algorithm\n", __func__,
txform->name));
DPRINTF("no encoding key for %s algorithm\n",
txform->name);
return EINVAL;
}
if ((sav->flags&(SADB_X_EXT_OLD|SADB_X_EXT_IV4B)) == SADB_X_EXT_IV4B) {
DPRINTF(("%s: 4-byte IV not supported with protocol\n",
__func__));
DPRINTF("4-byte IV not supported with protocol\n");
return EINVAL;
}
keylen = _KEYLEN(sav->key_enc);
if (txform->minkey > keylen || keylen > txform->maxkey) {
DPRINTF(("%s: invalid key length %u, must be in "
"the range [%u..%u] for algorithm %s\n", __func__,
keylen, txform->minkey, txform->maxkey, txform->name));
DPRINTF("invalid key length %u, must be in "
"the range [%u..%u] for algorithm %s\n",
keylen, txform->minkey, txform->maxkey, txform->name);
return EINVAL;
}
@ -240,8 +239,8 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
sav->tdb_authalgxform = &auth_hash_gmac_aes_256;
break;
default:
DPRINTF(("%s: invalid key length %u, must be either of "
"20, 28 or 36\n", __func__, keylen));
DPRINTF("invalid key length %u, must be either of "
"20, 28 or 36\n", keylen);
return EINVAL;
}
@ -271,8 +270,7 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
cr = &cria;
} else {
/* XXX cannot happen? */
DPRINTF(("%s: no encoding OR authentication xform!\n",
__func__));
DPRINTF("no encoding OR authentication xform!\n");
return EINVAL;
}
@ -347,10 +345,10 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
KASSERT((espx->blocksize & 3) == 0);
if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
" SA %s/%08lx\n", __func__, plen, espx->blocksize,
DPRINTF("payload of %d octets not a multiple of %d octets,"
" SA %s/%08lx\n", plen, espx->blocksize,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
stat = ESP_STAT_BADILEN;
error = EINVAL;
goto out;
@ -361,8 +359,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
*/
if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
char logbuf[IPSEC_LOGSASTRLEN];
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav, logbuf, sizeof(logbuf))));
DPRINTF("packet replay check for %s\n",
ipsec_logsastr(sav, logbuf, sizeof(logbuf)));
stat = ESP_STAT_REPLAY;
error = EACCES;
goto out;
@ -374,8 +372,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Get crypto descriptors */
crp = crypto_getreq(esph ? 2 : 1);
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
DPRINTF("failed to acquire crypto descriptors\n");
error = ENOBUFS;
goto out;
}
@ -387,14 +384,14 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
sizeof(*tc) + extra, esp_pool_item_size);
tc = pool_cache_get(esp_tdb_crypto_pool_cache, PR_NOWAIT);
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
DPRINTF("failed to allocate tdb_crypto\n");
error = ENOBUFS;
goto out1;
}
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
if (error) {
DPRINTF(("%s: m_makewritable failed\n", __func__));
DPRINTF("m_makewritable failed\n");
goto out2;
}
@ -549,7 +546,7 @@ esp_input_cb(struct cryptop *crp)
}
ESP_STATINC(ESP_STAT_NOXFORM);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
}
@ -572,10 +569,10 @@ esp_input_cb(struct cryptop *crp)
/* Verify authenticator */
if (!consttime_memequal(ptr, aalg, esph->authsize)) {
DPRINTF(("%s: authentication hash mismatch "
"for packet in SA %s/%08lx\n", __func__,
DPRINTF("authentication hash mismatch "
"for packet in SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi)));
sizeof(buf)), (u_long) ntohl(sav->spi));
ESP_STATINC(ESP_STAT_BADAUTH);
error = EACCES;
goto bad;
@ -606,8 +603,8 @@ esp_input_cb(struct cryptop *crp)
sizeof(seq), &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
char logbuf[IPSEC_LOGSASTRLEN];
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav, logbuf, sizeof(logbuf))));
DPRINTF("packet replay check for %s\n",
ipsec_logsastr(sav, logbuf, sizeof(logbuf)));
ESP_STATINC(ESP_STAT_REPLAY);
error = EACCES;
goto bad;
@ -624,9 +621,9 @@ esp_input_cb(struct cryptop *crp)
error = m_striphdr(m, skip, hlen);
if (error) {
ESP_STATINC(ESP_STAT_HDROPS);
DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
DPRINTF("bad mbuf chain, SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
goto bad;
}
@ -636,11 +633,11 @@ esp_input_cb(struct cryptop *crp)
/* Verify pad length */
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
ESP_STATINC(ESP_STAT_BADILEN);
DPRINTF(("%s: invalid padding length %d "
"for %u byte packet in SA %s/%08lx\n", __func__,
DPRINTF("invalid padding length %d "
"for %u byte packet in SA %s/%08lx\n",
lastthree[1], m->m_pkthdr.len - skip,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
error = EINVAL;
goto bad;
}
@ -649,12 +646,12 @@ esp_input_cb(struct cryptop *crp)
if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) {
if (lastthree[1] != lastthree[0] && lastthree[1] != 0) {
ESP_STATINC(ESP_STAT_BADENC);
DPRINTF(("%s: decryption failed for packet in SA "
"%s/%08lx\n", __func__,
DPRINTF("decryption failed for packet in SA "
"%s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi)));
DPRINTF(("%s: %x %x\n", __func__, lastthree[0],
lastthree[1]));
sizeof(buf)), (u_long) ntohl(sav->spi));
DPRINTF("%x %x\n", lastthree[0],
lastthree[1]);
error = EINVAL;
goto bad;
}
@ -748,20 +745,20 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
break;
#endif
default:
DPRINTF(("%s: unknown/unsupported protocol family %d, "
"SA %s/%08lx\n", __func__, saidx->dst.sa.sa_family,
DPRINTF("unknown/unsupported protocol family %d, "
"SA %s/%08lx\n", saidx->dst.sa.sa_family,
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long)ntohl(sav->spi)));
(u_long)ntohl(sav->spi));
ESP_STATINC(ESP_STAT_NOPF);
error = EPFNOSUPPORT;
goto bad;
}
if (skip + hlen + rlen + tlen > maxpacketsize) {
DPRINTF(("%s: packet in SA %s/%08lx got too big (len %u, "
"max len %u)\n", __func__,
DPRINTF("packet in SA %s/%08lx got too big (len %u, "
"max len %u)\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi),
skip + hlen + rlen + tlen, maxpacketsize));
skip + hlen + rlen + tlen, maxpacketsize);
ESP_STATINC(ESP_STAT_TOOBIG);
error = EMSGSIZE;
goto bad;
@ -772,9 +769,9 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
m = m_clone(m);
if (m == NULL) {
DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
DPRINTF("cannot clone mbuf chain, SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
ESP_STATINC(ESP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -783,10 +780,10 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
/* Inject ESP header. */
mo = m_makespace(m, skip, hlen, &roff);
if (mo == NULL) {
DPRINTF(("%s: failed to inject %u byte ESP hdr for SA "
"%s/%08lx\n", __func__, hlen,
DPRINTF("failed to inject %u byte ESP hdr for SA "
"%s/%08lx\n", hlen,
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
ESP_STATINC(ESP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -813,9 +810,9 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
*/
tail = m_pad(m, tlen);
if (tail == NULL) {
DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__,
DPRINTF("m_pad failed for SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
m = NULL;
error = ENOBUFS;
goto bad;
@ -850,8 +847,7 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
/* Get crypto descriptors. */
crp = crypto_getreq(esph ? 2 : 1);
if (crp == NULL) {
DPRINTF(("%s: failed to acquire crypto descriptors\n",
__func__));
DPRINTF("failed to acquire crypto descriptors\n");
ESP_STATINC(ESP_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@ -878,7 +874,7 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav,
tc = pool_cache_get(esp_tdb_crypto_pool_cache, PR_NOWAIT);
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
DPRINTF("failed to allocate tdb_crypto\n");
ESP_STATINC(ESP_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@ -982,7 +978,7 @@ esp_output_cb(struct cryptop *crp)
}
ESP_STATINC(ESP_STAT_NOXFORM);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
}

65
sys/netipsec/xform_ipcomp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_ipcomp.c,v 1.67 2019/01/27 02:08:48 pgoyette Exp $ */
/* $NetBSD: xform_ipcomp.c,v 1.68 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.67 2019/01/27 02:08:48 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.68 2019/06/12 22:23:50 christos Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@ -105,8 +105,8 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp)
/* NB: algorithm really comes in alg_enc and not alg_comp! */
tcomp = ipcomp_algorithm_lookup(sav->alg_enc);
if (tcomp == NULL) {
DPRINTF(("%s: unsupported compression algorithm %d\n",
__func__, sav->alg_comp));
DPRINTF("unsupported compression algorithm %d\n",
sav->alg_comp);
return EINVAL;
}
sav->alg_comp = sav->alg_enc; /* set for doing histogram */
@ -150,21 +150,21 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
/* Get crypto descriptors */
crp = crypto_getreq(1);
if (crp == NULL) {
DPRINTF(("%s: no crypto descriptors\n", __func__));
DPRINTF("no crypto descriptors\n");
error = ENOBUFS;
goto error_m;
}
/* Get IPsec-specific opaque pointer */
tc = pool_cache_get(ipcomp_tdb_crypto_pool_cache, PR_NOWAIT);
if (tc == NULL) {
DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__));
DPRINTF("cannot allocate tdb_crypto\n");
error = ENOBUFS;
goto error_crp;
}
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
if (error) {
DPRINTF(("%s: m_makewritable failed\n", __func__));
DPRINTF("m_makewritable failed\n");
goto error_tc;
}
@ -279,7 +279,7 @@ ipcomp_input_cb(struct cryptop *crp)
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
}
@ -308,7 +308,7 @@ ipcomp_input_cb(struct cryptop *crp)
*/
if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("%s: m_pullup failed\n", __func__));
DPRINTF("m_pullup failed\n");
error = EINVAL;
goto bad;
}
@ -320,9 +320,9 @@ ipcomp_input_cb(struct cryptop *crp)
case IPPROTO_AH:
case IPPROTO_ESP:
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("%s: nested ipcomp, IPCA %s/%08lx\n", __func__,
DPRINTF("nested ipcomp, IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
error = EINVAL;
goto bad;
default:
@ -333,9 +333,9 @@ ipcomp_input_cb(struct cryptop *crp)
error = m_striphdr(m, skip, hlen);
if (error) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
DPRINTF("bad mbuf chain, IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
goto bad;
}
@ -406,21 +406,21 @@ ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr,
#endif
default:
IPCOMP_STATINC(IPCOMP_STAT_NOPF);
DPRINTF(("%s: unknown/unsupported protocol family %d"
", IPCA %s/%08lx\n", __func__,
DPRINTF("unknown/unsupported protocol family %d"
", IPCA %s/%08lx\n",
sav->sah->saidx.dst.sa.sa_family,
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
error = EPFNOSUPPORT;
goto bad;
}
if (skip + hlen + ralen > maxpacketsize) {
IPCOMP_STATINC(IPCOMP_STAT_TOOBIG);
DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
"(len %u, max len %u)\n", __func__,
DPRINTF("packet in IPCA %s/%08lx got too big "
"(len %u, max len %u)\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi),
skip + hlen + ralen, maxpacketsize));
skip + hlen + ralen, maxpacketsize);
error = EMSGSIZE;
goto bad;
}
@ -431,10 +431,9 @@ ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr,
m = m_clone(m);
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
__func__,
DPRINTF("cannot clone mbuf chain, IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
(u_long) ntohl(sav->spi));
error = ENOBUFS;
goto bad;
}
@ -445,8 +444,7 @@ ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr,
crp = crypto_getreq(1);
if (crp == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
DPRINTF(("%s: failed to acquire crypto descriptor\n",
__func__));
DPRINTF("failed to acquire crypto descriptor\n");
error = ENOBUFS;
goto bad;
}
@ -465,7 +463,7 @@ ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr,
tc = pool_cache_get(ipcomp_tdb_crypto_pool_cache, PR_NOWAIT);
if (tc == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
DPRINTF("failed to allocate tdb_crypto\n");
crypto_freereq(crp);
error = ENOBUFS;
goto bad;
@ -554,7 +552,7 @@ ipcomp_output_cb(struct cryptop *crp)
return crypto_dispatch(crp);
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
}
@ -566,10 +564,10 @@ ipcomp_output_cb(struct cryptop *crp)
mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff);
if (mo == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_WRAP);
DPRINTF(("%s: failed to inject IPCOMP header for "
"IPCA %s/%08lx\n", __func__,
DPRINTF("failed to inject IPCOMP header for "
"IPCA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi)));
sizeof(buf)), (u_long) ntohl(sav->spi));
error = ENOBUFS;
goto bad;
}
@ -616,20 +614,19 @@ ipcomp_output_cb(struct cryptop *crp)
#endif
default:
IPCOMP_STATINC(IPCOMP_STAT_NOPF);
DPRINTF(("ipcomp_output: unknown/unsupported protocol "
DPRINTF("unknown/unsupported protocol "
"family %d, IPCA %s/%08lx\n",
sav->sah->saidx.dst.sa.sa_family,
ipsec_address(&sav->sah->saidx.dst, buf,
sizeof(buf)), (u_long) ntohl(sav->spi)));
sizeof(buf)), (u_long) ntohl(sav->spi));
error = EPFNOSUPPORT;
goto bad;
}
} else {
/* compression was useless, we have lost time */
IPCOMP_STATINC(IPCOMP_STAT_USELESS);
DPRINTF(("ipcomp_output_cb: compression was useless: initial"
"size was %d and compressed size is %d\n", rlen,
crp->crp_olen));
DPRINTF("compression was useless: initial size was %d "
"and compressed size is %d\n", rlen, crp->crp_olen);
}
/* Release the crypto descriptor */

38
sys/netipsec/xform_ipip.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_ipip.c,v 1.75 2019/01/27 02:08:48 pgoyette Exp $ */
/* $NetBSD: xform_ipip.c,v 1.76 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.75 2019/01/27 02:08:48 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.76 2019/06/12 22:23:50 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -147,8 +147,8 @@ _ipip_input(struct mbuf *m, int iphlen)
break;
#endif
default:
DPRINTF(("%s: bad protocol version 0x%x (%u) "
"for outer header\n", __func__, v, v>>4));
DPRINTF("bad protocol version 0x%x (%u) "
"for outer header\n", v, v>>4);
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
return;
@ -157,7 +157,7 @@ _ipip_input(struct mbuf *m, int iphlen)
/* Bring the IP header in the first mbuf, if not there already */
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("%s: m_pullup (1) failed\n", __func__));
DPRINTF("m_pullup (1) failed\n");
IPIP_STATINC(IPIP_STAT_HDROPS);
return;
}
@ -205,8 +205,8 @@ _ipip_input(struct mbuf *m, int iphlen)
break;
#endif
default:
DPRINTF(("%s: bad protocol version %#x (%u) "
"for inner header\n", __func__, v, v >> 4));
DPRINTF("bad protocol version %#x (%u) "
"for inner header\n", v, v >> 4);
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
return;
@ -217,7 +217,7 @@ _ipip_input(struct mbuf *m, int iphlen)
*/
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
DPRINTF(("%s: m_pullup (2) failed\n", __func__));
DPRINTF("m_pullup (2) failed\n");
IPIP_STATINC(IPIP_STAT_HDROPS);
return;
}
@ -345,10 +345,10 @@ ipip_output(struct mbuf *m, struct secasvar *sav, struct mbuf **mp)
if (saidx->src.sa.sa_family != AF_INET ||
saidx->src.sin.sin_addr.s_addr == INADDR_ANY ||
saidx->dst.sin.sin_addr.s_addr == INADDR_ANY) {
DPRINTF(("%s: unspecified tunnel endpoint "
"address in SA %s/%08lx\n", __func__,
DPRINTF("unspecified tunnel endpoint "
"address in SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long)ntohl(sav->spi)));
(u_long)ntohl(sav->spi));
IPIP_STATINC(IPIP_STAT_UNSPEC);
error = EINVAL;
goto bad;
@ -356,7 +356,7 @@ ipip_output(struct mbuf *m, struct secasvar *sav, struct mbuf **mp)
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == NULL) {
DPRINTF(("%s: M_PREPEND failed\n", __func__));
DPRINTF("M_PREPEND failed\n");
IPIP_STATINC(IPIP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -420,10 +420,10 @@ ipip_output(struct mbuf *m, struct secasvar *sav, struct mbuf **mp)
if (IN6_IS_ADDR_UNSPECIFIED(&saidx->dst.sin6.sin6_addr) ||
saidx->src.sa.sa_family != AF_INET6 ||
IN6_IS_ADDR_UNSPECIFIED(&saidx->src.sin6.sin6_addr)) {
DPRINTF(("%s: unspecified tunnel endpoint "
"address in SA %s/%08lx\n", __func__,
DPRINTF("unspecified tunnel endpoint "
"address in SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long)ntohl(sav->spi)));
(u_long)ntohl(sav->spi));
IPIP_STATINC(IPIP_STAT_UNSPEC);
error = ENOBUFS;
goto bad;
@ -440,7 +440,7 @@ ipip_output(struct mbuf *m, struct secasvar *sav, struct mbuf **mp)
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
if (m == NULL) {
DPRINTF(("%s: M_PREPEND failed\n", __func__));
DPRINTF("M_PREPEND failed\n");
IPIP_STATINC(IPIP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@ -495,8 +495,8 @@ ipip_output(struct mbuf *m, struct secasvar *sav, struct mbuf **mp)
default:
nofamily:
DPRINTF(("%s: unsupported protocol family %u\n", __func__,
saidx->dst.sa.sa_family));
DPRINTF("unsupported protocol family %u\n",
saidx->dst.sa.sa_family);
IPIP_STATINC(IPIP_STAT_FAMILY);
error = EAFNOSUPPORT;
goto bad;
@ -567,7 +567,7 @@ static int
ipe4_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
{
/* This is a rather serious mistake, so no conditional printing. */
printf("%s: should never be called\n", __func__);
printf("should never be called\n");
if (m)
m_freem(m);
return EOPNOTSUPP;

15
sys/netipsec/xform_tcp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_tcp.c,v 1.22 2019/01/27 02:08:48 pgoyette Exp $ */
/* $NetBSD: xform_tcp.c,v 1.23 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: xform_tcp.c,v 1.1.2.1 2004/02/14 22:24:09 bms Exp $ */
/*
@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.22 2019/01/27 02:08:48 pgoyette Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_tcp.c,v 1.23 2019/06/12 22:23:50 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@ -87,22 +87,21 @@ tcpsignature_init(struct secasvar *sav, const struct xformsw *xsp)
int keylen;
if (sav->spi != htonl(TCP_SIG_SPI)) {
DPRINTF(("%s: SPI %x must be TCP_SIG_SPI (0x1000)\n",
__func__, sav->alg_auth));
DPRINTF("SPI %x must be TCP_SIG_SPI (0x1000)\n", sav->alg_auth);
return EINVAL;
}
if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
DPRINTF(("%s: unsupported authentication algorithm %u\n",
__func__, sav->alg_auth));
DPRINTF("unsupported authentication algorithm %u\n",
sav->alg_auth);
return EINVAL;
}
if (sav->key_auth == NULL) {
DPRINTF(("%s: no authentication key present\n", __func__));
DPRINTF("no authentication key present\n");
return EINVAL;
}
keylen = _KEYLEN(sav->key_auth);
if ((keylen < TCP_KEYLEN_MIN) || (keylen > TCP_KEYLEN_MAX)) {
DPRINTF(("%s: invalid key length %u\n", __func__, keylen));
DPRINTF("invalid key length %u\n", keylen);
return EINVAL;
}