Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tweak KEYDEBUG macros 

Let's avoid passing statements to a macro.
This commit is contained in:
ozaki-r 2017-04-19 03:42:11 +00:00
parent 50d790a0e8
commit 6208c22585
4 changed files with 154 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
sys/netipsec/ipsec.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec.c,v 1.76 2017/04/19 03:40:58 ozaki-r Exp $ */
/* $NetBSD: ipsec.c,v 1.77 2017/04/19 03:42:11 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.76 2017/04/19 03:40:58 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.77 2017/04/19 03:42:11 ozaki-r Exp $");
/*
* IPsec controller part.
@ -264,10 +264,10 @@ ipsec_checkpcbcache(struct mbuf *m, struct inpcbpolicy *pcbsp, int dir)
pcbsp->sp_cache[dir].cachesp->lastused = time_second;
pcbsp->sp_cache[dir].cachesp->refcnt++;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s cause refcnt++:%d SP:%p\n", __func__,
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP cause refcnt++:%d SP:%p\n",
pcbsp->sp_cache[dir].cachesp->refcnt,
pcbsp->sp_cache[dir].cachesp));
pcbsp->sp_cache[dir].cachesp);
return pcbsp->sp_cache[dir].cachesp;
}
@ -298,10 +298,10 @@ ipsec_fillpcbcache(struct inpcbpolicy *pcbsp, struct mbuf *m,
pcbsp->sp_cache[dir].cachesp = sp;
if (pcbsp->sp_cache[dir].cachesp) {
pcbsp->sp_cache[dir].cachesp->refcnt++;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s cause refcnt++:%d SP:%p\n", __func__,
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP cause refcnt++:%d SP:%p\n",
pcbsp->sp_cache[dir].cachesp->refcnt,
pcbsp->sp_cache[dir].cachesp));
pcbsp->sp_cache[dir].cachesp);
/*
* If the PCB is connected, we can remember a hint to
@ -378,8 +378,7 @@ key_allocsp_default(int af, const char *where, int tag)
{
struct secpolicy *sp;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u\n", __func__, where, tag));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
switch(af) {
case AF_INET:
@ -391,9 +390,8 @@ key_allocsp_default(int af, const char *where, int tag)
break;
#endif
default:
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("%s: unexpected protocol family %u\n", __func__,
af));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"unexpected protocol family %u\n", af);
return NULL;
}
@ -405,8 +403,8 @@ key_allocsp_default(int af, const char *where, int tag)
}
sp->refcnt++;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s returns SP:%p (%u)\n",
__func__, sp, sp->refcnt));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP returns SP:%p (%u)\n",
sp, sp->refcnt);
return sp;
}
#define KEY_ALLOCSP_DEFAULT(af) \
@ -571,9 +569,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inp,
}
KASSERTMSG(sp != NULL, "null SP (priv %u policy %u", pcbsp->priv,
currsp->policy);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s (priv %u policy %u) allocates SP:%p (refcnt %u)\n",
__func__, pcbsp->priv, currsp->policy, sp, sp->refcnt));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP (priv %u policy %u) allocates SP:%p (refcnt %u)\n",
pcbsp->priv, currsp->policy, sp, sp->refcnt);
ipsec_fillpcbcache(pcbsp, m, sp, dir);
return sp;
}
@ -1001,16 +999,16 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
for (n = m; n; n = n->m_next)
len += n->m_len;
if (m->m_pkthdr.len != len) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: total of m_len(%d) "
"!= pkthdr.len(%d), ignored.\n", __func__, len,
m->m_pkthdr.len));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"total of m_len(%d) != pkthdr.len(%d), ignored.\n",
len, m->m_pkthdr.len);
return EINVAL;
}
if (m->m_pkthdr.len < sizeof(struct ip)) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: pkthdr.len(%d) < "
"sizeof(struct ip), ignored.\n", __func__,
m->m_pkthdr.len));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"pkthdr.len(%d) < sizeof(struct ip), ignored.\n",
m->m_pkthdr.len);
return EINVAL;
}
@ -1031,9 +1029,9 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
#ifdef INET6
case 6:
if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: "
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"pkthdr.len(%d) < sizeof(struct ip6_hdr), "
"ignored.\n", __func__, m->m_pkthdr.len));
"ignored.\n", m->m_pkthdr.len);
return EINVAL;
}
error = ipsec6_setspidx_ipaddr(m, spidx);
@ -1043,8 +1041,8 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
return 0;
#endif
default:
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: unknown IP version "
"%u, ignored.\n", __func__, v));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"unknown IP version %u, ignored.\n", v);
return EINVAL;
}
}
@ -1180,8 +1178,10 @@ ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *spidx,
if (m == NULL)
panic("%s: NULL pointer was passed", __func__);
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__);
kdebug_mbuf(m));
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
printf("%s:\n", __func__);
kdebug_mbuf(m);
}
/* set default */
spidx->ul_proto = IPSEC_ULPROTO_ANY;
@ -1421,8 +1421,10 @@ ipsec_set_policy(
return EINVAL;
xpl = (const struct sadb_x_policy *)request;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: passed policy\n", __func__);
kdebug_sadb_x_policy((const struct sadb_ext *)xpl));
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
printf("%s: passed policy\n", __func__);
kdebug_sadb_x_policy((const struct sadb_ext *)xpl);
}
/* check policy type */
/* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */
@ -1447,8 +1449,10 @@ ipsec_set_policy(
/* clear old SP and set new SP */
KEY_FREESP(policy);
*policy = newsp;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: new policy\n", __func__);
kdebug_secpolicy(newsp));
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
printf("%s: new policy\n", __func__);
kdebug_secpolicy(newsp);
}
return 0;
}
@ -1468,8 +1472,10 @@ ipsec_get_policy(struct secpolicy *policy, struct mbuf **mp)
}
(*mp)->m_type = MT_DATA;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__);
kdebug_mbuf(*mp));
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
printf("%s:\n", __func__);
kdebug_mbuf(*mp);
}
return 0;
}
@ -1763,8 +1769,10 @@ ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
struct ipsecrequest *isr;
int need_auth;
KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__);
kdebug_secpolicy(sp));
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
printf("%s: using SP\n", __func__);
kdebug_secpolicy(sp);
}
/* check policy */
switch (sp->policy) {
@ -1787,9 +1795,8 @@ ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
switch (isr->saidx.proto) {
case IPPROTO_ESP:
if ((m->m_flags & M_DECRYPTED) == 0) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: ESP m_flags:%x\n", __func__,
m->m_flags));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"ESP m_flags:%x\n", m->m_flags);
return 1;
}
@ -1797,18 +1804,16 @@ ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
isr->sav != NULL &&
isr->sav->tdb_authalgxform != NULL &&
(m->m_flags & M_AUTHIPDGM) == 0) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: ESP/AH m_flags:%x\n", __func__,
m->m_flags));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"ESP/AH m_flags:%x\n", m->m_flags);
return 1;
}
break;
case IPPROTO_AH:
need_auth = 1;
if ((m->m_flags & M_AUTHIPHDR) == 0) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: AH m_flags:%x\n", __func__,
m->m_flags));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"AH m_flags:%x\n", m->m_flags);
return 1;
}
break;
@ -1913,8 +1918,10 @@ ipsec_hdrsiz(const struct secpolicy *sp)
const struct ipsecrequest *isr;
size_t siz;
KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__);
kdebug_secpolicy(sp));
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
printf("%s: using SP\n", __func__);
kdebug_secpolicy(sp);
}
switch (sp->policy) {
case IPSEC_POLICY_DISCARD:
@ -1989,8 +1996,8 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
if (sp != NULL) {
size = ipsec_hdrsiz(sp);
KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: size:%lu.\n",
__func__, (unsigned long)size));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%lu.\n",
(unsigned long)size);
KEY_FREESP(&sp);
} else {
@ -2026,8 +2033,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct in6pcb *in6p)
if (sp == NULL)
return 0;
size = ipsec_hdrsiz(sp);
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("%s: size:%zu.\n", __func__, size));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
KEY_FREESP(&sp);
return size;

164
sys/netipsec/key.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: key.c,v 1.110 2017/04/19 03:40:58 ozaki-r Exp $ */
/* $NetBSD: key.c,v 1.111 2017/04/19 03:42:11 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.110 2017/04/19 03:40:58 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.111 2017/04/19 03:42:11 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@ -597,19 +597,20 @@ key_allocsp(const struct secpolicyindex *spidx, u_int dir, const char* where, in
KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
"invalid direction %u", dir);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u\n", __func__, where, tag));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
/* get a SP entry */
s = splsoftnet(); /*called from softclock()*/
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
printf("*** objects\n");
kdebug_secpolicyindex(spidx));
kdebug_secpolicyindex(spidx);
}
LIST_FOREACH(sp, &sptree[dir], chain) {
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
printf("*** in SPD\n");
kdebug_secpolicyindex(&sp->spidx));
kdebug_secpolicyindex(&sp->spidx);
}
if (sp->state == IPSEC_SPSTATE_DEAD)
continue;
@ -628,9 +629,9 @@ found:
}
splx(s);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP return SP:%p (ID=%u) refcnt %u\n",
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
return sp;
}
@ -654,20 +655,21 @@ key_allocsp2(u_int32_t spi,
KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
"invalid direction %u", dir);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u\n", __func__, where, tag));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
/* get a SP entry */
s = splsoftnet(); /*called from softclock()*/
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
printf("*** objects\n");
printf("spi %u proto %u dir %u\n", spi, proto, dir);
kdebug_sockaddr(&dst->sa));
kdebug_sockaddr(&dst->sa);
}
LIST_FOREACH(sp, &sptree[dir], chain) {
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
printf("*** in SPD\n");
kdebug_secpolicyindex(&sp->spidx));
kdebug_secpolicyindex(&sp->spidx);
}
if (sp->state == IPSEC_SPSTATE_DEAD)
continue;
@ -692,9 +694,9 @@ found:
}
splx(s);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP return SP:%p (ID=%u) refcnt %u\n",
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
return sp;
}
@ -715,8 +717,7 @@ key_gettunnel(const struct sockaddr *osrc,
struct ipsecrequest *r1, *r2, *p;
struct secpolicyindex spidx;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u\n", __func__, where, tag));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
if (isrc->sa_family != idst->sa_family) {
ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
@ -769,9 +770,9 @@ found:
}
splx(s);
done:
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP return SP:%p (ID=%u) refcnt %u\n",
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
return sp;
}
@ -1049,9 +1050,9 @@ key_do_allocsa_policy(struct secashead *sah, u_int state)
if (candidate) {
SA_ADDREF(candidate);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s cause refcnt++:%d SA:%p\n", __func__,
candidate->refcnt, candidate));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP cause refcnt++:%d SA:%p\n",
candidate->refcnt, candidate);
}
return candidate;
}
@ -1119,9 +1120,9 @@ key_allocsa(
must_check_alg = 1;
}
}
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u check_spi=%d, check_alg=%d\n",
__func__, where, tag, must_check_spi, must_check_alg));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP from %s:%u check_spi=%d, check_alg=%d\n",
where, tag, must_check_spi, must_check_alg);
/*
@ -1143,36 +1144,35 @@ key_allocsa(
for (stateidx = 0; stateidx < arraysize; stateidx++) {
state = saorder_state_valid[stateidx];
LIST_FOREACH(sav, &sah->savtree[state], chain) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("try match spi %#x, %#x\n",
ntohl(spi), ntohl(sav->spi)));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"try match spi %#x, %#x\n",
ntohl(spi), ntohl(sav->spi));
/* sanity check */
KEY_CHKSASTATE(sav->state, state, "key_allocsav");
/* do not return entries w/ unusable state */
if (sav->state != SADB_SASTATE_MATURE &&
sav->state != SADB_SASTATE_DYING) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("bad state %d\n",
sav->state));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"bad state %d\n", sav->state);
continue;
}
if (proto != sav->sah->saidx.proto) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("proto fail %d != %d\n",
proto, sav->sah->saidx.proto));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"proto fail %d != %d\n",
proto, sav->sah->saidx.proto);
continue;
}
if (must_check_spi && spi != sav->spi) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("spi fail %#x != %#x\n",
ntohl(spi), ntohl(sav->spi)));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"spi fail %#x != %#x\n",
ntohl(spi), ntohl(sav->spi));
continue;
}
/* XXX only on the ipcomp case */
if (must_check_alg && algo != sav->alg_comp) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("algo fail %d != %d\n",
algo, sav->alg_comp));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"algo fail %d != %d\n",
algo, sav->alg_comp);
continue;
}
@ -1197,9 +1197,8 @@ key_allocsa(
done:
splx(s);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s return SA:%p; refcnt %u\n", __func__,
sav, sav ? sav->refcnt : 0));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP return SA:%p; refcnt %u\n", sav, sav ? sav->refcnt : 0);
return sav;
}
@ -1216,9 +1215,9 @@ _key_freesp(struct secpolicy **spp, const char* where, int tag)
SP_DELREF(sp);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
__func__, sp, sp->id, where, tag, sp->refcnt));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
sp, sp->id, where, tag, sp->refcnt);
if (sp->refcnt == 0) {
*spp = NULL;
@ -1313,10 +1312,9 @@ key_freesav(struct secasvar **psav, const char* where, int tag)
SA_DELREF(sav);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
__func__, sav, (u_long)ntohl(sav->spi), where, tag,
sav->refcnt));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
sav, (u_long)ntohl(sav->spi), where, tag, sav->refcnt);
if (sav->refcnt == 0) {
*psav = NULL;
@ -1429,9 +1427,8 @@ key_newsp(const char* where, int tag)
newsp->req = NULL;
}
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u return SP:%p\n", __func__,
where, tag, newsp));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP from %s:%u return SP:%p\n", where, tag, newsp);
return newsp;
}
@ -3011,9 +3008,8 @@ key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp,
LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
secasvar, chain);
done:
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s from %s:%u return SP:%p\n", __func__,
where, tag, newsav));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP from %s:%u return SP:%p\n", where, tag, newsav);
return newsav;
}
@ -4426,8 +4422,8 @@ key_portcomp(in_port_t port1, in_port_t port2, int howport)
/*FALLTHROUGH*/
case PORT_STRICT:
if (port1 != port2) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("port fail %d != %d\n", port1, port2));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"port fail %d != %d\n", port1, port2);
return 1;
}
return 0;
@ -4448,39 +4444,36 @@ key_sockaddrcmp(
const struct sockaddr_in6 *sin61, *sin62;
if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("fam/len fail %d != %d || %d != %d\n",
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"fam/len fail %d != %d || %d != %d\n",
sa1->sa_family, sa2->sa_family, sa1->sa_len,
sa2->sa_len));
sa2->sa_len);
return 1;
}
switch (sa1->sa_family) {
case AF_INET:
if (sa1->sa_len != sizeof(struct sockaddr_in)) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("len fail %d != %zu\n",
sa1->sa_len, sizeof(struct sockaddr_in)));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"len fail %d != %zu\n",
sa1->sa_len, sizeof(struct sockaddr_in));
return 1;
}
sin1 = (const struct sockaddr_in *)sa1;
sin2 = (const struct sockaddr_in *)sa2;
if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) {
KEYDEBUG(KEYDEBUG_MATCH,
printf("addr fail %#x != %#x\n",
sin1->sin_addr.s_addr,
sin2->sin_addr.s_addr));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"addr fail %#x != %#x\n",
sin1->sin_addr.s_addr, sin2->sin_addr.s_addr);
return 1;
}
if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) {
return 1;
}
KEYDEBUG(KEYDEBUG_MATCH,
printf("addr success %#x[%d] == %#x[%d]\n",
sin1->sin_addr.s_addr,
sin1->sin_port,
sin2->sin_addr.s_addr,
sin2->sin_port));
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
"addr success %#x[%d] == %#x[%d]\n",
sin1->sin_addr.s_addr, sin1->sin_port,
sin2->sin_addr.s_addr, sin2->sin_port);
break;
case AF_INET6:
sin61 = (const struct sockaddr_in6 *)sa1;
@ -5447,9 +5440,9 @@ key_getsavbyseq(struct secashead *sah, u_int32_t seq)
if (sav->seq == seq) {
SA_ADDREF(sav);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s cause refcnt++:%d SA:%p\n",
__func__, sav->refcnt, sav));
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
"DP cause refcnt++:%d SA:%p\n",
sav->refcnt, sav);
return sav;
}
}
@ -7330,9 +7323,10 @@ key_parse(struct mbuf *m, struct socket *so)
panic("key_parse: NULL pointer is passed");
#if 0 /*kdebug_sadb assumes msg in linear buffer*/
KEYDEBUG(KEYDEBUG_KEY_DUMP,
if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
kdebug_sadb(msg));
kdebug_sadb(msg);
}
#endif
if (m->m_len < sizeof(struct sadb_msg)) {

12
sys/netipsec/key_debug.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: key_debug.h,v 1.7 2016/03/05 20:11:09 christos Exp $ */
/* $NetBSD: key_debug.h,v 1.8 2017/04/19 03:42:11 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key_debug.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key_debug.h,v 1.10 2001/08/05 08:37:52 itojun Exp $ */
@ -55,8 +55,14 @@
#define KEYDEBUG_IPSEC_DATA (KEYDEBUG_IPSEC | KEYDEBUG_DATA)
#define KEYDEBUG_IPSEC_DUMP (KEYDEBUG_IPSEC | KEYDEBUG_DUMP)
#define KEYDEBUG(lev,arg) \
do { if ((key_debug_level & (lev)) == (lev)) { arg; } } while (/*CONSTCOND*/ 0)
#define KEYDEBUG_ON(lev) ((key_debug_level & (lev)) == (lev))
#define KEYDEBUG_PRINTF(lev, fmt, ...) \
do { \
if (KEYDEBUG_ON((lev))) \
log(LOG_DEBUG, "%s: " fmt, __func__, \
__VA_ARGS__); \
} while (0)
extern u_int32_t key_debug_level;
#endif /*_KERNEL*/

12
sys/netipsec/keysock.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $ */
/* $NetBSD: keysock.c,v 1.52 2017/04/19 03:42:11 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $");
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.52 2017/04/19 03:42:11 ozaki-r Exp $");
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
@ -119,7 +119,8 @@ key_output(struct mbuf *m, struct socket *so)
if ((m->m_flags & M_PKTHDR) == 0)
panic("key_output: not M_PKTHDR ??");
KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP))
kdebug_mbuf(m);
msg = mtod(m, struct sadb_msg *);
PFKEY_STATINC(PFKEY_STAT_OUT_MSGTYPE + msg->sadb_msg_type);
@ -205,9 +206,10 @@ key_sendup(struct socket *so, struct sadb_msg *msg, u_int len,
if (so == 0 || msg == 0)
panic("key_sendup: NULL pointer was passed");
KEYDEBUG(KEYDEBUG_KEY_DUMP,
if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
printf("key_sendup: \n");
kdebug_sadb(msg));
kdebug_sadb(msg);
}
/*
* we increment statistics here, just in case we have ENOBUFS