Tweak KEYDEBUG macros
Let's avoid passing statements to a macro.
This commit is contained in:
parent
50d790a0e8
commit
6208c22585
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec.c,v 1.76 2017/04/19 03:40:58 ozaki-r Exp $ */
|
||||
/* $NetBSD: ipsec.c,v 1.77 2017/04/19 03:42:11 ozaki-r Exp $ */
|
||||
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
|
||||
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.76 2017/04/19 03:40:58 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.77 2017/04/19 03:42:11 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* IPsec controller part.
|
||||
@ -264,10 +264,10 @@ ipsec_checkpcbcache(struct mbuf *m, struct inpcbpolicy *pcbsp, int dir)
|
||||
|
||||
pcbsp->sp_cache[dir].cachesp->lastused = time_second;
|
||||
pcbsp->sp_cache[dir].cachesp->refcnt++;
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s cause refcnt++:%d SP:%p\n", __func__,
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP cause refcnt++:%d SP:%p\n",
|
||||
pcbsp->sp_cache[dir].cachesp->refcnt,
|
||||
pcbsp->sp_cache[dir].cachesp));
|
||||
pcbsp->sp_cache[dir].cachesp);
|
||||
return pcbsp->sp_cache[dir].cachesp;
|
||||
}
|
||||
|
||||
@ -298,10 +298,10 @@ ipsec_fillpcbcache(struct inpcbpolicy *pcbsp, struct mbuf *m,
|
||||
pcbsp->sp_cache[dir].cachesp = sp;
|
||||
if (pcbsp->sp_cache[dir].cachesp) {
|
||||
pcbsp->sp_cache[dir].cachesp->refcnt++;
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s cause refcnt++:%d SP:%p\n", __func__,
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP cause refcnt++:%d SP:%p\n",
|
||||
pcbsp->sp_cache[dir].cachesp->refcnt,
|
||||
pcbsp->sp_cache[dir].cachesp));
|
||||
pcbsp->sp_cache[dir].cachesp);
|
||||
|
||||
/*
|
||||
* If the PCB is connected, we can remember a hint to
|
||||
@ -378,8 +378,7 @@ key_allocsp_default(int af, const char *where, int tag)
|
||||
{
|
||||
struct secpolicy *sp;
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u\n", __func__, where, tag));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
|
||||
|
||||
switch(af) {
|
||||
case AF_INET:
|
||||
@ -391,9 +390,8 @@ key_allocsp_default(int af, const char *where, int tag)
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("%s: unexpected protocol family %u\n", __func__,
|
||||
af));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"unexpected protocol family %u\n", af);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -405,8 +403,8 @@ key_allocsp_default(int af, const char *where, int tag)
|
||||
}
|
||||
sp->refcnt++;
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s returns SP:%p (%u)\n",
|
||||
__func__, sp, sp->refcnt));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP returns SP:%p (%u)\n",
|
||||
sp, sp->refcnt);
|
||||
return sp;
|
||||
}
|
||||
#define KEY_ALLOCSP_DEFAULT(af) \
|
||||
@ -571,9 +569,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb_hdr *inp,
|
||||
}
|
||||
KASSERTMSG(sp != NULL, "null SP (priv %u policy %u", pcbsp->priv,
|
||||
currsp->policy);
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s (priv %u policy %u) allocates SP:%p (refcnt %u)\n",
|
||||
__func__, pcbsp->priv, currsp->policy, sp, sp->refcnt));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP (priv %u policy %u) allocates SP:%p (refcnt %u)\n",
|
||||
pcbsp->priv, currsp->policy, sp, sp->refcnt);
|
||||
ipsec_fillpcbcache(pcbsp, m, sp, dir);
|
||||
return sp;
|
||||
}
|
||||
@ -1001,16 +999,16 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
for (n = m; n; n = n->m_next)
|
||||
len += n->m_len;
|
||||
if (m->m_pkthdr.len != len) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: total of m_len(%d) "
|
||||
"!= pkthdr.len(%d), ignored.\n", __func__, len,
|
||||
m->m_pkthdr.len));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"total of m_len(%d) != pkthdr.len(%d), ignored.\n",
|
||||
len, m->m_pkthdr.len);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
if (m->m_pkthdr.len < sizeof(struct ip)) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: pkthdr.len(%d) < "
|
||||
"sizeof(struct ip), ignored.\n", __func__,
|
||||
m->m_pkthdr.len));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"pkthdr.len(%d) < sizeof(struct ip), ignored.\n",
|
||||
m->m_pkthdr.len);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
@ -1031,9 +1029,9 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
#ifdef INET6
|
||||
case 6:
|
||||
if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: "
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"pkthdr.len(%d) < sizeof(struct ip6_hdr), "
|
||||
"ignored.\n", __func__, m->m_pkthdr.len));
|
||||
"ignored.\n", m->m_pkthdr.len);
|
||||
return EINVAL;
|
||||
}
|
||||
error = ipsec6_setspidx_ipaddr(m, spidx);
|
||||
@ -1043,8 +1041,8 @@ ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
|
||||
return 0;
|
||||
#endif
|
||||
default:
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: unknown IP version "
|
||||
"%u, ignored.\n", __func__, v));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"unknown IP version %u, ignored.\n", v);
|
||||
return EINVAL;
|
||||
}
|
||||
}
|
||||
@ -1180,8 +1178,10 @@ ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *spidx,
|
||||
if (m == NULL)
|
||||
panic("%s: NULL pointer was passed", __func__);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__);
|
||||
kdebug_mbuf(m));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
|
||||
printf("%s:\n", __func__);
|
||||
kdebug_mbuf(m);
|
||||
}
|
||||
|
||||
/* set default */
|
||||
spidx->ul_proto = IPSEC_ULPROTO_ANY;
|
||||
@ -1421,8 +1421,10 @@ ipsec_set_policy(
|
||||
return EINVAL;
|
||||
xpl = (const struct sadb_x_policy *)request;
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: passed policy\n", __func__);
|
||||
kdebug_sadb_x_policy((const struct sadb_ext *)xpl));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
|
||||
printf("%s: passed policy\n", __func__);
|
||||
kdebug_sadb_x_policy((const struct sadb_ext *)xpl);
|
||||
}
|
||||
|
||||
/* check policy type */
|
||||
/* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */
|
||||
@ -1447,8 +1449,10 @@ ipsec_set_policy(
|
||||
/* clear old SP and set new SP */
|
||||
KEY_FREESP(policy);
|
||||
*policy = newsp;
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: new policy\n", __func__);
|
||||
kdebug_secpolicy(newsp));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
|
||||
printf("%s: new policy\n", __func__);
|
||||
kdebug_secpolicy(newsp);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1468,8 +1472,10 @@ ipsec_get_policy(struct secpolicy *policy, struct mbuf **mp)
|
||||
}
|
||||
|
||||
(*mp)->m_type = MT_DATA;
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__);
|
||||
kdebug_mbuf(*mp));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
|
||||
printf("%s:\n", __func__);
|
||||
kdebug_mbuf(*mp);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1763,8 +1769,10 @@ ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
|
||||
struct ipsecrequest *isr;
|
||||
int need_auth;
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__);
|
||||
kdebug_secpolicy(sp));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
|
||||
printf("%s: using SP\n", __func__);
|
||||
kdebug_secpolicy(sp);
|
||||
}
|
||||
|
||||
/* check policy */
|
||||
switch (sp->policy) {
|
||||
@ -1787,9 +1795,8 @@ ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
|
||||
switch (isr->saidx.proto) {
|
||||
case IPPROTO_ESP:
|
||||
if ((m->m_flags & M_DECRYPTED) == 0) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
|
||||
printf("%s: ESP m_flags:%x\n", __func__,
|
||||
m->m_flags));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"ESP m_flags:%x\n", m->m_flags);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1797,18 +1804,16 @@ ipsec_in_reject(const struct secpolicy *sp, const struct mbuf *m)
|
||||
isr->sav != NULL &&
|
||||
isr->sav->tdb_authalgxform != NULL &&
|
||||
(m->m_flags & M_AUTHIPDGM) == 0) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
|
||||
printf("%s: ESP/AH m_flags:%x\n", __func__,
|
||||
m->m_flags));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"ESP/AH m_flags:%x\n", m->m_flags);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
case IPPROTO_AH:
|
||||
need_auth = 1;
|
||||
if ((m->m_flags & M_AUTHIPHDR) == 0) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
|
||||
printf("%s: AH m_flags:%x\n", __func__,
|
||||
m->m_flags));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
|
||||
"AH m_flags:%x\n", m->m_flags);
|
||||
return 1;
|
||||
}
|
||||
break;
|
||||
@ -1913,8 +1918,10 @@ ipsec_hdrsiz(const struct secpolicy *sp)
|
||||
const struct ipsecrequest *isr;
|
||||
size_t siz;
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__);
|
||||
kdebug_secpolicy(sp));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
|
||||
printf("%s: using SP\n", __func__);
|
||||
kdebug_secpolicy(sp);
|
||||
}
|
||||
|
||||
switch (sp->policy) {
|
||||
case IPSEC_POLICY_DISCARD:
|
||||
@ -1989,8 +1996,8 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
|
||||
|
||||
if (sp != NULL) {
|
||||
size = ipsec_hdrsiz(sp);
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: size:%lu.\n",
|
||||
__func__, (unsigned long)size));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%lu.\n",
|
||||
(unsigned long)size);
|
||||
|
||||
KEY_FREESP(&sp);
|
||||
} else {
|
||||
@ -2026,8 +2033,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct in6pcb *in6p)
|
||||
if (sp == NULL)
|
||||
return 0;
|
||||
size = ipsec_hdrsiz(sp);
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
|
||||
printf("%s: size:%zu.\n", __func__, size));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DATA, "size:%zu.\n", size);
|
||||
KEY_FREESP(&sp);
|
||||
|
||||
return size;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: key.c,v 1.110 2017/04/19 03:40:58 ozaki-r Exp $ */
|
||||
/* $NetBSD: key.c,v 1.111 2017/04/19 03:42:11 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
|
||||
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.110 2017/04/19 03:40:58 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.111 2017/04/19 03:42:11 ozaki-r Exp $");
|
||||
|
||||
/*
|
||||
* This code is referd to RFC 2367
|
||||
@ -597,19 +597,20 @@ key_allocsp(const struct secpolicyindex *spidx, u_int dir, const char* where, in
|
||||
KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
|
||||
"invalid direction %u", dir);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u\n", __func__, where, tag));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
|
||||
|
||||
/* get a SP entry */
|
||||
s = splsoftnet(); /*called from softclock()*/
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
|
||||
printf("*** objects\n");
|
||||
kdebug_secpolicyindex(spidx));
|
||||
kdebug_secpolicyindex(spidx);
|
||||
}
|
||||
|
||||
LIST_FOREACH(sp, &sptree[dir], chain) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
|
||||
printf("*** in SPD\n");
|
||||
kdebug_secpolicyindex(&sp->spidx));
|
||||
kdebug_secpolicyindex(&sp->spidx);
|
||||
}
|
||||
|
||||
if (sp->state == IPSEC_SPSTATE_DEAD)
|
||||
continue;
|
||||
@ -628,9 +629,9 @@ found:
|
||||
}
|
||||
splx(s);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
|
||||
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP return SP:%p (ID=%u) refcnt %u\n",
|
||||
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
|
||||
return sp;
|
||||
}
|
||||
|
||||
@ -654,20 +655,21 @@ key_allocsp2(u_int32_t spi,
|
||||
KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
|
||||
"invalid direction %u", dir);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u\n", __func__, where, tag));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
|
||||
|
||||
/* get a SP entry */
|
||||
s = splsoftnet(); /*called from softclock()*/
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
|
||||
printf("*** objects\n");
|
||||
printf("spi %u proto %u dir %u\n", spi, proto, dir);
|
||||
kdebug_sockaddr(&dst->sa));
|
||||
kdebug_sockaddr(&dst->sa);
|
||||
}
|
||||
|
||||
LIST_FOREACH(sp, &sptree[dir], chain) {
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
|
||||
if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
|
||||
printf("*** in SPD\n");
|
||||
kdebug_secpolicyindex(&sp->spidx));
|
||||
kdebug_secpolicyindex(&sp->spidx);
|
||||
}
|
||||
|
||||
if (sp->state == IPSEC_SPSTATE_DEAD)
|
||||
continue;
|
||||
@ -692,9 +694,9 @@ found:
|
||||
}
|
||||
splx(s);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
|
||||
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP return SP:%p (ID=%u) refcnt %u\n",
|
||||
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
|
||||
return sp;
|
||||
}
|
||||
|
||||
@ -715,8 +717,7 @@ key_gettunnel(const struct sockaddr *osrc,
|
||||
struct ipsecrequest *r1, *r2, *p;
|
||||
struct secpolicyindex spidx;
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u\n", __func__, where, tag));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
|
||||
|
||||
if (isrc->sa_family != idst->sa_family) {
|
||||
ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
|
||||
@ -769,9 +770,9 @@ found:
|
||||
}
|
||||
splx(s);
|
||||
done:
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
|
||||
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP return SP:%p (ID=%u) refcnt %u\n",
|
||||
sp, sp ? sp->id : 0, sp ? sp->refcnt : 0);
|
||||
return sp;
|
||||
}
|
||||
|
||||
@ -1049,9 +1050,9 @@ key_do_allocsa_policy(struct secashead *sah, u_int state)
|
||||
|
||||
if (candidate) {
|
||||
SA_ADDREF(candidate);
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s cause refcnt++:%d SA:%p\n", __func__,
|
||||
candidate->refcnt, candidate));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP cause refcnt++:%d SA:%p\n",
|
||||
candidate->refcnt, candidate);
|
||||
}
|
||||
return candidate;
|
||||
}
|
||||
@ -1119,9 +1120,9 @@ key_allocsa(
|
||||
must_check_alg = 1;
|
||||
}
|
||||
}
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u check_spi=%d, check_alg=%d\n",
|
||||
__func__, where, tag, must_check_spi, must_check_alg));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP from %s:%u check_spi=%d, check_alg=%d\n",
|
||||
where, tag, must_check_spi, must_check_alg);
|
||||
|
||||
|
||||
/*
|
||||
@ -1143,36 +1144,35 @@ key_allocsa(
|
||||
for (stateidx = 0; stateidx < arraysize; stateidx++) {
|
||||
state = saorder_state_valid[stateidx];
|
||||
LIST_FOREACH(sav, &sah->savtree[state], chain) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("try match spi %#x, %#x\n",
|
||||
ntohl(spi), ntohl(sav->spi)));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"try match spi %#x, %#x\n",
|
||||
ntohl(spi), ntohl(sav->spi));
|
||||
/* sanity check */
|
||||
KEY_CHKSASTATE(sav->state, state, "key_allocsav");
|
||||
/* do not return entries w/ unusable state */
|
||||
if (sav->state != SADB_SASTATE_MATURE &&
|
||||
sav->state != SADB_SASTATE_DYING) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("bad state %d\n",
|
||||
sav->state));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"bad state %d\n", sav->state);
|
||||
continue;
|
||||
}
|
||||
if (proto != sav->sah->saidx.proto) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("proto fail %d != %d\n",
|
||||
proto, sav->sah->saidx.proto));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"proto fail %d != %d\n",
|
||||
proto, sav->sah->saidx.proto);
|
||||
continue;
|
||||
}
|
||||
if (must_check_spi && spi != sav->spi) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("spi fail %#x != %#x\n",
|
||||
ntohl(spi), ntohl(sav->spi)));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"spi fail %#x != %#x\n",
|
||||
ntohl(spi), ntohl(sav->spi));
|
||||
continue;
|
||||
}
|
||||
/* XXX only on the ipcomp case */
|
||||
if (must_check_alg && algo != sav->alg_comp) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("algo fail %d != %d\n",
|
||||
algo, sav->alg_comp));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"algo fail %d != %d\n",
|
||||
algo, sav->alg_comp);
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1197,9 +1197,8 @@ key_allocsa(
|
||||
done:
|
||||
splx(s);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s return SA:%p; refcnt %u\n", __func__,
|
||||
sav, sav ? sav->refcnt : 0));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP return SA:%p; refcnt %u\n", sav, sav ? sav->refcnt : 0);
|
||||
return sav;
|
||||
}
|
||||
|
||||
@ -1216,9 +1215,9 @@ _key_freesp(struct secpolicy **spp, const char* where, int tag)
|
||||
|
||||
SP_DELREF(sp);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
|
||||
__func__, sp, sp->id, where, tag, sp->refcnt));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
|
||||
sp, sp->id, where, tag, sp->refcnt);
|
||||
|
||||
if (sp->refcnt == 0) {
|
||||
*spp = NULL;
|
||||
@ -1313,10 +1312,9 @@ key_freesav(struct secasvar **psav, const char* where, int tag)
|
||||
|
||||
SA_DELREF(sav);
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
|
||||
__func__, sav, (u_long)ntohl(sav->spi), where, tag,
|
||||
sav->refcnt));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
|
||||
sav, (u_long)ntohl(sav->spi), where, tag, sav->refcnt);
|
||||
|
||||
if (sav->refcnt == 0) {
|
||||
*psav = NULL;
|
||||
@ -1429,9 +1427,8 @@ key_newsp(const char* where, int tag)
|
||||
newsp->req = NULL;
|
||||
}
|
||||
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u return SP:%p\n", __func__,
|
||||
where, tag, newsp));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP from %s:%u return SP:%p\n", where, tag, newsp);
|
||||
return newsp;
|
||||
}
|
||||
|
||||
@ -3011,9 +3008,8 @@ key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp,
|
||||
LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
|
||||
secasvar, chain);
|
||||
done:
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s from %s:%u return SP:%p\n", __func__,
|
||||
where, tag, newsav));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP from %s:%u return SP:%p\n", where, tag, newsav);
|
||||
|
||||
return newsav;
|
||||
}
|
||||
@ -4426,8 +4422,8 @@ key_portcomp(in_port_t port1, in_port_t port2, int howport)
|
||||
/*FALLTHROUGH*/
|
||||
case PORT_STRICT:
|
||||
if (port1 != port2) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("port fail %d != %d\n", port1, port2));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"port fail %d != %d\n", port1, port2);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@ -4448,39 +4444,36 @@ key_sockaddrcmp(
|
||||
const struct sockaddr_in6 *sin61, *sin62;
|
||||
|
||||
if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("fam/len fail %d != %d || %d != %d\n",
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"fam/len fail %d != %d || %d != %d\n",
|
||||
sa1->sa_family, sa2->sa_family, sa1->sa_len,
|
||||
sa2->sa_len));
|
||||
sa2->sa_len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
switch (sa1->sa_family) {
|
||||
case AF_INET:
|
||||
if (sa1->sa_len != sizeof(struct sockaddr_in)) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("len fail %d != %zu\n",
|
||||
sa1->sa_len, sizeof(struct sockaddr_in)));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"len fail %d != %zu\n",
|
||||
sa1->sa_len, sizeof(struct sockaddr_in));
|
||||
return 1;
|
||||
}
|
||||
sin1 = (const struct sockaddr_in *)sa1;
|
||||
sin2 = (const struct sockaddr_in *)sa2;
|
||||
if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) {
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("addr fail %#x != %#x\n",
|
||||
sin1->sin_addr.s_addr,
|
||||
sin2->sin_addr.s_addr));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"addr fail %#x != %#x\n",
|
||||
sin1->sin_addr.s_addr, sin2->sin_addr.s_addr);
|
||||
return 1;
|
||||
}
|
||||
if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) {
|
||||
return 1;
|
||||
}
|
||||
KEYDEBUG(KEYDEBUG_MATCH,
|
||||
printf("addr success %#x[%d] == %#x[%d]\n",
|
||||
sin1->sin_addr.s_addr,
|
||||
sin1->sin_port,
|
||||
sin2->sin_addr.s_addr,
|
||||
sin2->sin_port));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
|
||||
"addr success %#x[%d] == %#x[%d]\n",
|
||||
sin1->sin_addr.s_addr, sin1->sin_port,
|
||||
sin2->sin_addr.s_addr, sin2->sin_port);
|
||||
break;
|
||||
case AF_INET6:
|
||||
sin61 = (const struct sockaddr_in6 *)sa1;
|
||||
@ -5447,9 +5440,9 @@ key_getsavbyseq(struct secashead *sah, u_int32_t seq)
|
||||
|
||||
if (sav->seq == seq) {
|
||||
SA_ADDREF(sav);
|
||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||
printf("DP %s cause refcnt++:%d SA:%p\n",
|
||||
__func__, sav->refcnt, sav));
|
||||
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
|
||||
"DP cause refcnt++:%d SA:%p\n",
|
||||
sav->refcnt, sav);
|
||||
return sav;
|
||||
}
|
||||
}
|
||||
@ -7330,9 +7323,10 @@ key_parse(struct mbuf *m, struct socket *so)
|
||||
panic("key_parse: NULL pointer is passed");
|
||||
|
||||
#if 0 /*kdebug_sadb assumes msg in linear buffer*/
|
||||
KEYDEBUG(KEYDEBUG_KEY_DUMP,
|
||||
if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
|
||||
ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
|
||||
kdebug_sadb(msg));
|
||||
kdebug_sadb(msg);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (m->m_len < sizeof(struct sadb_msg)) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: key_debug.h,v 1.7 2016/03/05 20:11:09 christos Exp $ */
|
||||
/* $NetBSD: key_debug.h,v 1.8 2017/04/19 03:42:11 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/key_debug.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $KAME: key_debug.h,v 1.10 2001/08/05 08:37:52 itojun Exp $ */
|
||||
|
||||
@ -55,8 +55,14 @@
|
||||
#define KEYDEBUG_IPSEC_DATA (KEYDEBUG_IPSEC | KEYDEBUG_DATA)
|
||||
#define KEYDEBUG_IPSEC_DUMP (KEYDEBUG_IPSEC | KEYDEBUG_DUMP)
|
||||
|
||||
#define KEYDEBUG(lev,arg) \
|
||||
do { if ((key_debug_level & (lev)) == (lev)) { arg; } } while (/*CONSTCOND*/ 0)
|
||||
#define KEYDEBUG_ON(lev) ((key_debug_level & (lev)) == (lev))
|
||||
|
||||
#define KEYDEBUG_PRINTF(lev, fmt, ...) \
|
||||
do { \
|
||||
if (KEYDEBUG_ON((lev))) \
|
||||
log(LOG_DEBUG, "%s: " fmt, __func__, \
|
||||
__VA_ARGS__); \
|
||||
} while (0)
|
||||
|
||||
extern u_int32_t key_debug_level;
|
||||
#endif /*_KERNEL*/
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $ */
|
||||
/* $NetBSD: keysock.c,v 1.52 2017/04/19 03:42:11 ozaki-r Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.51 2017/04/19 03:39:14 ozaki-r Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.52 2017/04/19 03:42:11 ozaki-r Exp $");
|
||||
|
||||
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
|
||||
|
||||
@ -119,7 +119,8 @@ key_output(struct mbuf *m, struct socket *so)
|
||||
if ((m->m_flags & M_PKTHDR) == 0)
|
||||
panic("key_output: not M_PKTHDR ??");
|
||||
|
||||
KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
|
||||
if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP))
|
||||
kdebug_mbuf(m);
|
||||
|
||||
msg = mtod(m, struct sadb_msg *);
|
||||
PFKEY_STATINC(PFKEY_STAT_OUT_MSGTYPE + msg->sadb_msg_type);
|
||||
@ -205,9 +206,10 @@ key_sendup(struct socket *so, struct sadb_msg *msg, u_int len,
|
||||
if (so == 0 || msg == 0)
|
||||
panic("key_sendup: NULL pointer was passed");
|
||||
|
||||
KEYDEBUG(KEYDEBUG_KEY_DUMP,
|
||||
if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
|
||||
printf("key_sendup: \n");
|
||||
kdebug_sadb(msg));
|
||||
kdebug_sadb(msg);
|
||||
}
|
||||
|
||||
/*
|
||||
* we increment statistics here, just in case we have ENOBUFS
|
||||
|
Loading…
Reference in New Issue
Block a user