Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cleanup debugging printfs and fix port endianness printing issue.

This commit is contained in:
christos 2014-06-16 03:34:45 +00:00
parent 14f6ebbe2b
commit bdca82a2cd
1 changed files with 94 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
sys/netipsec/key.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: key.c,v 1.90 2014/06/05 17:18:19 christos Exp $ */
/* $NetBSD: key.c,v 1.91 2014/06/16 03:34:45 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.90 2014/06/05 17:18:19 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.91 2014/06/16 03:34:45 christos Exp $");
/*
* This code is referd to RFC 2367
@ -5082,11 +5082,93 @@ static int
key_handle_natt_info(struct secasvar *sav,
const struct sadb_msghdr *mhp)
{
const char *msg = "?" ;
struct sadb_x_nat_t_type *type;
struct sadb_x_nat_t_port *sport, *dport;
struct sadb_address *iaddr, *raddr;
struct sadb_x_nat_t_frag *frag;
if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL)
return 0;
if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) {
msg = "TYPE";
goto bad;
}
if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) {
msg = "SPORT";
goto bad;
}
if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
msg = "DPORT";
goto bad;
}
if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) {
ipseclog((LOG_DEBUG,"%s: NAT-T OAi present\n", __func__));
if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) {
msg = "OAI";
goto bad;
}
}
if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
ipseclog((LOG_DEBUG,"%s: NAT-T OAr present\n", __func__));
if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
msg = "OAR";
goto bad;
}
}
if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
msg = "FRAG";
goto bad;
}
}
type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
frag = (struct sadb_x_nat_t_frag *)mhp->ext[SADB_X_EXT_NAT_T_FRAG];
ipseclog((LOG_DEBUG, "%s: type %d, sport = %d, dport = %d\n",
__func__, type->sadb_x_nat_t_type_type,
ntohs(sport->sadb_x_nat_t_port_port),
ntohs(dport->sadb_x_nat_t_port_port)));
sav->natt_type = type->sadb_x_nat_t_type_type;
key_porttosaddr(&sav->sah->saidx.src,
sport->sadb_x_nat_t_port_port);
key_porttosaddr(&sav->sah->saidx.dst,
dport->sadb_x_nat_t_port_port);
if (frag)
sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
else
sav->esp_frag = IP_MAXPACKET;
return 0;
bad:
ipseclog((LOG_DEBUG, "%s: invalid message %s\n", __func__, msg));
__USE(msg);
return -1;
}
/* Just update the IPSEC_NAT_T ports if present */
static int
key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst,
const struct sadb_msghdr *mhp)
{
if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
ipseclog((LOG_DEBUG,"update: NAT-T OAi present\n"));
ipseclog((LOG_DEBUG,"%s: NAT-T OAi present\n", __func__));
if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
ipseclog((LOG_DEBUG,"update: NAT-T OAr present\n"));
ipseclog((LOG_DEBUG,"%s: NAT-T OAr present\n", __func__));
if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
(mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
@ -5094,32 +5176,12 @@ key_handle_natt_info(struct secasvar *sav,
struct sadb_x_nat_t_type *type;
struct sadb_x_nat_t_port *sport;
struct sadb_x_nat_t_port *dport;
struct sadb_address *iaddr, *raddr;
struct sadb_x_nat_t_frag *frag;
if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
(mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
(mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
ipseclog((LOG_DEBUG, "key_update: "
"invalid message.\n"));
return -1;
}
if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) &&
(mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) {
ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
return -1;
}
if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) &&
(mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) {
ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
return -1;
}
if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
(mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
ipseclog((LOG_DEBUG, "%s: invalid message\n",
__func__));
return -1;
}
@ -5129,73 +5191,14 @@ key_handle_natt_info(struct secasvar *sav,
mhp->ext[SADB_X_EXT_NAT_T_SPORT];
dport = (struct sadb_x_nat_t_port *)
mhp->ext[SADB_X_EXT_NAT_T_DPORT];
iaddr = (struct sadb_address *)
mhp->ext[SADB_X_EXT_NAT_T_OAI];
raddr = (struct sadb_address *)
mhp->ext[SADB_X_EXT_NAT_T_OAR];
frag = (struct sadb_x_nat_t_frag *)
mhp->ext[SADB_X_EXT_NAT_T_FRAG];
ipseclog((LOG_DEBUG,
"key_update: type %d, sport = %d, dport = %d\n",
type->sadb_x_nat_t_type_type,
sport->sadb_x_nat_t_port_port,
dport->sadb_x_nat_t_port_port));
key_porttosaddr(src, sport->sadb_x_nat_t_port_port);
key_porttosaddr(dst, dport->sadb_x_nat_t_port_port);
if (type)
sav->natt_type = type->sadb_x_nat_t_type_type;
if (sport)
key_porttosaddr(&sav->sah->saidx.src,
sport->sadb_x_nat_t_port_port);
if (dport)
key_porttosaddr(&sav->sah->saidx.dst,
dport->sadb_x_nat_t_port_port);
if (frag)
sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
else
sav->esp_frag = IP_MAXPACKET;
}
return 0;
}
/* Just update the IPSEC_NAT_T ports if present */
static int
key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst,
const struct sadb_msghdr *mhp)
{
if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
ipseclog((LOG_DEBUG,"update: NAT-T OAi present\n"));
if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
ipseclog((LOG_DEBUG,"update: NAT-T OAr present\n"));
if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
(mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
(mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
struct sadb_x_nat_t_type *type;
struct sadb_x_nat_t_port *sport;
struct sadb_x_nat_t_port *dport;
if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
(mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
(mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
ipseclog((LOG_DEBUG, "key_update: "
"invalid message.\n"));
return -1;
}
sport = (struct sadb_x_nat_t_port *)
mhp->ext[SADB_X_EXT_NAT_T_SPORT];
dport = (struct sadb_x_nat_t_port *)
mhp->ext[SADB_X_EXT_NAT_T_DPORT];
if (sport)
key_porttosaddr(src,
sport->sadb_x_nat_t_port_port);
if (dport)
key_porttosaddr(dst,
dport->sadb_x_nat_t_port_port);
ipseclog((LOG_DEBUG, "%s: type %d, sport = %d, dport = %d\n",
__func__, type->sadb_x_nat_t_type_type,
ntohs(sport->sadb_x_nat_t_port_port),
ntohs(dport->sadb_x_nat_t_port_port)));
}
return 0;