Module Name: src
Committed By: christos
Date: Sat Apr 15 22:01:57 UTC 2017
Modified Files:
src/sys/netipsec: xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c
Log Message:
cosmetic fixes:
- __func__ in printfs
- no space after sizeof
- eliminate useless casts
- u_intX_t -> uintX_t
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.33 -r1.34 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.44 -r1.45 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.49 src/sys/netipsec/xform_ah.c:1.50
--- src/sys/netipsec/xform_ah.c:1.49 Fri Apr 14 18:29:17 2017
+++ src/sys/netipsec/xform_ah.c Sat Apr 15 18:01:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $ */
+/* $NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.49 2017/04/14 22:29:17 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.50 2017/04/15 22:01:57 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -94,7 +94,7 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v
*/
#define HDRSIZE(sav) \
(((sav)->flags & SADB_X_EXT_OLD) ? \
- sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
+ sizeof(struct ah) : sizeof(struct ah) + sizeof(uint32_t))
/*
* Return authenticator size in bytes. The old protocol is known
* to use a fixed 16-byte authenticator. The new algorithm gets
@@ -121,8 +121,8 @@ SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STA
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
-static int ah_input_cb(struct cryptop*);
-static int ah_output_cb(struct cryptop*);
+static int ah_input_cb(struct cryptop *);
+static int ah_output_cb(struct cryptop *);
const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
@@ -169,10 +169,10 @@ ah_hdrsiz(const struct secasvar *sav)
("%s: null xform", __func__));
/*XXX not right for null algorithm--does it matter??*/
authsize = AUTHSIZE(sav);
- size = roundup(authsize, sizeof (u_int32_t)) + HDRSIZE(sav);
+ size = roundup(authsize, sizeof(uint32_t)) + HDRSIZE(sav);
} else {
/* default guess */
- size = sizeof (struct ah) + sizeof (u_int32_t) + 16;
+ size = sizeof(struct ah) + sizeof(uint32_t) + 16;
}
return size;
}
@@ -223,7 +223,7 @@ ah_init0(struct secasvar *sav, const str
sav->tdb_authalgxform = thash;
/* Initialize crypto session. */
- memset(cria, 0, sizeof (*cria));
+ memset(cria, 0, sizeof(*cria));
cria->cri_alg = sav->tdb_authalgxform->type;
cria->cri_klen = _KEYBITS(sav->key_auth);
cria->cri_key = _KEYBUF(sav->key_auth);
@@ -284,6 +284,7 @@ ah_massage_headers(struct mbuf **m0, int
#ifdef INET6
struct ip6_ext *ip6e;
struct ip6_hdr ip6;
+ struct ip6_rthdr *rh;
int alloc, ad, nxt;
#endif /* INET6 */
@@ -325,7 +326,7 @@ ah_massage_headers(struct mbuf **m0, int
#define TOHOST(x) (ntohs(x))
#endif
if (!out) {
- u_int16_t inlen = TOHOST(ip->ip_len);
+ uint16_t inlen = TOHOST(ip->ip_len);
#ifdef __FreeBSD__
ip->ip_len = htons(inlen + skip);
@@ -408,9 +409,10 @@ ah_massage_headers(struct mbuf **m0, int
* will look like.
*/
if (out)
- bcopy(ptr + off + ptr[off + 1] -
+ memcpy(&ip->ip_dst,
+ ptr + off + ptr[off + 1] -
sizeof(struct in_addr),
- &(ip->ip_dst), sizeof(struct in_addr));
+ sizeof(struct in_addr));
/* Fall through */
default:
@@ -472,8 +474,7 @@ ah_massage_headers(struct mbuf **m0, int
/* Let's deal with the remaining headers (if any). */
if (skip - sizeof(struct ip6_hdr) > 0) {
if (m->m_len <= skip) {
- ptr = (unsigned char *) malloc(
- skip - sizeof(struct ip6_hdr),
+ ptr = malloc(skip - sizeof(struct ip6_hdr),
M_XDATA, M_NOWAIT);
if (ptr == NULL) {
DPRINTF(("%s: failed to allocate "
@@ -561,48 +562,44 @@ ah_massage_headers(struct mbuf **m0, int
* Always include routing headers in
* computation.
*/
- {
- struct ip6_rthdr *rh;
-
- ip6e = (struct ip6_ext *) (ptr + off);
- rh = (struct ip6_rthdr *)(ptr + off);
- /*
- * must adjust content to make it look like
- * its final form (as seen at the final
- * destination).
- * we only know how to massage type 0 routing
- * header.
- */
- if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
- struct ip6_rthdr0 *rh0;
- struct in6_addr *addr, finaldst;
- int i;
-
- rh0 = (struct ip6_rthdr0 *)rh;
- addr = (struct in6_addr *)(rh0 + 1);
-
- for (i = 0; i < rh0->ip6r0_segleft; i++)
- in6_clearscope(&addr[i]);
-
- finaldst = addr[rh0->ip6r0_segleft - 1];
- memmove(&addr[1], &addr[0],
- sizeof(struct in6_addr) *
- (rh0->ip6r0_segleft - 1));
-
- m_copydata(m, 0, sizeof(ip6), &ip6);
- addr[0] = ip6.ip6_dst;
- ip6.ip6_dst = finaldst;
- m_copyback(m, 0, sizeof(ip6), &ip6);
-
- rh0->ip6r0_segleft = 0;
- }
+ ip6e = (struct ip6_ext *) (ptr + off);
+ rh = (struct ip6_rthdr *)(ptr + off);
+ /*
+ * must adjust content to make it look like
+ * its final form (as seen at the final
+ * destination).
+ * we only know how to massage type 0 routing
+ * header.
+ */
+ if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
+ struct ip6_rthdr0 *rh0;
+ struct in6_addr *addr, finaldst;
+ int i;
+
+ rh0 = (struct ip6_rthdr0 *)rh;
+ addr = (struct in6_addr *)(rh0 + 1);
+
+ for (i = 0; i < rh0->ip6r0_segleft; i++)
+ in6_clearscope(&addr[i]);
+
+ finaldst = addr[rh0->ip6r0_segleft - 1];
+ memmove(&addr[1], &addr[0],
+ sizeof(struct in6_addr) *
+ (rh0->ip6r0_segleft - 1));
+
+ m_copydata(m, 0, sizeof(ip6), &ip6);
+ addr[0] = ip6.ip6_dst;
+ ip6.ip6_dst = finaldst;
+ m_copyback(m, 0, sizeof(ip6), &ip6);
- /* advance */
- off += ((ip6e->ip6e_len + 1) << 3);
- nxt = ip6e->ip6e_nxt;
- break;
+ rh0->ip6r0_segleft = 0;
}
+ /* advance */
+ off += ((ip6e->ip6e_len + 1) << 3);
+ nxt = ip6e->ip6e_nxt;
+ break;
+
default:
DPRINTF(("%s: unexpected IPv6 header type %d\n",
__func__, off));
@@ -643,7 +640,7 @@ ah_input(struct mbuf *m, const struct se
struct cryptodesc *crda;
struct cryptop *crp;
- IPSEC_SPLASSERT_SOFTNET("ah_input");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
IPSEC_ASSERT(sav->key_auth != NULL,
@@ -673,13 +670,13 @@ ah_input(struct mbuf *m, const struct se
}
/* Verify AH header length. */
- hl = ah->ah_len * sizeof (u_int32_t);
+ hl = ah->ah_len * sizeof(uint32_t);
ahx = sav->tdb_authalgxform;
authsize = AUTHSIZE(sav);
- if (hl != authsize + rplen - sizeof (struct ah)) {
+ if (hl != authsize + rplen - sizeof(struct ah)) {
DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
" for packet in SA %s/%08lx\n", __func__,
- hl, (u_long) (authsize + rplen - sizeof (struct ah)),
+ hl, (u_long) (authsize + rplen - sizeof(struct ah)),
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
AH_STATINC(AH_STAT_BADAUTHL);
@@ -717,7 +714,7 @@ ah_input(struct mbuf *m, const struct se
if (tdbi->proto == sav->sah->saidx.proto &&
tdbi->spi == sav->spi &&
!memcmp(&tdbi->dst, &sav->sah->saidx.dst,
- sizeof (union sockaddr_union)))
+ sizeof(union sockaddr_union)))
break;
}
@@ -822,20 +819,20 @@ ah_input_cb(struct cryptop *crp)
struct m_tag *mtag;
struct secasvar *sav;
struct secasindex *saidx;
- u_int8_t nxt;
+ uint8_t nxt;
char *ptr;
int s, authsize;
- u_int16_t dport;
- u_int16_t sport;
+ uint16_t dport;
+ uint16_t sport;
- tc = (struct tdb_crypto *) crp->crp_opaque;
+ tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
__func__));
skip = tc->tc_skip;
nxt = tc->tc_nxt;
protoff = tc->tc_protoff;
- mtag = (struct m_tag *) tc->tc_ptr;
- m = (struct mbuf *) crp->crp_buf;
+ mtag = tc->tc_ptr;
+ m = crp->crp_buf;
/* find the source port for NAT-T */
@@ -902,8 +899,8 @@ ah_input_cb(struct cryptop *crp)
* it has been verified by an IPsec-aware NIC.
*/
if (mtag == NULL) {
- ptr = (char *) (tc + 1);
- const u_int8_t *pppp = ptr + skip + rplen;
+ ptr = (char *)(tc + 1);
+ const uint8_t *pppp = ptr + skip + rplen;
/* Verify authenticator. */
if (!consttime_memequal(pppp, calc, authsize)) {
@@ -928,13 +925,13 @@ ah_input_cb(struct cryptop *crp)
}
/* Fix the Next Protocol field. */
- ((u_int8_t *) ptr)[protoff] = nxt;
+ ptr[protoff] = nxt;
/* Copyback the saved (uncooked) network headers. */
m_copyback(m, 0, skip, ptr);
} else {
/* Fix the Next Protocol field. */
- m_copyback(m, protoff, sizeof(u_int8_t), &nxt);
+ m_copyback(m, protoff, sizeof(uint8_t), &nxt);
}
free(tc, M_XDATA), tc = NULL; /* No longer needed */
@@ -948,10 +945,10 @@ ah_input_cb(struct cryptop *crp)
* Update replay sequence number, if appropriate.
*/
if (sav->replay) {
- u_int32_t seq;
+ uint32_t seq;
m_copydata(m, skip + offsetof(struct newah, ah_seq),
- sizeof (seq), &seq);
+ sizeof(seq), &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
AH_STATINC(AH_STAT_REPLAY);
error = ENOBUFS; /*XXX as above*/
@@ -1014,7 +1011,7 @@ ah_output(
uint8_t prot;
struct newah *ah;
- IPSEC_SPLASSERT_SOFTNET("ah_output");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
@@ -1096,8 +1093,8 @@ ah_output(
ah = (struct newah *)(mtod(mi, char *) + roff);
/* Initialize the AH header. */
- m_copydata(m, protoff, sizeof(u_int8_t), &ah->ah_nxt);
- ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(u_int32_t);
+ m_copydata(m, protoff, sizeof(uint8_t), &ah->ah_nxt);
+ ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(uint32_t);
ah->ah_reserve = 0;
ah->ah_spi = sav->spi;
@@ -1221,11 +1218,11 @@ ah_output_cb(struct cryptop *crp)
void *ptr;
int s, err;
- tc = (struct tdb_crypto *) crp->crp_opaque;
+ tc = crp->crp_opaque;
IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
skip = tc->tc_skip;
ptr = (tc + 1);
- m = (struct mbuf *) crp->crp_buf;
+ m = crp->crp_buf;
s = splsoftnet();
mutex_enter(softnet_lock);
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.50 src/sys/netipsec/xform_esp.c:1.51
--- src/sys/netipsec/xform_esp.c:1.50 Thu Apr 13 12:38:32 2017
+++ src/sys/netipsec/xform_esp.c Sat Apr 15 18:01:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $ */
+/* $NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.51 2017/04/15 22:01:57 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -154,11 +154,11 @@ esp_hdrsiz(const struct secasvar *sav)
if (sav != NULL) {
/*XXX not right for null algorithm--does it matter??*/
IPSEC_ASSERT(sav->tdb_encalgxform != NULL,
- ("esp_hdrsiz: SA with null xform"));
+ ("%s: SA with null xform", __func__));
if (sav->flags & SADB_X_EXT_OLD)
- size = sizeof (struct esp);
+ size = sizeof(struct esp);
else
- size = sizeof (struct newesp);
+ size = sizeof(struct newesp);
size += sav->tdb_encalgxform->ivsize + 9;
/*XXX need alg check???*/
if (sav->tdb_authalgxform != NULL && sav->replay)
@@ -168,11 +168,11 @@ esp_hdrsiz(const struct secasvar *sav)
* base header size
* + max iv length for CBC mode
* + max pad length
- * + sizeof (pad length field)
- * + sizeof (next header field)
+ * + sizeof(pad length field)
+ * + sizeof(next header field)
* + max icv supported.
*/
- size = sizeof (struct newesp) + esp_max_ivlen + 9 + 16;
+ size = sizeof(struct newesp) + esp_max_ivlen + 9 + 16;
}
return size;
}
@@ -259,7 +259,7 @@ esp_init(struct secasvar *sav, const str
}
/* Initialize crypto session. */
- memset(&crie, 0, sizeof (crie));
+ memset(&crie, 0, sizeof(crie));
crie.cri_alg = sav->tdb_encalgxform->type;
crie.cri_klen = _KEYBITS(sav->key_enc);
crie.cri_key = _KEYBUF(sav->key_enc);
@@ -316,26 +316,26 @@ esp_input(struct mbuf *m, const struct s
struct cryptodesc *crde;
struct cryptop *crp;
- IPSEC_SPLASSERT_SOFTNET("esp_input");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
- IPSEC_ASSERT(sav != NULL, ("esp_input: null SA"));
+ IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
IPSEC_ASSERT(sav->tdb_encalgxform != NULL,
- ("esp_input: null encoding xform"));
+ ("%s: null encoding xform", __func__));
IPSEC_ASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0,
- ("esp_input: misaligned packet, skip %u pkt len %u",
- skip, m->m_pkthdr.len));
+ ("%s: misaligned packet, skip %u pkt len %u", __func__,
+ skip, m->m_pkthdr.len));
/* XXX don't pullup, just copy header */
- IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct newesp));
+ IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof(struct newesp));
esph = sav->tdb_authalgxform;
espx = sav->tdb_encalgxform;
/* Determine the ESP header length */
if (sav->flags & SADB_X_EXT_OLD)
- hlen = sizeof (struct esp) + sav->ivlen;
+ hlen = sizeof(struct esp) + sav->ivlen;
else
- hlen = sizeof (struct newesp) + sav->ivlen;
+ hlen = sizeof(struct newesp) + sav->ivlen;
/* Authenticator hash size */
alen = esph ? esph->authsize : 0;
@@ -349,10 +349,8 @@ esp_input(struct mbuf *m, const struct s
*/
plen = m->m_pkthdr.len - (skip + hlen + alen);
if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
- DPRINTF(("esp_input: "
- "payload of %d octets not a multiple of %d octets,"
- " SA %s/%08lx\n",
- plen, espx->blocksize,
+ DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
+ " SA %s/%08lx\n", __func__, plen, espx->blocksize,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_BADILEN);
@@ -364,8 +362,8 @@ esp_input(struct mbuf *m, const struct s
* Check sequence number.
*/
if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
- DPRINTF(("esp_input: packet replay check for %s\n",
- ipsec_logsastr(sav))); /*XXX*/
+ DPRINTF(("%s: packet replay check for %s\n",
+ __func__, ipsec_logsastr(sav))); /*XXX*/
ESP_STATINC(ESP_STAT_REPLAY);
m_freem(m);
return ENOBUFS; /*XXX*/
@@ -389,35 +387,25 @@ esp_input(struct mbuf *m, const struct s
/* Get crypto descriptors */
crp = crypto_getreq(esph && espx ? 2 : 1);
if (crp == NULL) {
- DPRINTF(("esp_input: failed to acquire crypto descriptors\n"));
- ESP_STATINC(ESP_STAT_CRYPTO);
- m_freem(m);
- return ENOBUFS;
+ DPRINTF(("%s: failed to acquire crypto descriptors\n",
+ __func__));
+ error = ENOBUFS;
+ goto out;
}
/* Get IPsec-specific opaque pointer */
- if (esph == NULL || mtag != NULL)
- tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
- M_XDATA, M_NOWAIT|M_ZERO);
- else
- tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto) + alen,
- M_XDATA, M_NOWAIT|M_ZERO);
+ size_t extra = esph == NULL || mtag != NULL ? 0 : alen;
+ tc = malloc(sizeof(*tc) + extra, M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
- crypto_freereq(crp);
- DPRINTF(("esp_input: failed to allocate tdb_crypto\n"));
- ESP_STATINC(ESP_STAT_CRYPTO);
- m_freem(m);
- return ENOBUFS;
+ DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
+ error = ENOBUFS;
+ goto out1;
}
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
if (error) {
- m_freem(m);
- free(tc, M_XDATA);
- crypto_freereq(crp);
- DPRINTF(("esp_input: m_makewritable failed\n"));
- ESP_STATINC(ESP_STAT_CRYPTO);
- return error;
+ DPRINTF(("%s: m_makewritable failed\n", __func__));
+ goto out2;
}
tc->tc_ptr = mtag;
@@ -425,7 +413,8 @@ esp_input(struct mbuf *m, const struct s
if (esph) {
struct cryptodesc *crda = crp->crp_desc;
- IPSEC_ASSERT(crda != NULL, ("esp_input: null ah crypto descriptor"));
+ IPSEC_ASSERT(crda != NULL, ("%s: null ah crypto descriptor",
+ __func__));
/* Authentication descriptor */
crda->crd_skip = skip;
@@ -447,8 +436,7 @@ esp_input(struct mbuf *m, const struct s
/* Copy the authenticator */
if (mtag == NULL)
- m_copydata(m, m->m_pkthdr.len - alen, alen,
- (tc + 1));
+ m_copydata(m, m->m_pkthdr.len - alen, alen, (tc + 1));
/* Chain authentication request */
crde = crda->crd_next;
@@ -473,7 +461,8 @@ esp_input(struct mbuf *m, const struct s
/* Decryption descriptor */
if (espx) {
- IPSEC_ASSERT(crde != NULL, ("esp_input: null esp crypto descriptor"));
+ IPSEC_ASSERT(crde != NULL, ("%s: null esp crypto descriptor",
+ __func__));
crde->crd_skip = skip + hlen;
if (espx->type == CRYPTO_AES_GMAC)
crde->crd_len = 0;
@@ -491,6 +480,15 @@ esp_input(struct mbuf *m, const struct s
return crypto_dispatch(crp);
else
return esp_input_cb(crp);
+
+out2:
+ free(tc, M_XDATA);
+out1:
+ crypto_freereq(crp);
+out:
+ ESP_STATINC(ESP_STAT_CRYPTO);
+ m_freem(m);
+ return error;
}
#ifdef INET6
@@ -512,7 +510,7 @@ esp_input(struct mbuf *m, const struct s
static int
esp_input_cb(struct cryptop *crp)
{
- u_int8_t lastthree[3], aalg[AH_ALEN_MAX];
+ uint8_t lastthree[3], aalg[AH_ALEN_MAX];
int s, hlen, skip, protoff, error;
struct mbuf *m;
struct cryptodesc *crd __diagused;
@@ -522,18 +520,19 @@ esp_input_cb(struct cryptop *crp)
struct secasvar *sav;
struct secasindex *saidx;
void *ptr;
- u_int16_t dport;
- u_int16_t sport;
+ uint16_t dport;
+ uint16_t sport;
crd = crp->crp_desc;
- IPSEC_ASSERT(crd != NULL, ("esp_input_cb: null crypto descriptor!"));
+ IPSEC_ASSERT(crd != NULL, ("%s: null crypto descriptor!", __func__));
- tc = (struct tdb_crypto *) crp->crp_opaque;
- IPSEC_ASSERT(tc != NULL, ("esp_input_cb: null opaque crypto data area!"));
+ tc = crp->crp_opaque;
+ IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
+ __func__));
skip = tc->tc_skip;
protoff = tc->tc_protoff;
- mtag = (struct m_tag *) tc->tc_ptr;
- m = (struct mbuf *) crp->crp_buf;
+ mtag = tc->tc_ptr;
+ m = crp->crp_buf;
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
@@ -544,8 +543,9 @@ esp_input_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
if (sav == NULL) {
ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("esp_input_cb: SA expired while in crypto "
- "(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst),
+ DPRINTF(("%s: SA expired while in crypto "
+ "(SA %s/%08lx proto %u)\n", __func__,
+ ipsec_address(&tc->tc_dst),
(u_long) ntohl(tc->tc_spi), tc->tc_proto));
error = ENOBUFS; /*XXX*/
goto bad;
@@ -553,9 +553,9 @@ esp_input_cb(struct cryptop *crp)
saidx = &sav->sah->saidx;
IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
- saidx->dst.sa.sa_family == AF_INET6,
- ("esp_input_cb: unexpected protocol family %u",
- saidx->dst.sa.sa_family));
+ saidx->dst.sa.sa_family == AF_INET6,
+ ("%s: unexpected protocol family %u", __func__,
+ saidx->dst.sa.sa_family));
esph = sav->tdb_authalgxform;
@@ -573,7 +573,7 @@ esp_input_cb(struct cryptop *crp)
}
ESP_STATINC(ESP_STAT_NOXFORM);
- DPRINTF(("esp_input_cb: crypto error %d\n", crp->crp_etype));
+ DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
@@ -581,7 +581,7 @@ esp_input_cb(struct cryptop *crp)
/* Shouldn't happen... */
if (m == NULL) {
ESP_STATINC(ESP_STAT_CRYPTO);
- DPRINTF(("esp_input_cb: bogus returned buffer from crypto\n"));
+ DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
@@ -604,8 +604,8 @@ esp_input_cb(struct cryptop *crp)
/* Verify authenticator */
if (!consttime_memequal(ptr, aalg, esph->authsize)) {
- DPRINTF(("esp_input_cb: "
- "authentication hash mismatch for packet in SA %s/%08lx\n",
+ DPRINTF(("%s: authentication hash mismatch "
+ "for packet in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_BADAUTH);
@@ -631,10 +631,10 @@ esp_input_cb(struct cryptop *crp)
* Update replay sequence number, if appropriate.
*/
if (sav->replay) {
- u_int32_t seq;
+ uint32_t seq;
m_copydata(m, skip + offsetof(struct newesp, esp_seq),
- sizeof (seq), &seq);
+ sizeof(seq), &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav)));
@@ -646,15 +646,15 @@ esp_input_cb(struct cryptop *crp)
/* Determine the ESP header length */
if (sav->flags & SADB_X_EXT_OLD)
- hlen = sizeof (struct esp) + sav->ivlen;
+ hlen = sizeof(struct esp) + sav->ivlen;
else
- hlen = sizeof (struct newesp) + sav->ivlen;
+ hlen = sizeof(struct newesp) + sav->ivlen;
/* Remove the ESP header and IV from the mbuf. */
error = m_striphdr(m, skip, hlen);
if (error) {
ESP_STATINC(ESP_STAT_HDROPS);
- DPRINTF(("esp_input_cb: bad mbuf chain, SA %s/%08lx\n",
+ DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
goto bad;
@@ -666,11 +666,11 @@ esp_input_cb(struct cryptop *crp)
/* Verify pad length */
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
ESP_STATINC(ESP_STAT_BADILEN);
- DPRINTF(("esp_input_cb: invalid padding length %d "
- "for %u byte packet in SA %s/%08lx\n",
- lastthree[1], m->m_pkthdr.len - skip,
- ipsec_address(&sav->sah->saidx.dst),
- (u_long) ntohl(sav->spi)));
+ DPRINTF(("%s: invalid padding length %d "
+ "for %u byte packet in SA %s/%08lx\n", __func__,
+ lastthree[1], m->m_pkthdr.len - skip,
+ ipsec_address(&sav->sah->saidx.dst),
+ (u_long) ntohl(sav->spi)));
error = EINVAL;
goto bad;
}
@@ -679,11 +679,12 @@ esp_input_cb(struct cryptop *crp)
if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) {
if (lastthree[1] != lastthree[0] && lastthree[1] != 0) {
ESP_STATINC(ESP_STAT_BADENC);
- DPRINTF(("esp_input_cb: decryption failed "
- "for packet in SA %s/%08lx\n",
- ipsec_address(&sav->sah->saidx.dst),
- (u_long) ntohl(sav->spi)));
-DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1]));
+ DPRINTF(("%s: decryption failed for packet in SA "
+ "%s/%08lx\n", __func__,
+ ipsec_address(&sav->sah->saidx.dst),
+ (u_long) ntohl(sav->spi)));
+ DPRINTF(("%s: %x %x\n", __func__, lastthree[0],
+ lastthree[1]));
error = EINVAL;
goto bad;
}
@@ -693,7 +694,7 @@ DPRINTF(("esp_input_cb: %x %x\n", lastth
m_adj(m, -(lastthree[1] + 2));
/* Restore the Next Protocol field */
- m_copyback(m, protoff, sizeof (u_int8_t), lastthree + 2);
+ m_copyback(m, protoff, sizeof(uint8_t), lastthree + 2);
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag);
@@ -735,24 +736,24 @@ esp_output(
const struct secasvar *sav;
struct secasindex *saidx;
unsigned char *pad;
- u_int8_t prot;
+ uint8_t prot;
int error, maxpacketsize;
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp;
- IPSEC_SPLASSERT_SOFTNET("esp_output");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
- IPSEC_ASSERT(sav != NULL, ("esp_output: null SA"));
+ IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
esph = sav->tdb_authalgxform;
espx = sav->tdb_encalgxform;
- IPSEC_ASSERT(espx != NULL, ("esp_output: null encoding xform"));
+ IPSEC_ASSERT(espx != NULL, ("%s: null encoding xform", __func__));
if (sav->flags & SADB_X_EXT_OLD)
- hlen = sizeof (struct esp) + sav->ivlen;
+ hlen = sizeof(struct esp) + sav->ivlen;
else
- hlen = sizeof (struct newesp) + sav->ivlen;
+ hlen = sizeof(struct newesp) + sav->ivlen;
rlen = m->m_pkthdr.len - skip; /* Raw payload length. */
/*
@@ -785,18 +786,17 @@ esp_output(
break;
#endif /* INET6 */
default:
- DPRINTF(("esp_output: unknown/unsupported protocol "
- "family %d, SA %s/%08lx\n",
- saidx->dst.sa.sa_family, ipsec_address(&saidx->dst),
- (u_long) ntohl(sav->spi)));
+ DPRINTF(("%s: unknown/unsupported protocol family %d, "
+ "SA %s/%08lx\n", __func__, saidx->dst.sa.sa_family,
+ ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_NOPF);
error = EPFNOSUPPORT;
goto bad;
}
if (skip + hlen + rlen + padding + alen > maxpacketsize) {
- DPRINTF(("esp_output: packet in SA %s/%08lx got too big "
- "(len %u, max len %u)\n",
- ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi),
+ DPRINTF(("%s: packet in SA %s/%08lx got too big (len %u, "
+ "max len %u)\n", __func__, ipsec_address(&saidx->dst),
+ (u_long) ntohl(sav->spi),
skip + hlen + rlen + padding + alen, maxpacketsize));
ESP_STATINC(ESP_STAT_TOOBIG);
error = EMSGSIZE;
@@ -808,7 +808,7 @@ esp_output(
m = m_clone(m);
if (m == NULL) {
- DPRINTF(("esp_output: cannot clone mbuf chain, SA %s/%08lx\n",
+ DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_HDROPS);
error = ENOBUFS;
@@ -818,9 +818,8 @@ esp_output(
/* Inject ESP header. */
mo = m_makespace(m, skip, hlen, &roff);
if (mo == NULL) {
- DPRINTF(("esp_output: failed to inject %u byte ESP hdr for SA "
- "%s/%08lx\n",
- hlen, ipsec_address(&saidx->dst),
+ DPRINTF(("%s: failed to inject %u byte ESP hdr for SA "
+ "%s/%08lx\n", __func__, hlen, ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
ESP_STATINC(ESP_STAT_HDROPS); /* XXX diffs from openbsd */
error = ENOBUFS;
@@ -828,9 +827,9 @@ esp_output(
}
/* Initialize ESP header. */
- memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(u_int32_t));
+ memcpy(mtod(mo, char *) + roff, &sav->spi, sizeof(uint32_t));
if (sav->replay) {
- u_int32_t replay;
+ uint32_t replay;
#ifdef IPSEC_DEBUG
/* Emulate replay attack when ipsec_replay is TRUE. */
@@ -839,18 +838,17 @@ esp_output(
sav->replay->count++;
replay = htonl(sav->replay->count);
- bcopy(&replay,
- mtod(mo,char *) + roff + sizeof(u_int32_t),
- sizeof(u_int32_t));
+ memcpy(mtod(mo,char *) + roff + sizeof(uint32_t), &replay,
+ sizeof(uint32_t));
}
/*
* Add padding -- better to do it ourselves than use the crypto engine,
* although if/when we support compression, we'd have to do that.
*/
- pad = (u_char *) m_pad(m, padding + alen);
+ pad = m_pad(m, padding + alen);
if (pad == NULL) {
- DPRINTF(("esp_output: m_pad failed for SA %s/%08lx\n",
+ DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
m = NULL; /* NB: free'd by m_pad */
error = ENOBUFS;
@@ -876,16 +874,17 @@ esp_output(
/* Fix padding length and Next Protocol in padding itself. */
pad[padding - 2] = padding - 2;
- m_copydata(m, protoff, sizeof(u_int8_t), pad + padding - 1);
+ m_copydata(m, protoff, sizeof(uint8_t), pad + padding - 1);
/* Fix Next Protocol in IPv4/IPv6 header. */
prot = IPPROTO_ESP;
- m_copyback(m, protoff, sizeof(u_int8_t), (u_char *) &prot);
+ m_copyback(m, protoff, sizeof(uint8_t), &prot);
/* Get crypto descriptors. */
crp = crypto_getreq(esph && espx ? 2 : 1);
if (crp == NULL) {
- DPRINTF(("esp_output: failed to acquire crypto descriptors\n"));
+ DPRINTF(("%s: failed to acquire crypto descriptors\n",
+ __func__));
ESP_STATINC(ESP_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@@ -913,11 +912,10 @@ esp_output(
crda = crp->crp_desc;
/* IPsec-specific opaque crypto info. */
- tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
- M_XDATA, M_NOWAIT|M_ZERO);
+ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
crypto_freereq(crp);
- DPRINTF(("esp_output: failed to allocate tdb_crypto\n"));
+ DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
ESP_STATINC(ESP_STAT_CRYPTO);
error = ENOBUFS;
goto bad;
@@ -977,9 +975,9 @@ esp_output_cb(struct cryptop *crp)
struct mbuf *m;
int s, err, error;
- tc = (struct tdb_crypto *) crp->crp_opaque;
- IPSEC_ASSERT(tc != NULL, ("esp_output_cb: null opaque data area!"));
- m = (struct mbuf *) crp->crp_buf;
+ tc = crp->crp_opaque;
+ IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
+ m = crp->crp_buf;
s = splsoftnet();
mutex_enter(softnet_lock);
@@ -988,14 +986,14 @@ esp_output_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
ESP_STATINC(ESP_STAT_NOTDB);
- DPRINTF(("esp_output_cb: SA expired while in crypto "
- "(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst),
+ DPRINTF(("%s: SA expired while in crypto (SA %s/%08lx "
+ "proto %u)\n", __func__, ipsec_address(&tc->tc_dst),
(u_long) ntohl(tc->tc_spi), tc->tc_proto));
error = ENOBUFS; /*XXX*/
goto bad;
}
IPSEC_ASSERT(isr->sav == sav,
- ("esp_output_cb: SA changed was %p now %p\n", isr->sav, sav));
+ ("%s: SA changed was %p now %p", __func__, isr->sav, sav));
/* Check for crypto errors. */
if (crp->crp_etype) {
@@ -1011,7 +1009,7 @@ esp_output_cb(struct cryptop *crp)
}
ESP_STATINC(ESP_STAT_NOXFORM);
- DPRINTF(("esp_output_cb: crypto error %d\n", crp->crp_etype));
+ DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
@@ -1019,7 +1017,7 @@ esp_output_cb(struct cryptop *crp)
/* Shouldn't happen... */
if (m == NULL) {
ESP_STATINC(ESP_STAT_CRYPTO);
- DPRINTF(("esp_output_cb: bogus returned buffer from crypto\n"));
+ DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.33 src/sys/netipsec/xform_ipcomp.c:1.34
--- src/sys/netipsec/xform_ipcomp.c:1.33 Thu Apr 13 12:38:32 2017
+++ src/sys/netipsec/xform_ipcomp.c Sat Apr 15 18:01:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.34 2017/04/15 22:01:57 christos Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -116,8 +116,8 @@ ipcomp_init(struct secasvar *sav, const
/* NB: algorithm really comes in alg_enc and not alg_comp! */
tcomp = ipcomp_algorithm_lookup(sav->alg_enc);
if (tcomp == NULL) {
- DPRINTF(("ipcomp_init: unsupported compression algorithm %d\n",
- sav->alg_comp));
+ DPRINTF(("%s: unsupported compression algorithm %d\n",
+ __func__, sav->alg_comp));
return EINVAL;
}
sav->alg_comp = sav->alg_enc; /* set for doing histogram */
@@ -125,7 +125,7 @@ ipcomp_init(struct secasvar *sav, const
sav->tdb_compalgxform = tcomp;
/* Initialize crypto session */
- memset(&cric, 0, sizeof (cric));
+ memset(&cric, 0, sizeof(cric));
cric.cri_alg = sav->tdb_compalgxform->type;
ses = crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support);
@@ -156,29 +156,29 @@ ipcomp_input(struct mbuf *m, const struc
struct cryptop *crp;
int error, hlen = IPCOMP_HLENGTH;
- IPSEC_SPLASSERT_SOFTNET("ipcomp_input");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
/* Get crypto descriptors */
crp = crypto_getreq(1);
if (crp == NULL) {
m_freem(m);
- DPRINTF(("ipcomp_input: no crypto descriptors\n"));
+ DPRINTF(("%s: no crypto descriptors\n", __func__));
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
return ENOBUFS;
}
/* Get IPsec-specific opaque pointer */
- tc = (struct tdb_crypto *) malloc(sizeof (*tc), M_XDATA, M_NOWAIT|M_ZERO);
+ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
m_freem(m);
crypto_freereq(crp);
- DPRINTF(("ipcomp_input: cannot allocate tdb_crypto\n"));
+ DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__));
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
return ENOBUFS;
}
error = m_makewritable(&m, 0, m->m_pkthdr.len, M_NOWAIT);
if (error) {
- DPRINTF(("ipcomp_input: m_makewritable failed\n"));
+ DPRINTF(("%s: m_makewritable failed\n", __func__));
m_freem(m);
free(tc, M_XDATA);
crypto_freereq(crp);
@@ -241,16 +241,17 @@ ipcomp_input_cb(struct cryptop *crp)
struct secasvar *sav;
struct secasindex *saidx __diagused;
int s, hlen = IPCOMP_HLENGTH, error, clen;
- u_int8_t nproto;
+ uint8_t nproto;
void *addr;
- u_int16_t dport;
- u_int16_t sport;
+ uint16_t dport;
+ uint16_t sport;
- tc = (struct tdb_crypto *) crp->crp_opaque;
- IPSEC_ASSERT(tc != NULL, ("ipcomp_input_cb: null opaque crypto data area!"));
+ tc = crp->crp_opaque;
+ IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!",
+ __func__));
skip = tc->tc_skip;
protoff = tc->tc_protoff;
- m = (struct mbuf *) crp->crp_buf;
+ m = crp->crp_buf;
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
@@ -261,7 +262,7 @@ ipcomp_input_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
if (sav == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("ipcomp_input_cb: SA expired while in crypto\n"));
+ DPRINTF(("%s: SA expired while in crypto\n", __func__));
error = ENOBUFS; /*XXX*/
goto bad;
}
@@ -269,7 +270,7 @@ ipcomp_input_cb(struct cryptop *crp)
saidx = &sav->sah->saidx;
IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
saidx->dst.sa.sa_family == AF_INET6,
- ("ipcomp_input_cb: unexpected protocol family %u",
+ ("%s: unexpected protocol family %u", __func__,
saidx->dst.sa.sa_family));
/* Check for crypto errors */
@@ -286,14 +287,14 @@ ipcomp_input_cb(struct cryptop *crp)
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
- DPRINTF(("ipcomp_input_cb: crypto error %d\n", crp->crp_etype));
+ DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
/* Shouldn't happen... */
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
- DPRINTF(("ipcomp_input_cb: null mbuf returned from crypto\n"));
+ DPRINTF(("%s: null mbuf returned from crypto\n", __func__));
error = EINVAL;
goto bad;
}
@@ -314,7 +315,7 @@ ipcomp_input_cb(struct cryptop *crp)
if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS); /*XXX*/
- DPRINTF(("ipcomp_input_cb: m_pullup failed\n"));
+ DPRINTF(("%s: m_pullup failed\n", __func__));
error = EINVAL; /*XXX*/
goto bad;
}
@@ -322,27 +323,32 @@ ipcomp_input_cb(struct cryptop *crp)
/* Keep the next protocol field */
addr = (uint8_t*) mtod(m, struct ip *) + skip;
nproto = ((struct ipcomp *) addr)->comp_nxt;
- if (nproto == IPPROTO_IPCOMP || nproto == IPPROTO_AH || nproto == IPPROTO_ESP) {
+ switch (nproto) {
+ case IPPROTO_IPCOMP:
+ case IPPROTO_AH:
+ case IPPROTO_ESP:
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
- DPRINTF(("ipcomp_input_cb: nested ipcomp, IPCA %s/%08lx\n",
- ipsec_address(&sav->sah->saidx.dst),
- (u_long) ntohl(sav->spi)));
+ DPRINTF(("%s: nested ipcomp, IPCA %s/%08lx\n", __func__,
+ ipsec_address(&sav->sah->saidx.dst),
+ (u_long) ntohl(sav->spi)));
error = EINVAL;
goto bad;
+ default:
+ break;
}
/* Remove the IPCOMP header */
error = m_striphdr(m, skip, hlen);
if (error) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
- DPRINTF(("ipcomp_input_cb: bad mbuf chain, IPCA %s/%08lx\n",
+ DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
goto bad;
}
/* Restore the Next Protocol field */
- m_copyback(m, protoff, sizeof (u_int8_t), (u_int8_t *) &nproto);
+ m_copyback(m, protoff, sizeof(uint8_t), (uint8_t *) &nproto);
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, NULL);
@@ -383,11 +389,11 @@ ipcomp_output(
struct cryptop *crp;
struct tdb_crypto *tc;
- IPSEC_SPLASSERT_SOFTNET("ipcomp_output");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
- IPSEC_ASSERT(sav != NULL, ("ipcomp_output: null SA"));
+ IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
ipcompx = sav->tdb_compalgxform;
- IPSEC_ASSERT(ipcompx != NULL, ("ipcomp_output: null compression xform"));
+ IPSEC_ASSERT(ipcompx != NULL, ("%s: null compression xform", __func__));
ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */
@@ -415,8 +421,8 @@ ipcomp_output(
#endif /* INET6 */
default:
IPCOMP_STATINC(IPCOMP_STAT_NOPF);
- DPRINTF(("ipcomp_output: unknown/unsupported protocol family %d"
- ", IPCA %s/%08lx\n",
+ DPRINTF(("%s: unknown/unsupported protocol family %d"
+ ", IPCA %s/%08lx\n", __func__,
sav->sah->saidx.dst.sa.sa_family,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
@@ -425,8 +431,8 @@ ipcomp_output(
}
if (skip + hlen + ralen > maxpacketsize) {
IPCOMP_STATINC(IPCOMP_STAT_TOOBIG);
- DPRINTF(("ipcomp_output: packet in IPCA %s/%08lx got too big "
- "(len %u, max len %u)\n",
+ DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
+ "(len %u, max len %u)\n", __func__,
ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi),
skip + hlen + ralen, maxpacketsize));
@@ -440,8 +446,8 @@ ipcomp_output(
m = m_clone(m);
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
- DPRINTF(("ipcomp_output: cannot clone mbuf chain, IPCA %s/%08lx\n",
- ipsec_address(&sav->sah->saidx.dst),
+ DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
+ __func__, ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
error = ENOBUFS;
goto bad;
@@ -453,7 +459,8 @@ ipcomp_output(
crp = crypto_getreq(1);
if (crp == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
- DPRINTF(("ipcomp_output: failed to acquire crypto descriptor\n"));
+ DPRINTF(("%s: failed to acquire crypto descriptor\n",
+ __func__));
error = ENOBUFS;
goto bad;
}
@@ -469,11 +476,10 @@ ipcomp_output(
crdc->crd_alg = ipcompx->type;
/* IPsec-specific opaque crypto info */
- tc = (struct tdb_crypto *) malloc(sizeof(struct tdb_crypto),
- M_XDATA, M_NOWAIT|M_ZERO);
+ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
if (tc == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
- DPRINTF(("ipcomp_output: failed to allocate tdb_crypto\n"));
+ DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
crypto_freereq(crp);
error = ENOBUFS;
goto bad;
@@ -512,14 +518,14 @@ ipcomp_output_cb(struct cryptop *crp)
struct secasvar *sav;
struct mbuf *m, *mo;
int s, error, skip, rlen, roff;
- u_int8_t prot;
- u_int16_t cpi;
+ uint8_t prot;
+ uint16_t cpi;
struct ipcomp * ipcomp;
- tc = (struct tdb_crypto *) crp->crp_opaque;
- IPSEC_ASSERT(tc != NULL, ("ipcomp_output_cb: null opaque data area!"));
- m = (struct mbuf *) crp->crp_buf;
+ tc = crp->crp_opaque;
+ IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__));
+ m = crp->crp_buf;
skip = tc->tc_skip;
rlen = crp->crp_ilen - skip;
@@ -530,11 +536,11 @@ ipcomp_output_cb(struct cryptop *crp)
sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
if (sav == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
- DPRINTF(("ipcomp_output_cb: SA expired while in crypto\n"));
+ DPRINTF(("%s: SA expired while in crypto\n", __func__));
error = ENOBUFS; /*XXX*/
goto bad;
}
- IPSEC_ASSERT(isr->sav == sav, ("ipcomp_output_cb: SA changed\n"));
+ IPSEC_ASSERT(isr->sav == sav, ("%s: SA changed", __func__));
/* Check for crypto errors */
if (crp->crp_etype) {
@@ -549,14 +555,14 @@ ipcomp_output_cb(struct cryptop *crp)
return crypto_dispatch(crp);
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
- DPRINTF(("ipcomp_output_cb: crypto error %d\n", crp->crp_etype));
+ DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype));
error = crp->crp_etype;
goto bad;
}
/* Shouldn't happen... */
if (m == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_CRYPTO);
- DPRINTF(("ipcomp_output_cb: bogus return buffer from crypto\n"));
+ DPRINTF(("%s: bogus return buffer from crypto\n", __func__));
error = EINVAL;
goto bad;
}
@@ -567,10 +573,10 @@ ipcomp_output_cb(struct cryptop *crp)
mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff);
if (mo == NULL) {
IPCOMP_STATINC(IPCOMP_STAT_WRAP);
- DPRINTF(("ipcomp_output: failed to inject IPCOMP header for "
- "IPCA %s/%08lx\n",
- ipsec_address(&sav->sah->saidx.dst),
- (u_long) ntohl(sav->spi)));
+ DPRINTF(("%s: failed to inject IPCOMP header for "
+ "IPCA %s/%08lx\n", __func__,
+ ipsec_address(&sav->sah->saidx.dst),
+ (u_long) ntohl(sav->spi)));
error = ENOBUFS;
goto bad;
}
@@ -600,7 +606,7 @@ ipcomp_output_cb(struct cryptop *crp)
/* Fix Next Protocol in IPv4/IPv6 header */
prot = IPPROTO_IPCOMP;
- m_copyback(m, tc->tc_protoff, sizeof(u_int8_t), (u_char *)&prot);
+ m_copyback(m, tc->tc_protoff, sizeof(uint8_t), (u_char *)&prot);
/* Adjust the length in the IP header */
switch (sav->sah->saidx.dst.sa.sa_family) {
Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.44 src/sys/netipsec/xform_ipip.c:1.45
--- src/sys/netipsec/xform_ipip.c:1.44 Fri Apr 14 18:35:05 2017
+++ src/sys/netipsec/xform_ipip.c Sat Apr 15 18:01:57 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipip.c,v 1.44 2017/04/14 22:35:05 christos Exp $ */
+/* $NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.44 2017/04/14 22:35:05 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.45 2017/04/15 22:01:57 christos Exp $");
/*
* IP-inside-IP processing
@@ -144,7 +144,7 @@ ip4_input6(struct mbuf **m, int *offp, i
#if 0
/* If we do not accept IP-in-IP explicitly, drop. */
if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) {
- DPRINTF(("ip4_input6: dropped due to policy\n"));
+ DPRINTF(("%s: dropped due to policy\n", __func__));
IPIP_STATINC(IPIP_STAT_PDROPS);
m_freem(*m);
return IPPROTO_DONE;
@@ -166,7 +166,7 @@ ip4_input(struct mbuf *m, int off, int p
#if 0
/* If we do not accept IP-in-IP explicitly, drop. */
if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) {
- DPRINTF(("ip4_input: dropped due to policy\n"));
+ DPRINTF(("%s: dropped due to policy\n", __func__));
IPIP_STATINC(IPIP_STAT_PDROPS);
m_freem(m);
return;
@@ -195,10 +195,10 @@ _ipip_input(struct mbuf *m, int iphlen,
#ifdef INET6
register struct sockaddr_in6 *sin6;
struct ip6_hdr *ip6 = NULL;
- u_int8_t itos;
+ uint8_t itos;
#endif
- u_int8_t otos;
- u_int8_t v;
+ uint8_t otos;
+ uint8_t v;
int hlen;
IPIP_STATINC(IPIP_STAT_IPACKETS);
@@ -217,8 +217,8 @@ _ipip_input(struct mbuf *m, int iphlen,
break;
#endif
default:
- DPRINTF(("_ipip_input: bad protocol version 0x%x (%u) "
- "for outer header\n", v, v>>4));
+ DPRINTF(("%s: bad protocol version 0x%x (%u) "
+ "for outer header\n", __func__, v, v>>4));
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
return /* EAFNOSUPPORT */;
@@ -227,7 +227,7 @@ _ipip_input(struct mbuf *m, int iphlen,
/* Bring the IP header in the first mbuf, if not there already */
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
- DPRINTF(("ipip_input: m_pullup (1) failed\n"));
+ DPRINTF(("%s: m_pullup (1) failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
return;
}
@@ -257,7 +257,7 @@ _ipip_input(struct mbuf *m, int iphlen,
break;
#endif
default:
- panic("ipip_input: unknown ip version %u (outer)", v>>4);
+ panic("%s: unknown ip version %u (outer)", __func__, v >> 4);
}
/* Remove outer IP header */
@@ -285,8 +285,8 @@ _ipip_input(struct mbuf *m, int iphlen,
break;
#endif
default:
- DPRINTF(("_ipip_input: bad protocol version 0x%x (%u) "
- "for inner header\n", v, v>>4));
+ DPRINTF(("%s: bad protocol version %#x (%u) "
+ "for inner header\n", __func__, v, v >> 4));
IPIP_STATINC(IPIP_STAT_FAMILY);
m_freem(m);
return; /* EAFNOSUPPORT */
@@ -297,7 +297,7 @@ _ipip_input(struct mbuf *m, int iphlen,
*/
if (m->m_len < hlen) {
if ((m = m_pullup(m, hlen)) == NULL) {
- DPRINTF(("ipip_input: m_pullup (2) failed\n"));
+ DPRINTF(("%s: m_pullup (2) failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
return;
}
@@ -323,11 +323,11 @@ _ipip_input(struct mbuf *m, int iphlen,
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
ip_ecn_egress(ip6_ipsec_ecn, &otos, &itos);
ip6->ip6_flow &= ~htonl(0xff << 20);
- ip6->ip6_flow |= htonl((u_int32_t) itos << 20);
+ ip6->ip6_flow |= htonl((uint32_t) itos << 20);
break;
#endif
default:
- panic("ipip_input: unknown ip version %u (inner)", v>>4);
+ panic("%s: unknown ip version %u (inner)", __func__, v>>4);
}
/* Check for local address spoofing. */
@@ -400,7 +400,7 @@ _ipip_input(struct mbuf *m, int iphlen,
break;
#endif
default:
- panic("ipip_input: should never reach here");
+ panic("%s: should never reach here", __func__);
}
int s = splnet();
@@ -421,22 +421,22 @@ ipip_output(
)
{
const struct secasvar *sav;
- u_int8_t tp, otos;
+ uint8_t tp, otos;
struct secasindex *saidx;
int error;
#ifdef INET
- u_int8_t itos;
+ uint8_t itos;
struct ip *ipo;
#endif /* INET */
#ifdef INET6
struct ip6_hdr *ip6, *ip6o;
#endif /* INET6 */
- IPSEC_SPLASSERT_SOFTNET("ipip_output");
+ IPSEC_SPLASSERT_SOFTNET(__func__);
sav = isr->sav;
- IPSEC_ASSERT(sav != NULL, ("ipip_output: null SA"));
- IPSEC_ASSERT(sav->sah != NULL, ("ipip_output: null SAH"));
+ IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__));
+ IPSEC_ASSERT(sav->sah != NULL, ("%s: null SAH", __func__));
/* XXX Deal with empty TDB source/destination addresses. */
@@ -450,8 +450,8 @@ ipip_output(
if (saidx->src.sa.sa_family != AF_INET ||
saidx->src.sin.sin_addr.s_addr == INADDR_ANY ||
saidx->dst.sin.sin_addr.s_addr == INADDR_ANY) {
- DPRINTF(("ipip_output: unspecified tunnel endpoint "
- "address in SA %s/%08lx\n",
+ DPRINTF(("%s: unspecified tunnel endpoint "
+ "address in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
IPIP_STATINC(IPIP_STAT_UNSPEC);
@@ -461,7 +461,7 @@ ipip_output(
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
if (m == 0) {
- DPRINTF(("ipip_output: M_PREPEND failed\n"));
+ DPRINTF(("%s: M_PREPEND failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@@ -490,7 +490,7 @@ ipip_output(
/* Save ECN notification */
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip, ip_tos),
- sizeof(u_int8_t), &itos);
+ sizeof(uint8_t), &itos);
ipo->ip_p = IPPROTO_IPIP;
@@ -500,17 +500,17 @@ ipip_output(
*/
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip, ip_off),
- sizeof(u_int16_t), &ipo->ip_off);
+ sizeof(uint16_t), &ipo->ip_off);
ipo->ip_off &= ~ IP_OFF_CONVERT(IP_DF | IP_MF | IP_OFFMASK);
}
#ifdef INET6
else if (tp == (IPV6_VERSION >> 4)) {
- u_int32_t itos32;
+ uint32_t itos32;
/* Save ECN notification. */
m_copydata(m, sizeof(struct ip) +
offsetof(struct ip6_hdr, ip6_flow),
- sizeof(u_int32_t), &itos32);
+ sizeof(uint32_t), &itos32);
itos = ntohl(itos32) >> 20;
ipo->ip_p = IPPROTO_IPV6;
ipo->ip_off = 0;
@@ -531,8 +531,8 @@ ipip_output(
if (IN6_IS_ADDR_UNSPECIFIED(&saidx->dst.sin6.sin6_addr) ||
saidx->src.sa.sa_family != AF_INET6 ||
IN6_IS_ADDR_UNSPECIFIED(&saidx->src.sin6.sin6_addr)) {
- DPRINTF(("ipip_output: unspecified tunnel endpoint "
- "address in SA %s/%08lx\n",
+ DPRINTF(("%s: unspecified tunnel endpoint "
+ "address in SA %s/%08lx\n", __func__,
ipsec_address(&saidx->dst),
(u_long) ntohl(sav->spi)));
IPIP_STATINC(IPIP_STAT_UNSPEC);
@@ -551,7 +551,7 @@ ipip_output(
M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
if (m == 0) {
- DPRINTF(("ipip_output: M_PREPEND failed\n"));
+ DPRINTF(("%s: M_PREPEND failed\n", __func__));
IPIP_STATINC(IPIP_STAT_HDROPS);
error = ENOBUFS;
goto bad;
@@ -575,7 +575,7 @@ ipip_output(
if (tp == IPVERSION) {
/* Save ECN notification */
m_copydata(m, sizeof(struct ip6_hdr) +
- offsetof(struct ip, ip_tos), sizeof(u_int8_t),
+ offsetof(struct ip, ip_tos), sizeof(uint8_t),
&itos);
/* This is really IPVERSION. */
@@ -583,12 +583,12 @@ ipip_output(
} else
#endif /* INET */
if (tp == (IPV6_VERSION >> 4)) {
- u_int32_t itos32;
+ uint32_t itos32;
/* Save ECN notification. */
m_copydata(m, sizeof(struct ip6_hdr) +
offsetof(struct ip6_hdr, ip6_flow),
- sizeof(u_int32_t), &itos32);
+ sizeof(uint32_t), &itos32);
itos = ntohl(itos32) >> 20;
ip6o->ip6_nxt = IPPROTO_IPV6;
@@ -598,13 +598,13 @@ ipip_output(
otos = 0;
ip_ecn_ingress(ECN_ALLOWED, &otos, &itos);
- ip6o->ip6_flow |= htonl((u_int32_t) otos << 20);
+ ip6o->ip6_flow |= htonl((uint32_t) otos << 20);
break;
#endif /* INET6 */
default:
nofamily:
- DPRINTF(("ipip_output: unsupported protocol family %u\n",
+ DPRINTF(("%s: unsupported protocol family %u\n", __func__,
saidx->dst.sa.sa_family));
IPIP_STATINC(IPIP_STAT_FAMILY);
error = EAFNOSUPPORT; /* XXX diffs from openbsd */
@@ -669,7 +669,7 @@ ipe4_input(
)
{
/* This is a rather serious mistake, so no conditional printing. */
- printf("ipe4_input: should never be called\n");
+ printf("%s: should never be called\n", __func__);
if (m)
m_freem(m);
return EOPNOTSUPP;
