Module Name: src
Committed By: ozaki-r
Date: Fri May 19 04:34:09 UTC 2017
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h ipsec_input.c ipsec_mbuf.c
ipsec_output.c
Log Message:
Introduce IPSECLOG and replace ipseclog and DPRINTF with it
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/ipsec.h \
src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.42 -r1.43 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.15 -r1.16 src/sys/netipsec/ipsec_mbuf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.91 src/sys/netipsec/ipsec.c:1.92
--- src/sys/netipsec/ipsec.c:1.91 Tue May 16 07:25:57 2017
+++ src/sys/netipsec/ipsec.c Fri May 19 04:34:09 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.91 2017/05/16 07:25:57 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.92 2017/05/19 04:34:09 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.91 2017/05/16 07:25:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.92 2017/05/19 04:34:09 ozaki-r Exp $");
/*
* IPsec controller part.
@@ -389,8 +389,8 @@ key_allocsp_default(int af, const char *
if (sp->policy != IPSEC_POLICY_DISCARD &&
sp->policy != IPSEC_POLICY_NONE) {
- ipseclog((LOG_INFO, "fixed system default policy: %d->%d\n",
- sp->policy, IPSEC_POLICY_NONE));
+ IPSECLOG(LOG_INFO, "fixed system default policy: %d->%d\n",
+ sp->policy, IPSEC_POLICY_NONE);
sp->policy = IPSEC_POLICY_NONE;
}
sp->refcnt++;
@@ -525,8 +525,8 @@ ipsec_getpolicybysock(struct mbuf *m, u_
break;
default:
- ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n",
- __func__, currsp->policy));
+ IPSECLOG(LOG_ERR, "Invalid policy for PCB %d\n",
+ currsp->policy);
*error = EINVAL;
return NULL;
}
@@ -535,9 +535,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_
if (sp == NULL) { /* no SP found */
switch (currsp->policy) {
case IPSEC_POLICY_BYPASS:
- ipseclog((LOG_ERR, "%s: Illegal policy for "
- "non-priviliged defined %d\n", __func__,
- currsp->policy));
+ IPSECLOG(LOG_ERR, "Illegal policy for "
+ "non-priviliged defined %d\n",
+ currsp->policy);
*error = EINVAL;
return NULL;
@@ -551,8 +551,8 @@ ipsec_getpolicybysock(struct mbuf *m, u_
break;
default:
- ipseclog((LOG_ERR, "%s: Invalid policy for "
- "PCB %d\n", __func__, currsp->policy));
+ IPSECLOG(LOG_ERR, "Invalid policy for "
+ "PCB %d\n", currsp->policy);
*error = EINVAL;
return NULL;
}
@@ -592,8 +592,7 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
/* Make an index to look for a policy. */
*error = ipsec_setspidx(m, &spidx, (flag & IP_FORWARDING) ? 0 : 1);
if (*error != 0) {
- DPRINTF(("%s: setpidx failed, dir %u flag %u\n", __func__,
- dir, flag));
+ IPSECLOG(LOG_DEBUG, "setpidx failed, dir %u flag %u\n", dir, flag);
memset(&spidx, 0, sizeof (spidx));
return NULL;
}
@@ -652,7 +651,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
if (*error != 0) {
KEY_FREESP(&sp);
sp = NULL;
- DPRINTF(("%s: done, error %d\n", __func__, *error));
+ IPSECLOG(LOG_DEBUG, "done, error %d\n", *error);
}
return sp;
}
@@ -898,7 +897,7 @@ ipsec6_checkpolicy(struct mbuf *m, u_int
if (*error != 0) {
KEY_FREESP(&sp);
sp = NULL;
- DPRINTF(("%s: done, error %d\n", __func__, *error));
+ IPSECLOG(LOG_DEBUG, "done, error %d\n", *error);
}
return sp;
}
@@ -1279,7 +1278,7 @@ ipsec_init_policy(struct socket *so, str
new = kmem_intr_zalloc(sizeof(*new), KM_NOSLEEP);
if (new == NULL) {
- ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
+ IPSECLOG(LOG_DEBUG, "No more memory.\n");
return ENOBUFS;
}
@@ -1458,7 +1457,7 @@ ipsec_get_policy(struct secpolicy *polic
*mp = key_sp2msg(policy);
if (!*mp) {
- ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
+ IPSECLOG(LOG_DEBUG, "No more memory.\n");
return ENOBUFS;
}
@@ -1498,8 +1497,8 @@ ipsec4_set_policy(struct inpcb *inp, int
policy = &inp->inp_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
- xpl->sadb_x_policy_dir));
+ IPSECLOG(LOG_ERR, "invalid direction=%u\n",
+ xpl->sadb_x_policy_dir);
return EINVAL;
}
@@ -1530,8 +1529,8 @@ ipsec4_get_policy(struct inpcb *inp, con
policy = inp->inp_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
- xpl->sadb_x_policy_dir));
+ IPSECLOG(LOG_ERR, "invalid direction=%u\n",
+ xpl->sadb_x_policy_dir);
return EINVAL;
}
@@ -1588,8 +1587,8 @@ ipsec6_set_policy(struct in6pcb *in6p, i
policy = &in6p->in6p_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
- xpl->sadb_x_policy_dir));
+ IPSECLOG(LOG_ERR, "invalid direction=%u\n",
+ xpl->sadb_x_policy_dir);
return EINVAL;
}
@@ -1620,8 +1619,8 @@ ipsec6_get_policy(struct in6pcb *in6p, c
policy = in6p->in6p_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
- xpl->sadb_x_policy_dir));
+ IPSECLOG(LOG_ERR, "invalid direction=%u\n",
+ xpl->sadb_x_policy_dir);
return EINVAL;
}
@@ -1953,10 +1952,10 @@ ipsec_hdrsiz(const struct secpolicy *sp)
break;
#endif
default:
- ipseclog((LOG_ERR, "%s: unknown AF %d in "
- "IPsec tunnel SA\n", __func__,
+ IPSECLOG(LOG_ERR, "unknown AF %d in "
+ "IPsec tunnel SA\n",
((const struct sockaddr *)&isr->saidx.dst)
- ->sa_family));
+ ->sa_family);
break;
}
}
@@ -2185,8 +2184,8 @@ ok:
if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0)
return 1;
- ipseclog((LOG_WARNING, "replay counter made %d cycle. %s\n",
- replay->overflow, ipsec_logsastr(sav, buf, sizeof(buf))));
+ IPSECLOG(LOG_WARNING, "replay counter made %d cycle. %s\n",
+ replay->overflow, ipsec_logsastr(sav, buf, sizeof(buf)));
}
replay->count++;
@@ -2365,7 +2364,7 @@ ipsec6_input(struct mbuf *m)
} else {
/* XXX error stat??? */
error = EINVAL;
- DPRINTF(("%s: no SP, packet discarded\n", __func__));/*XXX*/
+ IPSECLOG(LOG_DEBUG, "no SP, packet discarded\n");/*XXX*/
}
splx(s);
@@ -2403,7 +2402,7 @@ xform_init(struct secasvar *sav, int xft
if (xsp->xf_type == xftype)
return (*xsp->xf_init)(sav, xsp);
- DPRINTF(("%s: no match for xform type %d\n", __func__, xftype));
+ IPSECLOG(LOG_DEBUG, "no match for xform type %d\n", xftype);
return EINVAL;
}
Index: src/sys/netipsec/ipsec.h
diff -u src/sys/netipsec/ipsec.h:1.47 src/sys/netipsec/ipsec.h:1.48
--- src/sys/netipsec/ipsec.h:1.47 Thu May 11 05:55:14 2017
+++ src/sys/netipsec/ipsec.h Fri May 19 04:34:09 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.47 2017/05/11 05:55:14 ryo Exp $ */
+/* $NetBSD: ipsec.h,v 1.48 2017/05/19 04:34:09 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -242,10 +242,17 @@ extern int ip4_ipsec_ecn;
extern int ip4_esp_randpad;
extern int crypto_support;
+#include <sys/syslog.h>
#define ipseclog(x) do { if (ipsec_debug) log x; } while (0)
/* for openbsd compatibility */
#define DPRINTF(x) do { if (ipsec_debug) printf x; } while (0)
+#define IPSECLOG(level, fmt, args...) \
+ do { \
+ if (ipsec_debug) \
+ log(level, "%s: " fmt, __func__, ##args); \
+ } while (0)
+
void ipsec_pcbconn (struct inpcbpolicy *);
void ipsec_pcbdisconn (struct inpcbpolicy *);
void ipsec_invalpcbcacheall (void);
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.47 src/sys/netipsec/ipsec_output.c:1.48
--- src/sys/netipsec/ipsec_output.c:1.47 Thu May 11 05:55:14 2017
+++ src/sys/netipsec/ipsec_output.c Fri May 19 04:34:09 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.47 2017/05/11 05:55:14 ryo Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.48 2017/05/19 04:34:09 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.47 2017/05/11 05:55:14 ryo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.48 2017/05/19 04:34:09 ozaki-r Exp $");
/*
* IPsec output processing.
@@ -98,7 +98,7 @@ ipsec_register_done(struct mbuf *m, int
mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, 0, M_NOWAIT);
if (mtag == NULL) {
- DPRINTF(("ipsec_register_done: could not get packet tag\n"));
+ IPSECLOG(LOG_DEBUG, "could not get packet tag\n");
*error = ENOMEM;
return -1;
}
@@ -178,10 +178,10 @@ ipsec_process_done(struct mbuf *m, struc
mo = m_makespace(m, sizeof(struct ip), hlen, &roff);
if (mo == NULL) {
char buf[IPSEC_ADDRSTRLEN];
- DPRINTF(("ipsec_process_done : failed to inject"
- "%u byte UDP for SA %s/%08lx\n",
+ IPSECLOG(LOG_DEBUG,
+ "failed to inject %u byte UDP for SA %s/%08lx\n",
hlen, ipsec_address(&saidx->dst, buf, sizeof(buf)),
- (u_long) ntohl(sav->spi)));
+ (u_long) ntohl(sav->spi));
error = ENOBUFS;
goto bad;
}
@@ -231,8 +231,8 @@ ipsec_process_done(struct mbuf *m, struc
break;
#endif /* INET6 */
default:
- DPRINTF(("ipsec_process_done: unknown protocol family %u\n",
- saidx->dst.sa.sa_family));
+ IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n",
+ saidx->dst.sa.sa_family);
error = ENXIO;
goto bad;
}
@@ -258,8 +258,8 @@ ipsec_process_done(struct mbuf *m, struc
return ipsec6_process_packet(m,isr->next);
#endif /* INET6 */
default :
- DPRINTF(("ipsec_process_done: unknown protocol family %u\n",
- saidx->dst.sa.sa_family));
+ IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n",
+ saidx->dst.sa.sa_family);
error = ENXIO;
goto bad;
}
@@ -417,8 +417,8 @@ again:
if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) ||
(isr->saidx.proto == IPPROTO_AH && !ah_enable) ||
(isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) {
- DPRINTF(("ipsec_nextisr: IPsec outbound packet dropped due"
- " to policy (check your sysctls)\n"));
+ IPSECLOG(LOG_DEBUG, "IPsec outbound packet dropped due"
+ " to policy (check your sysctls)\n");
IPSEC_OSTAT(ESP_STAT_PDROPS, AH_STAT_PDROPS,
IPCOMP_STAT_PDROPS);
*error = EHOSTUNREACH;
@@ -430,7 +430,7 @@ again:
* before they invoke the xform output method.
*/
if (sav->tdb_xform == NULL) {
- DPRINTF(("ipsec_nextisr: no transform for SA\n"));
+ IPSECLOG(LOG_DEBUG, "no transform for SA\n");
IPSEC_OSTAT(ESP_STAT_NOXFORM, AH_STAT_NOXFORM,
IPCOMP_STAT_NOXFORM);
*error = EHOSTUNREACH;
@@ -531,8 +531,8 @@ ipsec4_process_packet(struct mbuf *m, st
error = ipip_output(m, isr, &mp, 0, 0);
if (mp == NULL && !error) {
/* Should never happen. */
- DPRINTF(("ipsec4_process_packet: ipip_output "
- "returns no mbuf and no error!"));
+ IPSECLOG(LOG_DEBUG,
+ "ipip_output returns no mbuf and no error!");
error = EFAULT;
}
if (error) {
@@ -739,8 +739,8 @@ ipsec6_process_packet(
error = ipip_output(m, isr, &mp, 0, 0);
if (mp == NULL && !error) {
/* Should never happen. */
- DPRINTF(("ipsec6_process_packet: ipip_output "
- "returns no mbuf and no error!"));
+ IPSECLOG(LOG_DEBUG,
+ "ipip_output returns no mbuf and no error!");
error = EFAULT;
}
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.42 src/sys/netipsec/ipsec_input.c:1.43
--- src/sys/netipsec/ipsec_input.c:1.42 Thu May 11 05:55:14 2017
+++ src/sys/netipsec/ipsec_input.c Fri May 19 04:34:09 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.42 2017/05/11 05:55:14 ryo Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.43 2017/05/19 04:34:09 ozaki-r Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.42 2017/05/11 05:55:14 ryo Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.43 2017/05/19 04:34:09 ozaki-r Exp $");
/*
* IPsec input processing.
@@ -148,7 +148,7 @@ ipsec_common_input(struct mbuf *m, int s
m_freem(m);
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
- DPRINTF(("ipsec_common_input: packet too small\n"));
+ IPSECLOG(LOG_DEBUG, "packet too small\n");
return EINVAL;
}
@@ -199,8 +199,7 @@ ipsec_common_input(struct mbuf *m, int s
break;
#endif /* INET6 */
default:
- DPRINTF(("ipsec_common_input: unsupported protocol "
- "family %u\n", af));
+ IPSECLOG(LOG_DEBUG, "unsupported protocol family %u\n", af);
m_freem(m);
IPSEC_ISTAT(sproto, ESP_STAT_NOPF, AH_STAT_NOPF,
IPCOMP_STAT_NOPF);
@@ -212,10 +211,10 @@ ipsec_common_input(struct mbuf *m, int s
/* NB: only pass dst since key_allocsa follows RFC2401 */
sav = KEY_ALLOCSA(&dst_address, sproto, spi, sport, dport);
if (sav == NULL) {
- DPRINTF(("ipsec_common_input: no key association found for"
- " SA %s/%08lx/%u/%u\n",
- ipsec_address(&dst_address, buf, sizeof(buf)),
- (u_long) ntohl(spi), sproto, ntohs(dport)));
+ IPSECLOG(LOG_DEBUG,
+ "no key association found for SA %s/%08lx/%u/%u\n",
+ ipsec_address(&dst_address, buf, sizeof(buf)),
+ (u_long) ntohl(spi), sproto, ntohs(dport));
IPSEC_ISTAT(sproto, ESP_STAT_NOTDB, AH_STAT_NOTDB,
IPCOMP_STAT_NOTDB);
splx(s);
@@ -224,10 +223,10 @@ ipsec_common_input(struct mbuf *m, int s
}
if (sav->tdb_xform == NULL) {
- DPRINTF(("ipsec_common_input: attempted to use uninitialized"
- " SA %s/%08lx/%u\n",
- ipsec_address(&dst_address, buf, sizeof(buf)),
- (u_long) ntohl(spi), sproto));
+ IPSECLOG(LOG_DEBUG,
+ "attempted to use uninitialized SA %s/%08lx/%u\n",
+ ipsec_address(&dst_address, buf, sizeof(buf)),
+ (u_long) ntohl(spi), sproto);
IPSEC_ISTAT(sproto, ESP_STAT_NOXFORM, AH_STAT_NOXFORM,
IPCOMP_STAT_NOXFORM);
KEY_FREESAV(&sav);
@@ -297,7 +296,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
/* Sanity check */
if (m == NULL) {
- DPRINTF(("ipsec4_common_input_cb: null mbuf"));
+ IPSECLOG(LOG_DEBUG, "null mbuf");
IPSEC_ISTAT(sproto, ESP_STAT_BADKCR, AH_STAT_BADKCR,
IPCOMP_STAT_BADKCR);
KEY_FREESAV(&sav);
@@ -307,10 +306,9 @@ ipsec4_common_input_cb(struct mbuf *m, s
/* Fix IPv4 header */
if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
char buf[IPSEC_ADDRSTRLEN];
- DPRINTF(("ipsec4_common_input_cb: processing failed "
- "for SA %s/%08lx\n",
+ IPSECLOG(LOG_DEBUG, "processing failed for SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
- (u_long) ntohl(sav->spi)));
+ (u_long) ntohl(sav->spi));
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
error = ENOBUFS;
@@ -343,13 +341,13 @@ ipsec4_common_input_cb(struct mbuf *m, s
saidx->proxy.sa.sa_family != 0)) {
char ipbuf[INET_ADDRSTRLEN];
- DPRINTF(("ipsec4_common_input_cb: inner "
- "source address %s doesn't correspond to "
+ IPSECLOG(LOG_DEBUG,
+ "inner source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
IN_PRINT(ipbuf, ipn.ip_src),
ipsp_address(saidx->proxy),
ipsp_address(saidx->dst),
- (u_long) ntohl(sav->spi)));
+ (u_long) ntohl(sav->spi));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
AH_STAT_PDROPS,
@@ -381,13 +379,13 @@ ipsec4_common_input_cb(struct mbuf *m, s
char ip6buf[INET6_ADDRSTRLEN];
char pbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
- DPRINTF(("ipsec4_common_input_cb: inner "
- "source address %s doesn't correspond to "
+ IPSECLOG(LOG_DEBUG,
+ "inner source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
ip6_sprintf(ip6buf, &ip6n.ip6_src),
ipsec_address(&saidx->proxy, pbuf, sizeof(pbuf)),
ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)),
- (u_long) ntohl(sav->spi)));
+ (u_long) ntohl(sav->spi));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
AH_STAT_PDROPS,
@@ -411,7 +409,7 @@ ipsec4_common_input_cb(struct mbuf *m, s
mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
sizeof(struct tdb_ident), M_NOWAIT);
if (mtag == NULL) {
- DPRINTF(("ipsec4_common_input_cb: failed to get tag\n"));
+ IPSECLOG(LOG_DEBUG, "failed to get tag\n");
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS,
AH_STAT_HDROPS, IPCOMP_STAT_HDROPS);
error = ENOMEM;
@@ -455,7 +453,7 @@ ipsec6_common_input(struct mbuf **mp, in
struct ip6_ext ip6e;
if (*offp < sizeof(struct ip6_hdr)) {
- DPRINTF(("ipsec6_common_input: bad offset %u\n", *offp));
+ IPSECLOG(LOG_DEBUG, "bad offset %u\n", *offp);
IPSEC_ISTAT(proto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
m_freem(*mp);
@@ -482,8 +480,8 @@ ipsec6_common_input(struct mbuf **mp, in
/* Malformed packet check */
if (protoff + l != *offp) {
- DPRINTF(("ipsec6_common_input: bad packet header chain, "
- "protoff %u, l %u, off %u\n", protoff, l, *offp));
+ IPSECLOG(LOG_DEBUG, "bad packet header chain, "
+ "protoff %u, l %u, off %u\n", protoff, l, *offp);
IPSEC_ISTAT(proto, ESP_STAT_HDROPS,
AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
@@ -530,7 +528,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
/* Sanity check */
if (m == NULL) {
- DPRINTF(("ipsec6_common_input_cb: null mbuf"));
+ IPSECLOG(LOG_DEBUG, "null mbuf");
IPSEC_ISTAT(sproto, ESP_STAT_BADKCR, AH_STAT_BADKCR,
IPCOMP_STAT_BADKCR);
error = EINVAL;
@@ -542,9 +540,9 @@ ipsec6_common_input_cb(struct mbuf *m, s
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
char buf[IPSEC_ADDRSTRLEN];
- DPRINTF(("ipsec6_common_input_cb: processing failed "
- "for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst,
- buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
+ IPSECLOG(LOG_DEBUG, "processing failed for SA %s/%08lx\n",
+ ipsec_address(&sav->sah->saidx.dst,
+ buf, sizeof(buf)), (u_long) ntohl(sav->spi));
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
@@ -579,13 +577,13 @@ ipsec6_common_input_cb(struct mbuf *m, s
char ipbuf[INET_ADDRSTRLEN];
char pbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
- DPRINTF(("ipsec6_common_input_cb: inner "
- "source address %s doesn't correspond to "
+ IPSECLOG(LOG_DEBUG,
+ "inner source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
IN_PRINT(ipbuf, ipn.ip_src),
ipsec_address(&saidx->proxy, pbuf, sizeof(pbuf)),
ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)),
- (u_long) ntohl(sav->spi)));
+ (u_long) ntohl(sav->spi));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
AH_STAT_PDROPS, IPCOMP_STAT_PDROPS);
@@ -617,13 +615,13 @@ ipsec6_common_input_cb(struct mbuf *m, s
char ip6buf[INET6_ADDRSTRLEN];
char pbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
- DPRINTF(("ipsec6_common_input_cb: inner "
- "source address %s doesn't correspond to "
+ IPSECLOG(LOG_DEBUG,
+ "inner source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
ip6_sprintf(ip6buf, &ip6n.ip6_src),
ipsec_address(&saidx->proxy, pbuf, sizeof(pbuf)),
ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)),
- (u_long) ntohl(sav->spi)));
+ (u_long) ntohl(sav->spi));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
AH_STAT_PDROPS, IPCOMP_STAT_PDROPS);
@@ -645,8 +643,7 @@ ipsec6_common_input_cb(struct mbuf *m, s
mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
sizeof(struct tdb_ident), M_NOWAIT);
if (mtag == NULL) {
- DPRINTF(("ipsec_common_input_cb: failed to "
- "get tag\n"));
+ IPSECLOG(LOG_DEBUG, "failed to get tag\n");
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS,
AH_STAT_HDROPS, IPCOMP_STAT_HDROPS);
error = ENOMEM;
Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.15 src/sys/netipsec/ipsec_mbuf.c:1.16
--- src/sys/netipsec/ipsec_mbuf.c:1.15 Wed Apr 19 03:39:14 2017
+++ src/sys/netipsec/ipsec_mbuf.c Fri May 19 04:34:09 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_mbuf.c,v 1.15 2017/04/19 03:39:14 ozaki-r Exp $ */
+/* $NetBSD: ipsec_mbuf.c,v 1.16 2017/05/19 04:34:09 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
* All rights reserved.
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.15 2017/04/19 03:39:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.16 2017/05/19 04:34:09 ozaki-r Exp $");
/*
* IPsec-specific mbuf routines.
@@ -321,7 +321,7 @@ m_pad(struct mbuf *m, int n)
void *retval;
if (n <= 0) { /* No stupid arguments. */
- DPRINTF(("m_pad: pad length invalid (%d)\n", n));
+ IPSECLOG(LOG_DEBUG, "pad length invalid (%d)\n", n);
m_freem(m);
return NULL;
}
@@ -338,8 +338,9 @@ m_pad(struct mbuf *m, int n)
}
if (m0->m_len != len) {
- DPRINTF(("m_pad: length mismatch (should be %d instead of %d)\n",
- m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len));
+ IPSECLOG(LOG_DEBUG,
+ "length mismatch (should be %d instead of %d)\n",
+ m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len);
m_freem(m);
return NULL;
@@ -348,10 +349,10 @@ m_pad(struct mbuf *m, int n)
/* Check for zero-length trailing mbufs, and find the last one. */
for (m1 = m0; m1->m_next; m1 = m1->m_next) {
if (m1->m_next->m_len != 0) {
- DPRINTF(("m_pad: length mismatch (should be %d "
- "instead of %d)\n",
+ IPSECLOG(LOG_DEBUG,
+ "length mismatch (should be %d instead of %d)\n",
m->m_pkthdr.len,
- m->m_pkthdr.len + m1->m_next->m_len));
+ m->m_pkthdr.len + m1->m_next->m_len);
m_freem(m);
return NULL;
@@ -365,7 +366,7 @@ m_pad(struct mbuf *m, int n)
MGET(m1, M_DONTWAIT, MT_DATA);
if (m1 == 0) {
m_freem(m0);
- DPRINTF(("m_pad: unable to get extra mbuf\n"));
+ IPSECLOG(LOG_DEBUG, "unable to get extra mbuf\n");
return NULL;
}
