Add more debugging, no functional change.
This commit is contained in:
christos
parent
0d7369c54b
commit
9347deb6cb
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: key.c,v 1.91 2014/06/16 03:34:45 christos Exp $ */
|
/* $NetBSD: key.c,v 1.92 2016/03/05 20:11:09 christos Exp $ */
|
||||||
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
|
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
|
||||||
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
|
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
|
||||||
|
|
||||||
@ -32,7 +32,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.91 2014/06/16 03:34:45 christos Exp $");
|
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.92 2016/03/05 20:11:09 christos Exp $");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This code is referd to RFC 2367
|
* This code is referd to RFC 2367
|
||||||
@ -1100,9 +1100,6 @@ key_allocsa(
|
|||||||
|
|
||||||
IPSEC_ASSERT(dst != NULL, ("key_allocsa: null dst address"));
|
IPSEC_ASSERT(dst != NULL, ("key_allocsa: null dst address"));
|
||||||
|
|
||||||
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
|
||||||
printf("DP %s from %s:%u\n", __func__, where, tag));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* XXX IPCOMP case
|
* XXX IPCOMP case
|
||||||
* We use cpi to define spi here. In the case where cpi <=
|
* We use cpi to define spi here. In the case where cpi <=
|
||||||
@ -1121,6 +1118,10 @@ key_allocsa(
|
|||||||
must_check_alg = 1;
|
must_check_alg = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
|
||||||
|
printf("DP %s from %s:%u check_spi=%d, check_alg=%d\n",
|
||||||
|
__func__, where, tag, must_check_spi, must_check_alg));
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* searching SAD.
|
* searching SAD.
|
||||||
@ -1141,19 +1142,38 @@ key_allocsa(
|
|||||||
for (stateidx = 0; stateidx < arraysize; stateidx++) {
|
for (stateidx = 0; stateidx < arraysize; stateidx++) {
|
||||||
state = saorder_state_valid[stateidx];
|
state = saorder_state_valid[stateidx];
|
||||||
LIST_FOREACH(sav, &sah->savtree[state], chain) {
|
LIST_FOREACH(sav, &sah->savtree[state], chain) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("try match spi %#x, %#x\n",
|
||||||
|
ntohl(spi), ntohl(sav->spi)));
|
||||||
/* sanity check */
|
/* sanity check */
|
||||||
KEY_CHKSASTATE(sav->state, state, "key_allocsav");
|
KEY_CHKSASTATE(sav->state, state, "key_allocsav");
|
||||||
/* do not return entries w/ unusable state */
|
/* do not return entries w/ unusable state */
|
||||||
if (sav->state != SADB_SASTATE_MATURE &&
|
if (sav->state != SADB_SASTATE_MATURE &&
|
||||||
sav->state != SADB_SASTATE_DYING)
|
sav->state != SADB_SASTATE_DYING) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("bad state %d\n",
|
||||||
|
sav->state));
|
||||||
continue;
|
continue;
|
||||||
if (proto != sav->sah->saidx.proto)
|
}
|
||||||
|
if (proto != sav->sah->saidx.proto) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("proto fail %d != %d\n",
|
||||||
|
proto, sav->sah->saidx.proto));
|
||||||
continue;
|
continue;
|
||||||
if (must_check_spi && spi != sav->spi)
|
}
|
||||||
|
if (must_check_spi && spi != sav->spi) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("spi fail %#x != %#x\n",
|
||||||
|
ntohl(spi), ntohl(sav->spi)));
|
||||||
continue;
|
continue;
|
||||||
|
}
|
||||||
/* XXX only on the ipcomp case */
|
/* XXX only on the ipcomp case */
|
||||||
if (must_check_alg && algo != sav->alg_comp)
|
if (must_check_alg && algo != sav->alg_comp) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("algo fail %d != %d\n",
|
||||||
|
algo, sav->alg_comp));
|
||||||
continue;
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
#if 0 /* don't check src */
|
#if 0 /* don't check src */
|
||||||
/* Fix port in src->sa */
|
/* Fix port in src->sa */
|
||||||
@ -4404,19 +4424,43 @@ key_sockaddrcmp(
|
|||||||
#undef satosin6
|
#undef satosin6
|
||||||
#endif
|
#endif
|
||||||
#define satosin6(s) ((const struct sockaddr_in6 *)s)
|
#define satosin6(s) ((const struct sockaddr_in6 *)s)
|
||||||
if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
|
if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("fam/len fail %d != %d || %d != %d\n",
|
||||||
|
sa1->sa_family, sa2->sa_family, sa1->sa_len,
|
||||||
|
sa2->sa_len));
|
||||||
return 1;
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
switch (sa1->sa_family) {
|
switch (sa1->sa_family) {
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
if (sa1->sa_len != sizeof(struct sockaddr_in))
|
if (sa1->sa_len != sizeof(struct sockaddr_in)) {
|
||||||
return 1;
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
if (satosin(sa1)->sin_addr.s_addr !=
|
printf("len fail %d != %zu\n",
|
||||||
satosin(sa2)->sin_addr.s_addr) {
|
sa1->sa_len, sizeof(struct sockaddr_in)));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
|
if (satosin(sa1)->sin_addr.s_addr !=
|
||||||
|
satosin(sa2)->sin_addr.s_addr) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("addr fail %#x != %#x\n",
|
||||||
|
satosin(sa1)->sin_addr.s_addr,
|
||||||
|
satosin(sa2)->sin_addr.s_addr));
|
||||||
return 1;
|
return 1;
|
||||||
|
}
|
||||||
|
if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) {
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("port fail %d != %d\n",
|
||||||
|
satosin(sa1)->sin_port,
|
||||||
|
satosin(sa2)->sin_port));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
KEYDEBUG(KEYDEBUG_MATCH,
|
||||||
|
printf("addr success %#x[%d] == %#x[%d]\n",
|
||||||
|
satosin(sa1)->sin_addr.s_addr,
|
||||||
|
satosin(sa1)->sin_port,
|
||||||
|
satosin(sa2)->sin_addr.s_addr,
|
||||||
|
satosin(sa2)->sin_port));
|
||||||
break;
|
break;
|
||||||
case AF_INET6:
|
case AF_INET6:
|
||||||
if (sa1->sa_len != sizeof(struct sockaddr_in6))
|
if (sa1->sa_len != sizeof(struct sockaddr_in6))
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $NetBSD: key_debug.h,v 1.6 2011/02/21 22:21:40 drochner Exp $ */
|
/* $NetBSD: key_debug.h,v 1.7 2016/03/05 20:11:09 christos Exp $ */
|
||||||
/* $FreeBSD: src/sys/netipsec/key_debug.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
/* $FreeBSD: src/sys/netipsec/key_debug.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||||
/* $KAME: key_debug.h,v 1.10 2001/08/05 08:37:52 itojun Exp $ */
|
/* $KAME: key_debug.h,v 1.10 2001/08/05 08:37:52 itojun Exp $ */
|
||||||
|
|
||||||
@ -39,6 +39,7 @@
|
|||||||
#define KEYDEBUG_STAMP 0x00000001 /* path */
|
#define KEYDEBUG_STAMP 0x00000001 /* path */
|
||||||
#define KEYDEBUG_DATA 0x00000002 /* data */
|
#define KEYDEBUG_DATA 0x00000002 /* data */
|
||||||
#define KEYDEBUG_DUMP 0x00000004 /* dump */
|
#define KEYDEBUG_DUMP 0x00000004 /* dump */
|
||||||
|
#define KEYDEBUG_MATCH 0x00000008 /* match */
|
||||||
|
|
||||||
#define KEYDEBUG_KEY 0x00000010 /* key processing */
|
#define KEYDEBUG_KEY 0x00000010 /* key processing */
|
||||||
#define KEYDEBUG_ALG 0x00000020 /* ciph & auth algorithm */
|
#define KEYDEBUG_ALG 0x00000020 /* ciph & auth algorithm */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user