Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec make DPRINTF use varyadic cpp macros, and merge...
details: https://anonhg.NetBSD.org/src/rev/4ea1f65b20c9
branches: trunk
changeset: 451954:4ea1f65b20c9
user: christos <christos%NetBSD.org@localhost>
date: Wed Jun 12 22:23:50 2019 +0000
description:
make DPRINTF use varyadic cpp macros, and merge with IPSECLOG.
diffstat:
sys/netipsec/ipsec.h | 10 ++-
sys/netipsec/keysock.c | 10 +-
sys/netipsec/xform_ah.c | 136 +++++++++++++++++++++----------------------
sys/netipsec/xform_esp.c | 110 +++++++++++++++++------------------
sys/netipsec/xform_ipcomp.c | 65 ++++++++++-----------
sys/netipsec/xform_ipip.c | 38 ++++++------
sys/netipsec/xform_tcp.c | 15 ++--
7 files changed, 188 insertions(+), 196 deletions(-)
diffs (truncated from 1070 to 300 lines):
diff -r 1d57a73d76ea -r 4ea1f65b20c9 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Wed Jun 12 22:23:06 2019 +0000
+++ b/sys/netipsec/ipsec.h Wed Jun 12 22:23:50 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.87 2019/01/17 02:47:15 knakahara Exp $ */
+/* $NetBSD: ipsec.h,v 1.88 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -237,13 +237,17 @@
#include <sys/syslog.h>
-#define DPRINTF(x) do { if (ipsec_debug) printf x; } while (0)
+#define DPRINTF(fmt, args...) \
+ do { \
+ if (ipsec_debug) \
+ log(LOG_DEBUG, "%s: " fmt, __func__, ##args); \
+ } while (/*CONSTCOND*/0)
#define IPSECLOG(level, fmt, args...) \
do { \
if (ipsec_debug) \
log(level, "%s: " fmt, __func__, ##args); \
- } while (0)
+ } while (/*CONSTCOND*/0)
#define ipsec_indone(m) \
((m->m_flags & M_AUTHIPHDR) || (m->m_flags & M_DECRYPTED))
diff -r 1d57a73d76ea -r 4ea1f65b20c9 sys/netipsec/keysock.c
--- a/sys/netipsec/keysock.c Wed Jun 12 22:23:06 2019 +0000
+++ b/sys/netipsec/keysock.c Wed Jun 12 22:23:50 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: keysock.c,v 1.69 2019/02/26 06:52:34 maxv Exp $ */
+/* $NetBSD: keysock.c,v 1.70 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.69 2019/02/26 06:52:34 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.70 2019/06/12 22:23:50 christos Exp $");
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
@@ -437,7 +437,7 @@
{
KASSERT(solocked(so));
- panic("key_accept");
+ panic("%s: unsupported", __func__);
return EOPNOTSUPP;
}
@@ -513,7 +513,7 @@
{
KASSERT(solocked(so));
- panic("key_abort");
+ panic("%s: unsupported", __func__);
return EOPNOTSUPP;
}
@@ -612,7 +612,7 @@
key_purgeif(struct socket *so, struct ifnet *ifa)
{
- panic("key_purgeif");
+ panic("%s: unsupported", __func__);
return EOPNOTSUPP;
}
diff -r 1d57a73d76ea -r 4ea1f65b20c9 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Wed Jun 12 22:23:06 2019 +0000
+++ b/sys/netipsec/xform_ah.c Wed Jun 12 22:23:50 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.107 2019/01/27 02:08:48 pgoyette Exp $ */
+/* $NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $ */
/* $FreeBSD: xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.107 2019/01/27 02:08:48 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.108 2019/06/12 22:23:50 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -201,8 +201,8 @@
thash = ah_algorithm_lookup(sav->alg_auth);
if (thash == NULL) {
- DPRINTF(("%s: unsupported authentication algorithm %u\n",
- __func__, sav->alg_auth));
+ DPRINTF("unsupported authentication algorithm %u\n",
+ sav->alg_auth);
return EINVAL;
}
/*
@@ -212,22 +212,22 @@
*/
/* NB: replay state is setup elsewhere (sigh) */
if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) {
- DPRINTF(("%s: replay state block inconsistency, "
- "%s algorithm %s replay state\n", __func__,
- (sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
- sav->replay == NULL ? "without" : "with"));
+ DPRINTF("replay state block inconsistency, "
+ "%s algorithm %s replay state\n",
+ (sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
+ sav->replay == NULL ? "without" : "with");
return EINVAL;
}
if (sav->key_auth == NULL) {
- DPRINTF(("%s: no authentication key for %s algorithm\n",
- __func__, thash->name));
+ DPRINTF("no authentication key for %s algorithm\n",
+ thash->name);
return EINVAL;
}
keylen = _KEYLEN(sav->key_auth);
if (keylen != thash->keysize && thash->keysize != 0) {
- DPRINTF(("%s: invalid keylength %d, algorithm %s requires "
- "keysize %d\n", __func__,
- keylen, thash->name, thash->keysize));
+ DPRINTF("invalid keylength %d, algorithm %s requires "
+ "keysize %d\n",
+ keylen, thash->name, thash->keysize);
return EINVAL;
}
@@ -310,7 +310,7 @@
*/
*m0 = m = m_pullup(m, skip);
if (m == NULL) {
- DPRINTF(("%s: m_pullup failed\n", __func__));
+ DPRINTF("m_pullup failed\n");
return ENOBUFS;
}
@@ -398,7 +398,7 @@
/* We don't do IPv6 Jumbograms. */
if (ip6.ip6_plen == 0) {
- DPRINTF(("%s: unsupported IPv6 jumbogram\n", __func__));
+ DPRINTF("unsupported IPv6 jumbogram\n");
m_freem(m);
return EMSGSIZE;
}
@@ -424,9 +424,8 @@
if (m->m_len <= skip) {
ptr = malloc(ip6optlen, M_XDATA, M_NOWAIT);
if (ptr == NULL) {
- DPRINTF(("%s: failed to allocate "
- "memory for IPv6 headers\n",
- __func__));
+ DPRINTF("failed to allocate "
+ "memory for IPv6 headers\n");
m_freem(m);
return ENOBUFS;
}
@@ -555,8 +554,8 @@
/* Check replay window, if applicable. */
if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
char buf[IPSEC_LOGSASTRLEN];
- DPRINTF(("%s: packet replay failure: %s\n", __func__,
- ipsec_logsastr(sav, buf, sizeof(buf))));
+ DPRINTF("packet replay failure: %s\n",
+ ipsec_logsastr(sav, buf, sizeof(buf)));
stat = AH_STAT_REPLAY;
error = EACCES;
goto bad;
@@ -569,22 +568,22 @@
ahsize = ah_hdrsiz(sav);
if (hl != ahsize) {
char buf[IPSEC_ADDRSTRLEN];
- DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
- " for packet in SA %s/%08lx\n", __func__,
- hl, (u_long)ahsize,
- ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
- (u_long) ntohl(sav->spi)));
+ DPRINTF("bad authenticator length %u (expecting %lu)"
+ " for packet in SA %s/%08lx\n",
+ hl, (u_long)ahsize,
+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
+ (u_long) ntohl(sav->spi));
stat = AH_STAT_BADAUTHL;
error = EACCES;
goto bad;
}
if (skip + ahsize > m->m_pkthdr.len) {
char buf[IPSEC_ADDRSTRLEN];
- DPRINTF(("%s: bad mbuf length %u (expecting >= %lu)"
- " for packet in SA %s/%08lx\n", __func__,
- m->m_pkthdr.len, (u_long)(skip + ahsize),
- ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
- (u_long) ntohl(sav->spi)));
+ DPRINTF("bad mbuf length %u (expecting >= %lu)"
+ " for packet in SA %s/%08lx\n",
+ m->m_pkthdr.len, (u_long)(skip + ahsize),
+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
+ (u_long) ntohl(sav->spi));
stat = AH_STAT_BADAUTHL;
error = EACCES;
goto bad;
@@ -595,7 +594,7 @@
/* Get crypto descriptors. */
crp = crypto_getreq(1);
if (crp == NULL) {
- DPRINTF(("%s: failed to acquire crypto descriptor\n", __func__));
+ DPRINTF("failed to acquire crypto descriptor\n");
stat = AH_STAT_CRYPTO;
error = ENOBUFS;
goto bad;
@@ -627,7 +626,7 @@
pool_used = false;
}
if (tc == NULL) {
- DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
+ DPRINTF("failed to allocate tdb_crypto\n");
stat = AH_STAT_CRYPTO;
error = ENOBUFS;
goto bad;
@@ -635,7 +634,7 @@
error = m_makewritable(&m, 0, extra, M_NOWAIT);
if (error) {
- DPRINTF(("%s: failed to m_makewritable\n", __func__));
+ DPRINTF("failed to m_makewritable\n");
goto bad;
}
@@ -689,10 +688,10 @@
tc->tc_skip = skip;
tc->tc_sav = sav;
- DPRINTF(("%s: hash over %d bytes, skip %d: "
- "crda len %d skip %d inject %d\n", __func__,
- crp->crp_ilen, tc->tc_skip,
- crda->crd_len, crda->crd_skip, crda->crd_inject));
+ DPRINTF("hash over %d bytes, skip %d: "
+ "crda len %d skip %d inject %d\n",
+ crp->crp_ilen, tc->tc_skip,
+ crda->crd_len, crda->crd_skip, crda->crd_inject);
return crypto_dispatch(crp);
@@ -781,7 +780,7 @@
}
AH_STATINC(AH_STAT_NOXFORM);
- DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
+ DPRINTF("crypto error %d\n", crp->crp_etype);
error = crp->crp_etype;
goto bad;
} else {
@@ -801,21 +800,19 @@
/* Verify authenticator. */
if (!consttime_memequal(pppp, calc, authsize)) {
- DPRINTF(("%s: authentication hash mismatch " \
+ DPRINTF("authentication hash mismatch " \
"over %d bytes " \
"for packet in SA %s/%08lx:\n" \
- "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \
- "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
- __func__, authsize,
- ipsec_address(&saidx->dst, buf, sizeof(buf)),
+ "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \
+ "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
+ authsize, ipsec_address(&saidx->dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi),
- calc[0], calc[1], calc[2], calc[3],
- calc[4], calc[5], calc[6], calc[7],
- calc[8], calc[9], calc[10], calc[11],
- pppp[0], pppp[1], pppp[2], pppp[3],
- pppp[4], pppp[5], pppp[6], pppp[7],
- pppp[8], pppp[9], pppp[10], pppp[11]
- ));
+ calc[0], calc[1], calc[2], calc[3],
+ calc[4], calc[5], calc[6], calc[7],
+ calc[8], calc[9], calc[10], calc[11],
+ pppp[0], pppp[1], pppp[2], pppp[3],
+ pppp[4], pppp[5], pppp[6], pppp[7],
+ pppp[8], pppp[9], pppp[10], pppp[11]);
AH_STATINC(AH_STAT_BADAUTH);
error = EACCES;
goto bad;
@@ -858,9 +855,9 @@
*/
error = m_striphdr(m, skip, ahsize);
if (error) {
- DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
+ DPRINTF("mangled mbuf chain for SA %s/%08lx\n",
ipsec_address(&saidx->dst, buf, sizeof(buf)),
- (u_long) ntohl(sav->spi)));
Home |
Main Index |
Thread Index |
Old Index