Module Name: src Committed By: ozaki-r Date: Tue Apr 18 05:26:42 UTC 2017
Modified Files: src/sys/netipsec: ipsec.c ipsec_input.c ipsec_mbuf.c ipsec_output.c key.c xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c Log Message: Convert IPSEC_ASSERT to KASSERT or KASSERTMSG IPSEC_ASSERT just discarded specified message... To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.73 src/sys/netipsec/ipsec.c cvs rdiff -u -r1.39 -r1.40 src/sys/netipsec/ipsec_input.c cvs rdiff -u -r1.13 -r1.14 src/sys/netipsec/ipsec_mbuf.c cvs rdiff -u -r1.43 -r1.44 src/sys/netipsec/ipsec_output.c cvs rdiff -u -r1.107 -r1.108 src/sys/netipsec/key.c cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.52 -r1.53 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.35 -r1.36 src/sys/netipsec/xform_ipcomp.c cvs rdiff -u -r1.46 -r1.47 src/sys/netipsec/xform_ipip.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.72 src/sys/netipsec/ipsec.c:1.73 --- src/sys/netipsec/ipsec.c:1.72 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/ipsec.c Tue Apr 18 05:26:41 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.72 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: ipsec.c,v 1.73 2017/04/18 05:26:41 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.72 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.73 2017/04/18 05:26:41 ozaki-r Exp $"); /* * IPsec controller part. @@ -439,14 +439,14 @@ ipsec_getpolicy(const struct tdb_ident * { struct secpolicy *sp; - IPSEC_ASSERT(tdbi != NULL, ("%s: null tdbi", __func__)); - IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("%s: invalid direction %u", __func__, dir)); + KASSERT(tdbi != NULL); + KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + "invalid direction %u", dir); sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir); if (sp == NULL) /*XXX????*/ sp = KEY_ALLOCSP_DEFAULT(tdbi->dst.sa.sa_family); - IPSEC_ASSERT(sp != NULL, ("%s: null SP", __func__)); + KASSERT(sp != NULL); return sp; } @@ -470,20 +470,20 @@ ipsec_getpolicybysock(struct mbuf *m, u_ struct secpolicy *sp; int af; - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); - IPSEC_ASSERT(inp != NULL, ("%s: null inpcb", __func__)); - IPSEC_ASSERT(error != NULL, ("%s: null error", __func__)); - IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("%s: invalid direction %u", __func__, dir)); + KASSERT(m != NULL); + KASSERT(inp != NULL); + KASSERT(error != NULL); + KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + "invalid direction %u", dir); - IPSEC_ASSERT(PCB_SOCKET(inp) != NULL, ("%s: null socket", __func__)); + KASSERT(PCB_SOCKET(inp) != NULL); /* XXX FIXME inpcb/in6pcb vs socket*/ af = PCB_FAMILY(inp); - IPSEC_ASSERT(af == AF_INET || af == AF_INET6, - ("%s: unexpected protocol family %u", __func__, af)); + KASSERTMSG(af == AF_INET || af == AF_INET6, + "unexpected protocol family %u", af); - IPSEC_ASSERT(inp->inph_sp != NULL, ("null PCB policy cache")); + KASSERT(inp->inph_sp != NULL); /* If we have a cached entry, and if it is still valid, use it. */ IPSEC_STATINC(IPSEC_STAT_SPDCACHELOOKUP); currsp = ipsec_checkpcbcache(m, /*inpcb_hdr*/inp->inph_sp, dir); @@ -518,7 +518,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ if (*error) return NULL; - IPSEC_ASSERT(pcbsp != NULL, ("%s: null pcbsp", __func__)); + KASSERT(pcbsp != NULL); switch (dir) { case IPSEC_DIR_INBOUND: currsp = pcbsp->sp_in; @@ -527,7 +527,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ currsp = pcbsp->sp_out; break; } - IPSEC_ASSERT(currsp != NULL, ("%s: null currsp", __func__)); + KASSERT(currsp != NULL); if (pcbsp->priv) { /* when privilieged socket */ switch (currsp->policy) { @@ -578,9 +578,8 @@ ipsec_getpolicybysock(struct mbuf *m, u_ } } } - IPSEC_ASSERT(sp != NULL, - ("%s: null SP (priv %u policy %u", __func__, pcbsp->priv, - currsp->policy)); + KASSERTMSG(sp != NULL, "null SP (priv %u policy %u", pcbsp->priv, + currsp->policy); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s (priv %u policy %u) allocates SP:%p (refcnt %u)\n", __func__, pcbsp->priv, currsp->policy, sp, sp->refcnt)); @@ -604,10 +603,10 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ struct secpolicyindex spidx; struct secpolicy *sp; - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); - IPSEC_ASSERT(error != NULL, ("%s: null error", __func__)); - IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("%s: invalid direction %u", __func__, dir)); + KASSERT(m != NULL); + KASSERT(error != NULL); + KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + "invalid direction %u", dir); sp = NULL; @@ -628,7 +627,7 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ if (sp == NULL) /* no SP found, use system default */ sp = KEY_ALLOCSP_DEFAULT(spidx.dst.sa.sa_family); - IPSEC_ASSERT(sp != NULL, ("%s: null SP", __func__)); + KASSERT(sp != NULL); return sp; } @@ -647,13 +646,11 @@ ipsec4_checkpolicy(struct mbuf *m, u_int } else sp = ipsec_getpolicybysock(m, dir, IN4PCB_TO_PCB(inp), error); if (sp == NULL) { - IPSEC_ASSERT(*error != 0, - ("%s: getpolicy failed w/o error", __func__)); + KASSERTMSG(*error != 0, "getpolicy failed w/o error"); IPSEC_STATINC(IPSEC_STAT_OUT_INVAL); return NULL; } - IPSEC_ASSERT(*error == 0, ("%s: sp w/ error set to %u", __func__, - *error)); + KASSERTMSG(*error == 0, "sp w/ error set to %u", *error); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: @@ -894,13 +891,11 @@ ipsec6_checkpolicy(struct mbuf *m, u_int } else sp = ipsec_getpolicybysock(m, dir, IN6PCB_TO_PCB(in6p), error); if (sp == NULL) { - IPSEC_ASSERT(*error != 0, ("%s: getpolicy failed w/o error", - __func__)); + KASSERTMSG(*error != 0, "getpolicy failed w/o error"); IPSEC_STATINC(IPSEC_STAT_OUT_INVAL); return NULL; } - IPSEC_ASSERT(*error == 0, ("%s: sp w/ error set to %u", __func__, - *error)); + KASSERTMSG(*error == 0, "sp w/ error set to %u", *error); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: @@ -934,10 +929,10 @@ ipsec4_setspidx_inpcb(struct mbuf *m, st { int error; - IPSEC_ASSERT(pcb != NULL, ("%s: null pcb", __func__)); - IPSEC_ASSERT(pcb->inp_sp != NULL, ("%s: null inp_sp", __func__)); - IPSEC_ASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL, - ("%s: null sp_in || sp_out", __func__)); + KASSERT(pcb != NULL); + KASSERT(pcb->inp_sp != NULL); + KASSERT(pcb->inp_sp->sp_out != NULL); + KASSERT(pcb->inp_sp->sp_in != NULL); error = ipsec_setspidx(m, &pcb->inp_sp->sp_in->spidx, 1); if (error == 0) { @@ -960,11 +955,10 @@ ipsec6_setspidx_in6pcb(struct mbuf *m, s struct secpolicyindex *spidx; int error; - IPSEC_ASSERT(pcb != NULL, ("%s: null pcb", __func__)); - IPSEC_ASSERT(pcb->in6p_sp != NULL, ("%s: null inp_sp", __func__)); - IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && - pcb->in6p_sp->sp_in != NULL, ("%s: null sp_in || sp_out", - __func__)); + KASSERT(pcb != NULL); + KASSERT(pcb->in6p_sp != NULL); + KASSERT(pcb->in6p_sp->sp_out != NULL); + KASSERT(pcb->in6p_sp->sp_in != NULL); memset(&pcb->in6p_sp->sp_in->spidx, 0, sizeof(*spidx)); memset(&pcb->in6p_sp->sp_out->spidx, 0, sizeof(*spidx)); @@ -1005,7 +999,7 @@ ipsec_setspidx(struct mbuf *m, struct se int len; int error; - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); + KASSERT(m != NULL); /* * validate m->m_pkthdr.len. we see incorrect length if we @@ -1071,9 +1065,8 @@ ipsec4_get_ulp(struct mbuf *m, struct se int off; /* sanity check */ - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); - IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip), - ("%s: packet too short", __func__)); + KASSERT(m != NULL); + KASSERTMSG(m->m_pkthdr.len >= sizeof(struct ip), "packet too short"); /* NB: ip_input() flips it into host endian XXX need more checking */ if (m->m_len >= sizeof(struct ip)) { @@ -1504,7 +1497,7 @@ ipsec4_set_policy(struct inpcb *inp, int return EINVAL; xpl = (const struct sadb_x_policy *)request; - IPSEC_ASSERT(inp->inp_sp != NULL, ("%s: null inp->in_sp", __func__)); + KASSERT(inp->inp_sp != NULL); /* select direction */ switch (xpl->sadb_x_policy_dir) { @@ -1533,7 +1526,7 @@ ipsec4_get_policy(struct inpcb *inp, con /* sanity check. */ if (inp == NULL || request == NULL || mp == NULL) return EINVAL; - IPSEC_ASSERT(inp->inp_sp != NULL, ("%s: null inp_sp", __func__)); + KASSERT(inp->inp_sp != NULL); if (len < sizeof(*xpl)) return EINVAL; xpl = (const struct sadb_x_policy *)request; @@ -1559,7 +1552,8 @@ ipsec4_get_policy(struct inpcb *inp, con int ipsec4_delete_pcbpolicy(struct inpcb *inp) { - IPSEC_ASSERT(inp != NULL, ("%s: null inp", __func__)); + + KASSERT(inp != NULL); if (inp->inp_sp == NULL) return 0; @@ -1620,7 +1614,7 @@ ipsec6_get_policy(struct in6pcb *in6p, c /* sanity check. */ if (in6p == NULL || request == NULL || mp == NULL) return EINVAL; - IPSEC_ASSERT(in6p->in6p_sp != NULL, ("%s: null in6p_sp", __func__)); + KASSERT(in6p->in6p_sp != NULL); if (len < sizeof(*xpl)) return EINVAL; xpl = (const struct sadb_x_policy *)request; @@ -1645,7 +1639,8 @@ ipsec6_get_policy(struct in6pcb *in6p, c int ipsec6_delete_pcbpolicy(struct in6pcb *in6p) { - IPSEC_ASSERT(in6p != NULL, ("%s: null in6p", __func__)); + + KASSERT(in6p != NULL); if (in6p->in6p_sp == NULL) return 0; @@ -1676,12 +1671,12 @@ ipsec_get_reqlevel(const struct ipsecreq u_int esp_trans_deflev, esp_net_deflev; u_int ah_trans_deflev, ah_net_deflev; - IPSEC_ASSERT(isr != NULL && isr->sp != NULL, ("%s: null argument", - __func__)); - IPSEC_ASSERT(isr->sp->spidx.src.sa.sa_family == - isr->sp->spidx.dst.sa.sa_family, - ("%s: af family mismatch, src %u, dst %u", __func__, - isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family)); + KASSERT(isr != NULL); + KASSERT(isr->sp != NULL); + KASSERTMSG( + isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family, + "af family mismatch, src %u, dst %u", + isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family); /* XXX note that we have ipseclog() expanded here - code sync issue */ #define IPSEC_CHECK_DEFAULT(lev) \ @@ -1789,8 +1784,8 @@ ipsec_in_reject(const struct secpolicy * return 0; } - IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("%s: invalid policy %u", __func__, sp->policy)); + KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC, + "invalid policy %u", sp->policy); /* XXX should compare policy against ipsec header history */ @@ -1851,7 +1846,7 @@ ipsec4_in_reject(struct mbuf *m, struct int error; int result; - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); + KASSERT(m != NULL); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -1937,8 +1932,8 @@ ipsec_hdrsiz(const struct secpolicy *sp) return 0; } - IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("%s: invalid policy %u", __func__, sp->policy)); + KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC, + "invalid policy %u", sp->policy); siz = 0; for (isr = sp->req; isr != NULL; isr = isr->next) { @@ -1988,9 +1983,8 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, int error; size_t size; - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); - IPSEC_ASSERT(inp == NULL || inp->inp_socket != NULL, - ("%s: socket w/o inpcb", __func__)); + KASSERT(m != NULL); + KASSERTMSG(inp == NULL || inp->inp_socket != NULL, "socket w/o inpcb"); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -2025,9 +2019,9 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, int error; size_t size; - IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); - IPSEC_ASSERT(in6p == NULL || in6p->in6p_socket != NULL, - ("%s: socket w/o inpcb", __func__)); + KASSERT(m != NULL); + KASSERTMSG(in6p == NULL || in6p->in6p_socket != NULL, + "socket w/o inpcb"); /* get SP for this packet */ /* XXX Is it right to call with IP_FORWARDING. */ @@ -2070,8 +2064,8 @@ ipsec_chkreplay(u_int32_t seq, const str IPSEC_SPLASSERT_SOFTNET(__func__); - IPSEC_ASSERT(sav != NULL, ("%s: Null SA", __func__)); - IPSEC_ASSERT(sav->replay != NULL, ("%s: Null replay state", __func__)); + KASSERT(sav != NULL); + KASSERT(sav->replay != NULL); replay = sav->replay; @@ -2128,8 +2122,8 @@ ipsec_updatereplay(u_int32_t seq, const IPSEC_SPLASSERT_SOFTNET(__func__); - IPSEC_ASSERT(sav != NULL, ("%s: Null SA", __func__)); - IPSEC_ASSERT(sav->replay != NULL, ("%s: Null replay state", __func__)); + KASSERT(sav != NULL); + KASSERT(sav->replay != NULL); replay = sav->replay; @@ -2279,8 +2273,7 @@ ipsec_logsastr(const struct secasvar *sa char *p; const struct secasindex *saidx = &sav->sah->saidx; - IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, - ("%s: address family mismatch", __func__)); + KASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family); p = buf; snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi)); Index: src/sys/netipsec/ipsec_input.c diff -u src/sys/netipsec/ipsec_input.c:1.39 src/sys/netipsec/ipsec_input.c:1.40 --- src/sys/netipsec/ipsec_input.c:1.39 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/ipsec_input.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_input.c,v 1.39 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ /* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.39 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.40 2017/04/18 05:26:42 ozaki-r Exp $"); /* * IPsec input processing. @@ -134,7 +134,7 @@ ipsec_common_input(struct mbuf *m, int s IPSEC_ISTAT(sproto, ESP_STAT_INPUT, AH_STAT_INPUT, IPCOMP_STAT_INPUT); - IPSEC_ASSERT(m != NULL, ("ipsec_common_input: null packet")); + KASSERT(m != NULL); if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || @@ -285,17 +285,16 @@ ipsec4_common_input_cb(struct mbuf *m, s IPSEC_SPLASSERT_SOFTNET("ipsec4_common_input_cb"); - IPSEC_ASSERT(m != NULL, ("ipsec4_common_input_cb: null mbuf")); - IPSEC_ASSERT(sav != NULL, ("ipsec4_common_input_cb: null SA")); - IPSEC_ASSERT(sav->sah != NULL, ("ipsec4_common_input_cb: null SAH")); + KASSERT(m != NULL); + KASSERT(sav != NULL); + KASSERT(sav->sah != NULL); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; - IPSEC_ASSERT(af == AF_INET, ("ipsec4_common_input_cb: unexpected af %u",af)); + KASSERTMSG(af == AF_INET, "unexpected af %u", af); sproto = saidx->proto; - IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || - sproto == IPPROTO_IPCOMP, - ("ipsec4_common_input_cb: unexpected security protocol %u", - sproto)); + KASSERTMSG(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + sproto == IPPROTO_IPCOMP, + "unexpected security protocol %u", sproto); /* Sanity check */ if (m == NULL) { @@ -474,8 +473,7 @@ ipsec6_common_input(struct mbuf **mp, in l = (ip6e.ip6e_len + 2) << 2; else l = (ip6e.ip6e_len + 1) << 3; - IPSEC_ASSERT(l > 0, - ("ipsec6_common_input: l went zero or negative")); + KASSERT(l > 0); nxt = ip6e.ip6e_nxt; } while (protoff + l < *offp); @@ -517,18 +515,16 @@ ipsec6_common_input_cb(struct mbuf *m, s u_int8_t prot, nxt8; int error, nest; - IPSEC_ASSERT(m != NULL, ("ipsec6_common_input_cb: null mbuf")); - IPSEC_ASSERT(sav != NULL, ("ipsec6_common_input_cb: null SA")); - IPSEC_ASSERT(sav->sah != NULL, ("ipsec6_common_input_cb: null SAH")); + KASSERT(m != NULL); + KASSERT(sav != NULL); + KASSERT(sav->sah != NULL); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; - IPSEC_ASSERT(af == AF_INET6, - ("ipsec6_common_input_cb: unexpected af %u", af)); + KASSERTMSG(af == AF_INET6, "unexpected af %u", af); sproto = saidx->proto; - IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || - sproto == IPPROTO_IPCOMP, - ("ipsec6_common_input_cb: unexpected security protocol %u", - sproto)); + KASSERTMSG(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + sproto == IPPROTO_IPCOMP, + "unexpected security protocol %u", sproto); /* Sanity check */ if (m == NULL) { Index: src/sys/netipsec/ipsec_mbuf.c diff -u src/sys/netipsec/ipsec_mbuf.c:1.13 src/sys/netipsec/ipsec_mbuf.c:1.14 --- src/sys/netipsec/ipsec_mbuf.c:1.13 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/ipsec_mbuf.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_mbuf.c,v 1.13 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp $ */ /*- * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. @@ -28,7 +28,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.13 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.14 2017/04/18 05:26:42 ozaki-r Exp $"); /* * IPsec-specific mbuf routines. @@ -65,7 +65,7 @@ m_clone(struct mbuf *m0) struct mbuf *n, *mfirst, *mlast; int len, off; - IPSEC_ASSERT(m0 != NULL, ("m_clone: null mbuf")); + KASSERT(m0 != NULL); mprev = NULL; for (m = m0; m != NULL; m = mprev->m_next) { @@ -113,8 +113,7 @@ m_clone(struct mbuf *m0) * it anyway, we try to reduce the number of mbufs and * clusters so that future work is easier). */ - IPSEC_ASSERT(m->m_flags & M_EXT, - ("m_clone: m_flags 0x%x", m->m_flags)); + KASSERTMSG(m->m_flags & M_EXT, "m_flags 0x%x", m->m_flags); /* NB: we only coalesce into a cluster or larger */ if (mprev != NULL && (mprev->m_flags & M_EXT) && m->m_len <= M_TRAILINGSPACE(mprev)) { @@ -216,8 +215,8 @@ m_makespace(struct mbuf *m0, int skip, i struct mbuf *m; unsigned remain; - IPSEC_ASSERT(m0 != NULL, ("m_dmakespace: null mbuf")); - IPSEC_ASSERT(hlen < MHLEN, ("m_makespace: hlen too big: %u", hlen)); + KASSERT(m0 != NULL); + KASSERTMSG(hlen < MHLEN, "hlen too big: %u", hlen); for (m = m0; m && skip > m->m_len; m = m->m_next) skip -= m->m_len; @@ -333,7 +332,8 @@ m_pad(struct mbuf *m, int n) m0 = m; while (m0->m_len < len) { -IPSEC_ASSERT(m0->m_next != NULL, ("m_pad: m0 null, len %u m_len %u", len, m0->m_len));/*XXX*/ + KASSERTMSG(m0->m_next != NULL, + "m0 null, len %u m_len %u", len, m0->m_len);/*XXX*/ len -= m0->m_len; m0 = m0->m_next; } Index: src/sys/netipsec/ipsec_output.c diff -u src/sys/netipsec/ipsec_output.c:1.43 src/sys/netipsec/ipsec_output.c:1.44 --- src/sys/netipsec/ipsec_output.c:1.43 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/ipsec_output.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_output.c,v 1.43 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Exp $ */ /*- * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.43 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.44 2017/04/18 05:26:42 ozaki-r Exp $"); /* * IPsec output processing. @@ -161,11 +161,11 @@ ipsec_process_done(struct mbuf *m, struc IPSEC_SPLASSERT_SOFTNET("ipsec_process_done"); - IPSEC_ASSERT(m != NULL, ("ipsec_process_done: null mbuf")); - IPSEC_ASSERT(isr != NULL, ("ipsec_process_done: null ISR")); + KASSERT(m != NULL); + KASSERT(isr != NULL); sav = isr->sav; - IPSEC_ASSERT(sav != NULL, ("ipsec_process_done: null SA")); - IPSEC_ASSERT(sav->sah != NULL, ("ipsec_process_done: null SAH")); + KASSERT(sav != NULL); + KASSERT(sav->sah != NULL); saidx = &sav->sah->saidx; @@ -316,8 +316,8 @@ do { \ struct secasvar *sav; IPSEC_SPLASSERT_SOFTNET("ipsec_nextisr"); - IPSEC_ASSERT(af == AF_INET || af == AF_INET6, - ("ipsec_nextisr: invalid address family %u", af)); + KASSERTMSG(af == AF_INET || af == AF_INET6, + "invalid address family %u", af); again: /* * Craft SA index to search for proper SA. Note that @@ -396,9 +396,9 @@ again: sav = isr->sav; /* sav may be NULL here if we have an USE rule */ if (sav == NULL) { - IPSEC_ASSERT(ipsec_get_reqlevel(isr) == IPSEC_LEVEL_USE, - ("ipsec_nextisr: no SA found, but required; level %u", - ipsec_get_reqlevel(isr))); + KASSERTMSG(ipsec_get_reqlevel(isr) == IPSEC_LEVEL_USE, + "no SA found, but required; level %u", + ipsec_get_reqlevel(isr)); isr = isr->next; /* * No more rules to apply, return NULL isr and no error @@ -438,7 +438,7 @@ again: } return isr; bad: - IPSEC_ASSERT(*error != 0, ("ipsec_nextisr: error return w/ no error code")); + KASSERTMSG(*error != 0, "error return w/ no error code"); return NULL; #undef IPSEC_OSTAT } @@ -460,8 +460,8 @@ ipsec4_process_packet( struct ip *ip; int s, error, i, off; - IPSEC_ASSERT(m != NULL, ("ipsec4_process_packet: null mbuf")); - IPSEC_ASSERT(isr != NULL, ("ipsec4_process_packet: null isr")); + KASSERT(m != NULL); + KASSERT(isr != NULL); s = splsoftnet(); /* insure SA contents don't change */ @@ -695,8 +695,8 @@ ipsec6_process_packet( int s, error, i, off; union sockaddr_union *dst; - IPSEC_ASSERT(m != NULL, ("ipsec6_process_packet: null mbuf")); - IPSEC_ASSERT(isr != NULL, ("ipsec6_process_packet: null isr")); + KASSERT(m != NULL); + KASSERT(isr != NULL); s = splsoftnet(); /* insure SA contents don't change */ Index: src/sys/netipsec/key.c diff -u src/sys/netipsec/key.c:1.107 src/sys/netipsec/key.c:1.108 --- src/sys/netipsec/key.c:1.107 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/key.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.107 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.107 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.108 2017/04/18 05:26:42 ozaki-r Exp $"); /* * This code is referd to RFC 2367 @@ -531,23 +531,19 @@ struct callout key_timehandler_ch; #define SA_ADDREF(p) do { \ (p)->refcnt++; \ - IPSEC_ASSERT((p)->refcnt != 0, \ - ("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \ + KASSERTMSG((p)->refcnt != 0, "SA refcnt overflow"); \ } while (0) #define SA_DELREF(p) do { \ - IPSEC_ASSERT((p)->refcnt > 0, \ - ("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \ + KASSERTMSG((p)->refcnt > 0, "SA refcnt underflow"); \ (p)->refcnt--; \ } while (0) #define SP_ADDREF(p) do { \ (p)->refcnt++; \ - IPSEC_ASSERT((p)->refcnt != 0, \ - ("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \ + KASSERTMSG((p)->refcnt != 0, "SP refcnt overflow"); \ } while (0) #define SP_DELREF(p) do { \ - IPSEC_ASSERT((p)->refcnt > 0, \ - ("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \ + KASSERTMSG((p)->refcnt > 0, "SP refcnt underflow"); \ (p)->refcnt--; \ } while (0) @@ -598,9 +594,9 @@ key_allocsp(const struct secpolicyindex struct secpolicy *sp; int s; - IPSEC_ASSERT(spidx != NULL, ("key_allocsp: null spidx")); - IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("key_allocsp: invalid direction %u", dir)); + KASSERT(spidx != NULL); + KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + "invalid direction %u", dir); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s from %s:%u\n", __func__, where, tag)); @@ -655,9 +651,9 @@ key_allocsp2(u_int32_t spi, struct secpolicy *sp; int s; - IPSEC_ASSERT(dst != NULL, ("key_allocsp2: null dst")); - IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("key_allocsp2: invalid direction %u", dir)); + KASSERT(dst != NULL); + KASSERTMSG(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + "invalid direction %u", dir); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s from %s:%u\n", __func__, where, tag)); @@ -792,11 +788,11 @@ key_checkrequest(struct ipsecrequest *is u_int level; int error; - IPSEC_ASSERT(isr != NULL, ("key_checkrequest: null isr")); - IPSEC_ASSERT(saidx != NULL, ("key_checkrequest: null saidx")); - IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || - saidx->mode == IPSEC_MODE_TUNNEL, - ("key_checkrequest: unexpected policy %u", saidx->mode)); + KASSERT(isr != NULL); + KASSERT(saidx != NULL); + KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT || + saidx->mode == IPSEC_MODE_TUNNEL, + "unexpected policy %u", saidx->mode); /* get current level */ level = ipsec_get_reqlevel(isr); @@ -867,7 +863,7 @@ key_checkrequest(struct ipsecrequest *is if (level != IPSEC_LEVEL_REQUIRE) { /* XXX sigh, the interface to this routine is botched */ - IPSEC_ASSERT(isr->sav == NULL, ("key_checkrequest: unexpected SA")); + KASSERTMSG(isr->sav == NULL, "unexpected SA"); return 0; } else { return ENOENT; @@ -993,8 +989,7 @@ key_do_allocsa_policy(struct secashead * key_sa_chgstate(d, SADB_SASTATE_DEAD); - IPSEC_ASSERT(d->refcnt > 0, - ("key_do_allocsa_policy: bogus ref count")); + KASSERT(d->refcnt > 0); satype = key_proto2satype(d->sah->saidx.proto); if (satype == 0) @@ -1105,7 +1100,7 @@ key_allocsa( else chkport = PORT_NONE; - IPSEC_ASSERT(dst != NULL, ("key_allocsa: null dst address")); + KASSERT(dst != NULL); /* * XXX IPCOMP case @@ -1218,7 +1213,7 @@ _key_freesp(struct secpolicy **spp, cons { struct secpolicy *sp = *spp; - IPSEC_ASSERT(sp != NULL, ("key_freesp: null sp")); + KASSERT(sp != NULL); SP_DELREF(sp); @@ -1240,7 +1235,7 @@ void key_freeso(struct socket *so) { /* sanity check */ - IPSEC_ASSERT(so != NULL, ("key_freeso: null so")); + KASSERT(so != NULL); switch (so->so_proto->pr_domain->dom_family) { #ifdef INET @@ -1292,14 +1287,16 @@ key_freeso(struct socket *so) static void key_freesp_so(struct secpolicy **sp) { - IPSEC_ASSERT(sp != NULL && *sp != NULL, ("key_freesp_so: null sp")); + + KASSERT(sp != NULL); + KASSERT(*sp != NULL); if ((*sp)->policy == IPSEC_POLICY_ENTRUST || (*sp)->policy == IPSEC_POLICY_BYPASS) return; - IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, - ("key_freesp_so: invalid policy %u", (*sp)->policy)); + KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC, + "invalid policy %u", (*sp)->policy); KEY_FREESP(sp); } @@ -1313,7 +1310,7 @@ key_freesav(struct secasvar **psav, cons { struct secasvar *sav = *psav; - IPSEC_ASSERT(sav != NULL, ("key_freesav: null sav")); + KASSERT(sav != NULL); SA_DELREF(sav); @@ -1337,13 +1334,12 @@ key_delsp(struct secpolicy *sp) { int s; - IPSEC_ASSERT(sp != NULL, ("key_delsp: null sp")); + KASSERT(sp != NULL); key_sp_dead(sp); - IPSEC_ASSERT(sp->refcnt == 0, - ("key_delsp: SP with references deleted (refcnt %u)", - sp->refcnt)); + KASSERTMSG(sp->refcnt == 0, + "SP with references deleted (refcnt %u)", sp->refcnt); s = splsoftnet(); /*called from softclock()*/ @@ -1377,7 +1373,7 @@ key_getsp(const struct secpolicyindex *s { struct secpolicy *sp; - IPSEC_ASSERT(spidx != NULL, ("key_getsp: null spidx")); + KASSERT(spidx != NULL); LIST_FOREACH(sp, &sptree[spidx->dir], chain) { if (sp->state == IPSEC_SPSTATE_DEAD) @@ -2863,7 +2859,7 @@ key_newsah(const struct secasindex *said { struct secashead *newsah; - IPSEC_ASSERT(saidx != NULL, ("key_newsaidx: null saidx")); + KASSERT(saidx != NULL); newsah = (struct secashead *) malloc(sizeof(struct secashead), M_SECA, M_NOWAIT|M_ZERO); @@ -3035,9 +3031,10 @@ done: static void key_delsav(struct secasvar *sav) { - IPSEC_ASSERT(sav != NULL, ("key_delsav: null sav")); - IPSEC_ASSERT(sav->refcnt == 0, - ("key_delsav: reference count %u > 0", sav->refcnt)); + + KASSERT(sav != NULL); + KASSERTMSG(sav->refcnt == 0, + "reference count %u > 0", sav->refcnt); /* remove from SA header */ if (__LIST_CHAINED(sav)) @@ -6047,9 +6044,8 @@ key_getcomb_esp(void) if (ipsec_esp_auth) m = key_getcomb_ah(); else { - IPSEC_ASSERT(l <= MLEN, - ("key_getcomb_esp: l=%u > MLEN=%lu", - l, (u_long) MLEN)); + KASSERTMSG(l <= MLEN, + "l=%u > MLEN=%lu", l, (u_long) MLEN); MGET(m, M_DONTWAIT, MT_DATA); if (m) { M_ALIGN(m, l); @@ -6064,8 +6060,7 @@ key_getcomb_esp(void) totlen = 0; for (n = m; n; n = n->m_next) totlen += n->m_len; - IPSEC_ASSERT((totlen % l) == 0, - ("key_getcomb_esp: totlen=%u, l=%u", totlen, l)); + KASSERTMSG((totlen % l) == 0, "totlen=%u, l=%u", totlen, l); for (off = 0; off < totlen; off += l) { n = m_pulldown(m, off, l, &o); @@ -6150,9 +6145,8 @@ key_getcomb_ah(void) continue; if (!m) { - IPSEC_ASSERT(l <= MLEN, - ("key_getcomb_ah: l=%u > MLEN=%lu", - l, (u_long) MLEN)); + KASSERTMSG(l <= MLEN, + "l=%u > MLEN=%lu", l, (u_long) MLEN); MGET(m, M_DONTWAIT, MT_DATA); if (m) { M_ALIGN(m, l); @@ -6195,9 +6189,8 @@ key_getcomb_ipcomp(void) continue; if (!m) { - IPSEC_ASSERT(l <= MLEN, - ("key_getcomb_ipcomp: l=%u > MLEN=%lu", - l, (u_long) MLEN)); + KASSERTMSG(l <= MLEN, + "l=%u > MLEN=%lu", l, (u_long) MLEN); MGET(m, M_DONTWAIT, MT_DATA); if (m) { M_ALIGN(m, l); @@ -6297,10 +6290,9 @@ key_acquire(const struct secasindex *sai u_int32_t seq; /* sanity check */ - IPSEC_ASSERT(saidx != NULL, ("key_acquire: null saidx")); + KASSERT(saidx != NULL); satype = key_proto2satype(saidx->proto); - IPSEC_ASSERT(satype != 0, - ("key_acquire: null satype, protocol %u", saidx->proto)); + KASSERTMSG(satype != 0, "null satype, protocol %u", saidx->proto); #ifndef IPSEC_NONBLOCK_ACQUIRE /* @@ -7923,8 +7915,9 @@ key_getuserfqdn(void) void key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) { - IPSEC_ASSERT(sav != NULL, ("key_sa_recordxfer: Null secasvar")); - IPSEC_ASSERT(m != NULL, ("key_sa_recordxfer: Null mbuf")); + + KASSERT(sav != NULL); + KASSERT(m != NULL); if (!sav->lft_c) return; Index: src/sys/netipsec/xform_ah.c diff -u src/sys/netipsec/xform_ah.c:1.51 src/sys/netipsec/xform_ah.c:1.52 --- src/sys/netipsec/xform_ah.c:1.51 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/xform_ah.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ah.c,v 1.51 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ /* @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.51 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.52 2017/04/18 05:26:42 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -159,8 +159,7 @@ ah_hdrsiz(const struct secasvar *sav) if (sav != NULL) { int authsize; - IPSEC_ASSERT(sav->tdb_authalgxform != NULL, - ("%s: null xform", __func__)); + KASSERT(sav->tdb_authalgxform != NULL); /*XXX not right for null algorithm--does it matter??*/ authsize = AUTHSIZE(sav); size = roundup(authsize, sizeof(uint32_t)) + HDRSIZE(sav); @@ -627,11 +626,9 @@ ah_input(struct mbuf *m, const struct se IPSEC_SPLASSERT_SOFTNET(__func__); - IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__)); - IPSEC_ASSERT(sav->key_auth != NULL, - ("%s: null authentication key", __func__)); - IPSEC_ASSERT(sav->tdb_authalgxform != NULL, - ("%s: null authentication xform", __func__)); + KASSERT(sav != NULL); + KASSERT(sav->key_auth != NULL); + KASSERT(sav->tdb_authalgxform != NULL); /* Figure out header size. */ rplen = HDRSIZE(sav); @@ -680,7 +677,7 @@ ah_input(struct mbuf *m, const struct se } crda = crp->crp_desc; - IPSEC_ASSERT(crda != NULL, ("%s: null crypto descriptor", __func__)); + KASSERT(crda != NULL); crda->crd_skip = 0; crda->crd_len = m->m_pkthdr.len; @@ -810,9 +807,8 @@ ah_input_cb(struct cryptop *crp) uint16_t dport; uint16_t sport; + KASSERT(crp->crp_opaque != NULL); tc = crp->crp_opaque; - IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!", - __func__)); skip = tc->tc_skip; nxt = tc->tc_nxt; protoff = tc->tc_protoff; @@ -835,10 +831,9 @@ ah_input_cb(struct cryptop *crp) } saidx = &sav->sah->saidx; - IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || - saidx->dst.sa.sa_family == AF_INET6, - ("%s: unexpected protocol family %u", __func__, - saidx->dst.sa.sa_family)); + KASSERTMSG(saidx->dst.sa.sa_family == AF_INET || + saidx->dst.sa.sa_family == AF_INET6, + "unexpected protocol family %u", saidx->dst.sa.sa_family); /* Check for crypto errors. */ if (crp->crp_etype) { @@ -999,9 +994,9 @@ ah_output( IPSEC_SPLASSERT_SOFTNET(__func__); sav = isr->sav; - IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__)); + KASSERT(sav != NULL); + KASSERT(sav->tdb_authalgxform != NULL); ahx = sav->tdb_authalgxform; - IPSEC_ASSERT(ahx != NULL, ("%s: null authentication xform", __func__)); AH_STATINC(AH_STAT_OUTPUT); @@ -1203,8 +1198,8 @@ ah_output_cb(struct cryptop *crp) void *ptr; int s, err; + KASSERT(crp->crp_opaque != NULL); tc = crp->crp_opaque; - IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__)); skip = tc->tc_skip; ptr = (tc + 1); m = crp->crp_buf; @@ -1220,7 +1215,7 @@ ah_output_cb(struct cryptop *crp) error = ENOBUFS; /*XXX*/ goto bad; } - IPSEC_ASSERT(isr->sav == sav, ("%s: SA changed\n", __func__)); + KASSERTMSG(isr->sav == sav, "SA changed"); /* Check for crypto errors. */ if (crp->crp_etype) { Index: src/sys/netipsec/xform_esp.c diff -u src/sys/netipsec/xform_esp.c:1.52 src/sys/netipsec/xform_esp.c:1.53 --- src/sys/netipsec/xform_esp.c:1.52 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/xform_esp.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.52 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.52 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.53 2017/04/18 05:26:42 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -147,8 +147,7 @@ esp_hdrsiz(const struct secasvar *sav) if (sav != NULL) { /*XXX not right for null algorithm--does it matter??*/ - IPSEC_ASSERT(sav->tdb_encalgxform != NULL, - ("%s: SA with null xform", __func__)); + KASSERT(sav->tdb_encalgxform != NULL); if (sav->flags & SADB_X_EXT_OLD) size = sizeof(struct esp); else @@ -312,12 +311,11 @@ esp_input(struct mbuf *m, const struct s IPSEC_SPLASSERT_SOFTNET(__func__); - IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__)); - IPSEC_ASSERT(sav->tdb_encalgxform != NULL, - ("%s: null encoding xform", __func__)); - IPSEC_ASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0, - ("%s: misaligned packet, skip %u pkt len %u", __func__, - skip, m->m_pkthdr.len)); + KASSERT(sav != NULL); + KASSERT(sav->tdb_encalgxform != NULL); + KASSERTMSG((skip&3) == 0 && (m->m_pkthdr.len&3) == 0, + "misaligned packet, skip %u pkt len %u", + skip, m->m_pkthdr.len); /* XXX don't pullup, just copy header */ IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof(struct newesp)); @@ -405,10 +403,10 @@ esp_input(struct mbuf *m, const struct s tc->tc_ptr = mtag; if (esph) { - struct cryptodesc *crda = crp->crp_desc; + struct cryptodesc *crda; - IPSEC_ASSERT(crda != NULL, ("%s: null ah crypto descriptor", - __func__)); + KASSERT(crp->crp_desc != NULL); + crda = crp->crp_desc; /* Authentication descriptor */ crda->crd_skip = skip; @@ -455,8 +453,7 @@ esp_input(struct mbuf *m, const struct s /* Decryption descriptor */ if (espx) { - IPSEC_ASSERT(crde != NULL, ("%s: null esp crypto descriptor", - __func__)); + KASSERTMSG(crde != NULL, "null esp crypto descriptor"); crde->crd_skip = skip + hlen; if (espx->type == CRYPTO_AES_GMAC) crde->crd_len = 0; @@ -507,7 +504,6 @@ esp_input_cb(struct cryptop *crp) uint8_t lastthree[3], aalg[AH_ALEN_MAX]; int s, hlen, skip, protoff, error; struct mbuf *m; - struct cryptodesc *crd __diagused; const struct auth_hash *esph; struct tdb_crypto *tc; struct m_tag *mtag; @@ -517,12 +513,10 @@ esp_input_cb(struct cryptop *crp) uint16_t dport; uint16_t sport; - crd = crp->crp_desc; - IPSEC_ASSERT(crd != NULL, ("%s: null crypto descriptor!", __func__)); + KASSERT(crp->crp_desc != NULL); + KASSERT(crp->crp_opaque != NULL); tc = crp->crp_opaque; - IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!", - __func__)); skip = tc->tc_skip; protoff = tc->tc_protoff; mtag = tc->tc_ptr; @@ -546,10 +540,9 @@ esp_input_cb(struct cryptop *crp) } saidx = &sav->sah->saidx; - IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || + KASSERTMSG(saidx->dst.sa.sa_family == AF_INET || saidx->dst.sa.sa_family == AF_INET6, - ("%s: unexpected protocol family %u", __func__, - saidx->dst.sa.sa_family)); + "unexpected protocol family %u", saidx->dst.sa.sa_family); esph = sav->tdb_authalgxform; @@ -738,11 +731,11 @@ esp_output( IPSEC_SPLASSERT_SOFTNET(__func__); + KASSERT(isr->sav != NULL); sav = isr->sav; - IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__)); esph = sav->tdb_authalgxform; + KASSERT(sav->tdb_encalgxform != NULL); espx = sav->tdb_encalgxform; - IPSEC_ASSERT(espx != NULL, ("%s: null encoding xform", __func__)); if (sav->flags & SADB_X_EXT_OLD) hlen = sizeof(struct esp) + sav->ivlen; @@ -969,8 +962,8 @@ esp_output_cb(struct cryptop *crp) struct mbuf *m; int s, err, error; + KASSERT(crp->crp_opaque != NULL); tc = crp->crp_opaque; - IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__)); m = crp->crp_buf; s = splsoftnet(); @@ -986,8 +979,8 @@ esp_output_cb(struct cryptop *crp) error = ENOBUFS; /*XXX*/ goto bad; } - IPSEC_ASSERT(isr->sav == sav, - ("%s: SA changed was %p now %p", __func__, isr->sav, sav)); + KASSERTMSG(isr->sav == sav, + "SA changed was %p now %p", isr->sav, sav); /* Check for crypto errors. */ if (crp->crp_etype) { Index: src/sys/netipsec/xform_ipcomp.c diff -u src/sys/netipsec/xform_ipcomp.c:1.35 src/sys/netipsec/xform_ipcomp.c:1.36 --- src/sys/netipsec/xform_ipcomp.c:1.35 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/xform_ipcomp.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipcomp.c,v 1.35 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */ @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.35 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.36 2017/04/18 05:26:42 ozaki-r Exp $"); /* IP payload compression protocol (IPComp), see RFC 2393 */ #if defined(_KERNEL_OPT) @@ -243,9 +243,8 @@ ipcomp_input_cb(struct cryptop *crp) uint16_t dport; uint16_t sport; + KASSERT(crp->crp_opaque != NULL); tc = crp->crp_opaque; - IPSEC_ASSERT(tc != NULL, ("%s: null opaque crypto data area!", - __func__)); skip = tc->tc_skip; protoff = tc->tc_protoff; m = crp->crp_buf; @@ -265,10 +264,9 @@ ipcomp_input_cb(struct cryptop *crp) } saidx = &sav->sah->saidx; - IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || - saidx->dst.sa.sa_family == AF_INET6, - ("%s: unexpected protocol family %u", __func__, - saidx->dst.sa.sa_family)); + KASSERTMSG(saidx->dst.sa.sa_family == AF_INET || + saidx->dst.sa.sa_family == AF_INET6, + "unexpected protocol family %u", saidx->dst.sa.sa_family); /* Check for crypto errors */ if (crp->crp_etype) { @@ -387,10 +385,10 @@ ipcomp_output( struct tdb_crypto *tc; IPSEC_SPLASSERT_SOFTNET(__func__); + KASSERT(isr->sav != NULL); sav = isr->sav; - IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__)); + KASSERT(sav->tdb_compalgxform != NULL); ipcompx = sav->tdb_compalgxform; - IPSEC_ASSERT(ipcompx != NULL, ("%s: null compression xform", __func__)); ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */ @@ -519,9 +517,8 @@ ipcomp_output_cb(struct cryptop *crp) uint16_t cpi; struct ipcomp * ipcomp; - + KASSERT(crp->crp_opaque != NULL); tc = crp->crp_opaque; - IPSEC_ASSERT(tc != NULL, ("%s: null opaque data area!", __func__)); m = crp->crp_buf; skip = tc->tc_skip; rlen = crp->crp_ilen - skip; @@ -537,7 +534,7 @@ ipcomp_output_cb(struct cryptop *crp) error = ENOBUFS; /*XXX*/ goto bad; } - IPSEC_ASSERT(isr->sav == sav, ("%s: SA changed", __func__)); + KASSERTMSG(isr->sav == sav, "SA changed"); /* Check for crypto errors */ if (crp->crp_etype) { Index: src/sys/netipsec/xform_ipip.c diff -u src/sys/netipsec/xform_ipip.c:1.46 src/sys/netipsec/xform_ipip.c:1.47 --- src/sys/netipsec/xform_ipip.c:1.46 Tue Apr 18 05:25:32 2017 +++ src/sys/netipsec/xform_ipip.c Tue Apr 18 05:26:42 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_ipip.c,v 1.46 2017/04/18 05:25:32 ozaki-r Exp $ */ +/* $NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.46 2017/04/18 05:25:32 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.47 2017/04/18 05:26:42 ozaki-r Exp $"); /* * IP-inside-IP processing @@ -417,9 +417,9 @@ ipip_output( IPSEC_SPLASSERT_SOFTNET(__func__); + KASSERT(isr->sav != NULL); sav = isr->sav; - IPSEC_ASSERT(sav != NULL, ("%s: null SA", __func__)); - IPSEC_ASSERT(sav->sah != NULL, ("%s: null SAH", __func__)); + KASSERT(sav->sah != NULL); /* XXX Deal with empty TDB source/destination addresses. */