Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Add more debugging, no functional change.
details: https://anonhg.NetBSD.org/src/rev/c2751835294f
branches: trunk
changeset: 814075:c2751835294f
user: christos <christos%NetBSD.org@localhost>
date: Sat Mar 05 20:11:09 2016 +0000
description:
Add more debugging, no functional change.
diffstat:
sys/netipsec/key.c | 68 +++++++++++++++++++++++++++++++++++++++--------
sys/netipsec/key_debug.h | 3 +-
2 files changed, 58 insertions(+), 13 deletions(-)
diffs (146 lines):
diff -r b7c6602fa914 -r c2751835294f sys/netipsec/key.c
--- a/sys/netipsec/key.c Sat Mar 05 19:48:55 2016 +0000
+++ b/sys/netipsec/key.c Sat Mar 05 20:11:09 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.91 2014/06/16 03:34:45 christos Exp $ */
+/* $NetBSD: key.c,v 1.92 2016/03/05 20:11:09 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.91 2014/06/16 03:34:45 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.92 2016/03/05 20:11:09 christos Exp $");
/*
* This code is referd to RFC 2367
@@ -1100,9 +1100,6 @@
IPSEC_ASSERT(dst != NULL, ("key_allocsa: null dst address"));
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP %s from %s:%u\n", __func__, where, tag));
-
/*
* XXX IPCOMP case
* We use cpi to define spi here. In the case where cpi <=
@@ -1121,6 +1118,10 @@
must_check_alg = 1;
}
}
+ KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
+ printf("DP %s from %s:%u check_spi=%d, check_alg=%d\n",
+ __func__, where, tag, must_check_spi, must_check_alg));
+
/*
* searching SAD.
@@ -1141,19 +1142,38 @@
for (stateidx = 0; stateidx < arraysize; stateidx++) {
state = saorder_state_valid[stateidx];
LIST_FOREACH(sav, &sah->savtree[state], chain) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("try match spi %#x, %#x\n",
+ ntohl(spi), ntohl(sav->spi)));
/* sanity check */
KEY_CHKSASTATE(sav->state, state, "key_allocsav");
/* do not return entries w/ unusable state */
if (sav->state != SADB_SASTATE_MATURE &&
- sav->state != SADB_SASTATE_DYING)
+ sav->state != SADB_SASTATE_DYING) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("bad state %d\n",
+ sav->state));
continue;
- if (proto != sav->sah->saidx.proto)
+ }
+ if (proto != sav->sah->saidx.proto) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("proto fail %d != %d\n",
+ proto, sav->sah->saidx.proto));
continue;
- if (must_check_spi && spi != sav->spi)
+ }
+ if (must_check_spi && spi != sav->spi) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("spi fail %#x != %#x\n",
+ ntohl(spi), ntohl(sav->spi)));
continue;
+ }
/* XXX only on the ipcomp case */
- if (must_check_alg && algo != sav->alg_comp)
+ if (must_check_alg && algo != sav->alg_comp) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("algo fail %d != %d\n",
+ algo, sav->alg_comp));
continue;
+ }
#if 0 /* don't check src */
/* Fix port in src->sa */
@@ -4404,19 +4424,43 @@
#undef satosin6
#endif
#define satosin6(s) ((const struct sockaddr_in6 *)s)
- if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
+ if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("fam/len fail %d != %d || %d != %d\n",
+ sa1->sa_family, sa2->sa_family, sa1->sa_len,
+ sa2->sa_len));
return 1;
+ }
switch (sa1->sa_family) {
case AF_INET:
- if (sa1->sa_len != sizeof(struct sockaddr_in))
+ if (sa1->sa_len != sizeof(struct sockaddr_in)) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("len fail %d != %zu\n",
+ sa1->sa_len, sizeof(struct sockaddr_in)));
return 1;
+ }
if (satosin(sa1)->sin_addr.s_addr !=
satosin(sa2)->sin_addr.s_addr) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("addr fail %#x != %#x\n",
+ satosin(sa1)->sin_addr.s_addr,
+ satosin(sa2)->sin_addr.s_addr));
return 1;
}
- if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
+ if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) {
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("port fail %d != %d\n",
+ satosin(sa1)->sin_port,
+ satosin(sa2)->sin_port));
return 1;
+ }
+ KEYDEBUG(KEYDEBUG_MATCH,
+ printf("addr success %#x[%d] == %#x[%d]\n",
+ satosin(sa1)->sin_addr.s_addr,
+ satosin(sa1)->sin_port,
+ satosin(sa2)->sin_addr.s_addr,
+ satosin(sa2)->sin_port));
break;
case AF_INET6:
if (sa1->sa_len != sizeof(struct sockaddr_in6))
diff -r b7c6602fa914 -r c2751835294f sys/netipsec/key_debug.h
--- a/sys/netipsec/key_debug.h Sat Mar 05 19:48:55 2016 +0000
+++ b/sys/netipsec/key_debug.h Sat Mar 05 20:11:09 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key_debug.h,v 1.6 2011/02/21 22:21:40 drochner Exp $ */
+/* $NetBSD: key_debug.h,v 1.7 2016/03/05 20:11:09 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/key_debug.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $KAME: key_debug.h,v 1.10 2001/08/05 08:37:52 itojun Exp $ */
@@ -39,6 +39,7 @@
#define KEYDEBUG_STAMP 0x00000001 /* path */
#define KEYDEBUG_DATA 0x00000002 /* data */
#define KEYDEBUG_DUMP 0x00000004 /* dump */
+#define KEYDEBUG_MATCH 0x00000008 /* match */
#define KEYDEBUG_KEY 0x00000010 /* key processing */
#define KEYDEBUG_ALG 0x00000020 /* ciph & auth algorithm */
Home |
Main Index |
Thread Index |
Old Index