-/* $OpenBSD: ip_ah.c,v 1.114 2014/12/28 10:02:37 tedu Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.115 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
u_int32_t btsx, esn;
u_int8_t hl;
int rplen;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
struct cryptodesc *crda = NULL;
struct cryptop *crp;
case 1:
m_freem(m);
DPRINTF(("ah_input(): replay counter wrapped for "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_wrap++;
return ENOBUFS;
case 2:
m_freem(m);
DPRINTF(("ah_input(): old packet received in "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
return ENOBUFS;
case 3:
m_freem(m);
DPRINTF(("ah_input(): duplicate packet received in "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
return ENOBUFS;
default:
m_freem(m);
DPRINTF(("ah_input(): bogus value from "
"checkreplaywindow() in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
return ENOBUFS;
}
/* Verify AH header length. */
if (hl * sizeof(u_int32_t) != ahx->authsize + rplen - AH_FLENGTH) {
- DPRINTF(("ah_input(): bad authenticator length %d for packet "
+ DPRINTF(("ah_input(): bad authenticator length %ld for packet "
"in SA %s/%08x\n", hl * sizeof(u_int32_t),
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ahstat.ahs_badauthl++;
m_freem(m);
u_int32_t btsx, esn;
u_int8_t prot;
caddr_t ptr;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
crp = (struct cryptop *) op;
DPRINTF(("ah_input(): authentication failed for "
"packet in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ahstat.ahs_badauth++;
error = EACCES;
break;
case 1:
DPRINTF(("ah_input(): replay counter wrapped for "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_wrap++;
error = ENOBUFS;
goto baddone;
case 2:
DPRINTF(("ah_input_cb(): old packet received in "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
error = ENOBUFS;
goto baddone;
case 3:
DPRINTF(("ah_input_cb(): duplicate packet received in "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
error = ENOBUFS;
goto baddone;
default:
DPRINTF(("ah_input_cb(): bogus value from "
"checkreplaywindow() in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ahstat.ahs_replay++;
error = ENOBUFS;
goto baddone;
m_freem(m);
DPRINTF(("ah_input(): bad mbuf chain for packet in SA "
- "%s/%08x\n", ipsp_address(tdb->tdb_dst),
+ "%s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
return EINVAL;
struct ah *ah;
#if NBPFILTER > 0
struct ifnet *encif;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
if ((encif = enc_getif(tdb->tdb_rdomain, tdb->tdb_tap)) != NULL) {
encif->if_opackets++;
*/
if ((tdb->tdb_rpl == 0) && (tdb->tdb_wnd > 0)) {
DPRINTF(("ah_output(): SA %s/%08x should have expired\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
ahstat.ahs_wrap++;
return EINVAL;
if (rplen + ahx->authsize + m->m_pkthdr.len > IP_MAXPACKET) {
DPRINTF(("ah_output(): packet in SA %s/%08x got too "
"big\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
ahstat.ahs_toobig++;
return EMSGSIZE;
/* Check for IPv6 maximum packet size violations. */
if (rplen + ahx->authsize + m->m_pkthdr.len > IPV6_MAXPACKET) {
DPRINTF(("ah_output(): packet in SA %s/%08x "
- "got too big\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "got too big\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
ahstat.ahs_toobig++;
return EMSGSIZE;
default:
DPRINTF(("ah_output(): unknown/unsupported protocol "
"family %d, SA %s/%08x\n", tdb->tdb_dst.sa.sa_family,
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
ahstat.ahs_nopf++;
return EPFNOSUPPORT;
mi = m_inject(m, skip, rplen + ahx->authsize, M_DONTWAIT);
if (mi == NULL) {
DPRINTF(("ah_output(): failed to inject AH header for SA "
- "%s/%08x\n", ipsp_address(tdb->tdb_dst),
+ "%s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
m_freem(m);
-/* $OpenBSD: ip_esp.c,v 1.129 2014/12/19 17:14:40 tedu Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.130 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
break;
default:
- DPRINTF(("esp_init(): unsupported encryption algorithm %d specified\n", ii->ii_encalg));
+ DPRINTF(("esp_init(): unsupported encryption "
+ "algorithm %d specified\n", ii->ii_encalg));
return EINVAL;
}
if (ii->ii_enckeylen < txform->minkey) {
- DPRINTF(("esp_init(): keylength %d too small (min length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->minkey, txform->name));
+ DPRINTF(("esp_init(): keylength %d too small "
+ "(min length is %d) for algorithm %s\n",
+ ii->ii_enckeylen, txform->minkey, txform->name));
return EINVAL;
}
if (ii->ii_enckeylen > txform->maxkey) {
- DPRINTF(("esp_init(): keylength %d too large (max length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->maxkey, txform->name));
+ DPRINTF(("esp_init(): keylength %d too large "
+ "(max length is %d) for algorithm %s\n",
+ ii->ii_enckeylen, txform->maxkey, txform->name));
return EINVAL;
}
break;
default:
- DPRINTF(("esp_init(): unsupported authentication algorithm %d specified\n", ii->ii_authalg));
+ DPRINTF(("esp_init(): unsupported authentication "
+ "algorithm %d specified\n", ii->ii_authalg));
return EINVAL;
}
if (ii->ii_authkeylen != thash->keysize) {
- DPRINTF(("esp_init(): keylength %d doesn't match algorithm %s keysize (%d)\n", ii->ii_authkeylen, thash->name, thash->keysize));
+ DPRINTF(("esp_init(): keylength %d doesn't match "
+ "algorithm %s keysize (%d)\n", ii->ii_authkeylen,
+ thash->name, thash->keysize));
return EINVAL;
}
int plen, alen, hlen;
struct m_tag *mtag;
u_int32_t btsx, esn;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
/* Determine the ESP header length */
hlen = 2 * sizeof(u_int32_t) + tdb->tdb_ivlen; /* "new" ESP */
* block size.
*/
if (plen & (espx->blocksize - 1)) {
- DPRINTF(("esp_input(): payload of %d octets not a multiple of %d octets, SA %s/%08x\n", plen, espx->blocksize, ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("esp_input(): payload of %d octets "
+ "not a multiple of %d octets, SA %s/%08x\n",
+ plen, espx->blocksize, ipsp_address(&tdb->tdb_dst,
+ buf, sizeof(buf)), ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return EINVAL;
m_freem(m);
DPRINTF(("esp_input(): replay counter wrapped"
" for SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_wrap++;
return EACCES;
case 2:
m_freem(m);
DPRINTF(("esp_input(): old packet received"
" in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
return EACCES;
case 3:
m_freem(m);
DPRINTF(("esp_input(): duplicate packet received"
" in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
return EACCES;
default:
m_freem(m);
DPRINTF(("esp_input(): bogus value from"
" checkreplaywindow() in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
return EACCES;
}
/* Copy the authenticator */
if (mtag == NULL)
- m_copydata(m, m->m_pkthdr.len - alen, alen, (caddr_t) (tc + 1));
+ m_copydata(m, m->m_pkthdr.len - alen, alen,
+ (caddr_t)(tc + 1));
} else
crde = crp->crp_desc;
struct tdb *tdb;
u_int32_t btsx, esn;
caddr_t ptr;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
crp = (struct cryptop *) op;
/* If authentication was performed, check now. */
if (esph != NULL) {
/*
- * If we have a tag, it means an IPsec-aware NIC did the verification
- * for us.
+ * If we have a tag, it means an IPsec-aware NIC did the
+ * verification for us.
*/
if (mtag == NULL) {
/* Copy the authenticator from the packet */
/* Verify authenticator */
if (timingsafe_bcmp(ptr, aalg, esph->authsize)) {
free(tc, M_XDATA, 0);
- DPRINTF(("esp_input_cb(): authentication failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("esp_input_cb(): authentication "
+ "failed for packet in SA %s/%08x\n",
+ ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
espstat.esps_badauth++;
error = EACCES;
goto baddone;
case 1:
DPRINTF(("esp_input_cb(): replay counter wrapped"
" for SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_wrap++;
error = EACCES;
goto baddone;
case 2:
DPRINTF(("esp_input_cb(): old packet received"
" in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
error = EACCES;
goto baddone;
case 3:
DPRINTF(("esp_input_cb(): duplicate packet received"
" in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
error = EACCES;
goto baddone;
default:
DPRINTF(("esp_input_cb(): bogus value from"
" checkreplaywindow() in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_replay++;
error = EACCES;
goto baddone;
espstat.esps_hdrops++;
splx(s);
DPRINTF(("esp_input_cb(): bad mbuf chain, SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
return EINVAL;
}
/* Adjust the next mbuf by the remainder */
m_adj(m1->m_next, roff + hlen - m1->m_len);
- /* The second mbuf is guaranteed not to have a pkthdr... */
+ /* The second mbuf is guaranteed not to have a pkthdr */
m->m_pkthdr.len -= (roff + hlen - m1->m_len);
}
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
espstat.esps_badilen++;
splx(s);
- DPRINTF(("esp_input_cb(): invalid padding length %d for packet in SA %s/%08x\n", lastthree[1], ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("esp_input_cb(): invalid padding length %d for "
+ "packet in SA %s/%08x\n", lastthree[1],
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
return EINVAL;
}
if ((lastthree[1] != lastthree[0]) && (lastthree[1] != 0)) {
espstat.esps_badenc++;
splx(s);
- DPRINTF(("esp_input(): decryption failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("esp_input(): decryption failed for packet in "
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
return EINVAL;
}
struct tdb_crypto *tc;
unsigned char *pad;
u_int8_t prot;
-
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp;
#if NBPFILTER > 0
/* Check for IP maximum packet size violations. */
if (skip + hlen + rlen + padding + alen > IP_MAXPACKET) {
DPRINTF(("esp_output(): packet in SA %s/%08x got "
- "too big\n", ipsp_address(tdb->tdb_dst),
+ "too big\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)),
ntohl(tdb->tdb_spi)));
m_freem(m);
espstat.esps_toobig++;
/* Check for IPv6 maximum packet size violations. */
if (skip + hlen + rlen + padding + alen > IPV6_MAXPACKET) {
DPRINTF(("esp_output(): packet in SA %s/%08x got too "
- "big\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "big\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
espstat.esps_toobig++;
return EMSGSIZE;
default:
DPRINTF(("esp_output(): unknown/unsupported protocol "
- "family %d, SA %s/%08x\n", tdb->tdb_dst.sa.sa_family
- , ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ "family %d, SA %s/%08x\n", tdb->tdb_dst.sa.sa_family,
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
espstat.esps_nopf++;
return EPFNOSUPPORT;
if (n == NULL) {
DPRINTF(("esp_output(): bad mbuf chain, SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
espstat.esps_hdrops++;
m_freem(m);
return ENOBUFS;
mo = m_inject(m, skip, hlen, M_DONTWAIT);
if (mo == NULL) {
DPRINTF(("esp_output(): failed to inject ESP header for "
- "SA %s/%08x\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi)));
+ "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
espstat.esps_hdrops++;
return ENOBUFS;
mo = m_inject(m, m->m_pkthdr.len, padding + alen, M_DONTWAIT);
if (mo == NULL) {
DPRINTF(("esp_output(): m_inject failed for SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
m_freem(m);
return ENOBUFS;
}
-/* $OpenBSD: ip_ipcomp.c,v 1.40 2015/03/14 03:38:52 jsg Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.41 2015/04/14 14:20:01 mikeb Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
struct tdb *tdb;
struct ipcomp *ipcomp;
caddr_t addr;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
crp = (struct cryptop *) op;
if (m1 == NULL) {
ipcompstat.ipcomps_hdrops++;
DPRINTF(("ipcomp_input_cb(): bad mbuf chain, IPCA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
error = EINVAL;
goto baddone;
}
struct cryptop *crp;
struct tdb_crypto *tc;
struct mbuf *mi, *mo;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
#if NBPFILTER > 0
struct ifnet *encif;
* worry
*/
if (m->m_pkthdr.len + hlen > IP_MAXPACKET) {
- DPRINTF(("ipcomp_output(): packet in IPCA %s/%08x got too big\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("ipcomp_output(): packet in IPCA %s/%08x "
+ "got too big\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
ipcompstat.ipcomps_toobig++;
return EMSGSIZE;
case AF_INET6:
/* Check for IPv6 maximum packet size violations */
if (m->m_pkthdr.len + hlen > IPV6_MAXPACKET) {
- DPRINTF(("ipcomp_output(): packet in IPCA %s/%08x got too big\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ DPRINTF(("ipcomp_output(): packet in IPCA %s/%08x "
+ "got too big\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
m_freem(m);
ipcompstat.ipcomps_toobig++;
return EMSGSIZE;
#endif /* INET6 */
default:
- DPRINTF(("ipcomp_output(): unknown/unsupported protocol family %d, IPCA %s/%08x\n",
- tdb->tdb_dst.sa.sa_family, ipsp_address(tdb->tdb_dst),
+ DPRINTF(("ipcomp_output(): unknown/unsupported protocol "
+ "family %d, IPCA %s/%08x\n", tdb->tdb_dst.sa.sa_family,
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
m_freem(m);
ipcompstat.ipcomps_nopf++;
if (n == NULL) {
DPRINTF(("ipcomp_output(): bad mbuf chain, IPCA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ipcompstat.ipcomps_hdrops++;
m_freem(m);
return ENOBUFS;
struct ip6_hdr *ip6;
#endif
struct ipcomp *ipcomp;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
tc = (struct tdb_crypto *) crp->crp_opaque;
skip = tc->tc_skip;
mo = m_inject(m, skip, IPCOMP_HLENGTH, M_DONTWAIT);
if (mo == NULL) {
DPRINTF(("ipcomp_output_cb(): failed to inject IPCOMP header "
- "for IPCA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ "for IPCA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi)));
ipcompstat.ipcomps_wrap++;
error = ENOBUFS;
goto baddone;
#endif
default:
DPRINTF(("ipcomp_output_cb(): unsupported protocol family %d, "
- "IPCA %s/%08x\n",
- tdb->tdb_dst.sa.sa_family, ipsp_address(tdb->tdb_dst),
+ "IPCA %s/%08x\n", tdb->tdb_dst.sa.sa_family,
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
ipcompstat.ipcomps_nopf++;
error = EPFNOSUPPORT;
-/* $OpenBSD: ip_ipip.c,v 1.57 2015/04/10 13:58:20 dlg Exp $ */
+/* $OpenBSD: ip_ipip.c,v 1.58 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
#ifdef INET6
struct ip6_hdr *ip6, *ip6o;
#endif /* INET6 */
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
/* XXX Deal with empty TDB source/destination addresses. */
DPRINTF(("ipip_output(): unspecified tunnel endpoind "
"address in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ipipstat.ipips_unspec++;
m_freem(m);
DPRINTF(("ipip_output(): unspecified tunnel endpoind "
"address in SA %s/%08x\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi)));
ipipstat.ipips_unspec++;
m_freem(m);
-/* $OpenBSD: ip_ipsp.c,v 1.209 2015/04/14 12:22:15 mikeb Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.210 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
{
struct xformsw *xsp;
int err;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
for (xsp = xformsw; xsp < xformswNXFORMSW; xsp++) {
if (xsp->xf_type == alg) {
}
DPRINTF(("tdb_init(): no alg %d for spi %08x, addr %s, proto %d\n",
- alg, ntohl(tdbp->tdb_spi), ipsp_address(tdbp->tdb_dst),
- tdbp->tdb_sproto));
+ alg, ntohl(tdbp->tdb_spi), ipsp_address(&tdbp->tdb_dst, buf,
+ sizeof(buf)), tdbp->tdb_sproto));
return EINVAL;
}
#ifdef ENCDEBUG
/* Return a printable string for the address. */
const char *
-ipsp_address(union sockaddr_union sa)
+ipsp_address(union sockaddr_union *sa, char *buf, socklen_t size)
{
- static char ipspbuf[4][INET6_ADDRSTRLEN];
- static int ipspround = 0;
- char *buf;
-
- ipspround = (ipspround + 1) % 4;
- buf = ipspbuf[ipspround];
-
- switch (sa.sa.sa_family) {
+ switch (sa->sa.sa_family) {
case AF_INET:
- return inet_ntop(AF_INET, &sa.sin.sin_addr,
- buf, INET_ADDRSTRLEN);
+ return inet_ntop(AF_INET, &sa->sin.sin_addr,
+ buf, (size_t)size);
#ifdef INET6
case AF_INET6:
- return inet_ntop(AF_INET6, &sa.sin6.sin6_addr,
- buf, INET6_ADDRSTRLEN);
+ return inet_ntop(AF_INET6, &sa->sin6.sin6_addr,
+ buf, (size_t)size);
#endif /* INET6 */
default:
-/* $OpenBSD: ip_ipsp.h,v 1.164 2015/04/14 12:22:15 mikeb Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.165 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
/* Misc. */
uint8_t get_sa_require(struct inpcb *);
#ifdef ENCDEBUG
-const char *ipsp_address(union sockaddr_union);
+const char *ipsp_address(union sockaddr_union *, char *, socklen_t);
#endif /* ENCDEBUG */
/* TDB management routines */
-/* $OpenBSD: ipsec_input.c,v 1.128 2015/04/10 13:58:20 dlg Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.129 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
u_int32_t spi;
u_int16_t cpi;
int s, error;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
IPSEC_ISTAT(espstat.esps_input, ahstat.ahs_input,
ipcompstat.ipcomps_input);
splx(s);
DPRINTF(("ipsec_common_input(): could not find SA for "
"packet to %s, spi %08x\n",
- ipsp_address(dst_address), ntohl(spi)));
+ ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi)));
m_freem(m);
IPSEC_ISTAT(espstat.esps_notdb, ahstat.ahs_notdb,
ipcompstat.ipcomps_notdb);
if (tdbp->tdb_flags & TDBF_INVALID) {
splx(s);
- DPRINTF(("ipsec_common_input(): attempted to use invalid SA %s/%08x/%u\n", ipsp_address(dst_address), ntohl(spi), tdbp->tdb_sproto));
+ DPRINTF(("ipsec_common_input(): attempted to use invalid "
+ "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
+ sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
m_freem(m);
IPSEC_ISTAT(espstat.esps_invalid, ahstat.ahs_invalid,
ipcompstat.ipcomps_invalid);
if (udpencap && !(tdbp->tdb_flags & TDBF_UDPENCAP)) {
splx(s);
- DPRINTF(("ipsec_common_input(): attempted to use non-udpencap SA %s/%08x/%u\n", ipsp_address(dst_address), ntohl(spi), tdbp->tdb_sproto));
+ DPRINTF(("ipsec_common_input(): attempted to use non-udpencap "
+ "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
+ sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
m_freem(m);
espstat.esps_udpinval++;
return EINVAL;
if (tdbp->tdb_xform == NULL) {
splx(s);
- DPRINTF(("ipsec_common_input(): attempted to use uninitialized SA %s/%08x/%u\n", ipsp_address(dst_address), ntohl(spi), tdbp->tdb_sproto));
+ DPRINTF(("ipsec_common_input(): attempted to use uninitialized "
+ "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
+ sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
m_freem(m);
IPSEC_ISTAT(espstat.esps_noxform, ahstat.ahs_noxform,
ipcompstat.ipcomps_noxform);
splx(s);
DPRINTF(("ipsec_common_input(): "
"no enc%u interface for SA %s/%08x/%u\n",
- tdbp->tdb_tap, ipsp_address(dst_address),
- ntohl(spi), tdbp->tdb_sproto));
+ tdbp->tdb_tap, ipsp_address(&dst_address, buf,
+ sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
m_freem(m);
IPSEC_ISTAT(espstat.esps_pdrops,
struct m_tag *mtag;
struct tdb_ident *tdbi;
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
+
af = tdbp->tdb_dst.sa.sa_family;
sproto = tdbp->tdb_sproto;
if (af == AF_INET) {
if ((m->m_len < skip) && ((m = m_pullup(m, skip)) == NULL)) {
DPRINTF(("ipsec_common_input_cb(): processing failed "
- "for SA %s/%08x\n", ipsp_address(tdbp->tdb_dst),
- ntohl(tdbp->tdb_spi)));
+ "for SA %s/%08x\n", ipsp_address(&tdbp->tdb_dst,
+ buf, sizeof(buf)), ntohl(tdbp->tdb_spi)));
IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
return ENOBUFS;
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
DPRINTF(("ipsec_common_input_cb(): processing failed "
- "for SA %s/%08x\n", ipsp_address(tdbp->tdb_dst),
- ntohl(tdbp->tdb_spi)));
+ "for SA %s/%08x\n", ipsp_address(&tdbp->tdb_dst,
+ buf, sizeof(buf)), ntohl(tdbp->tdb_spi)));
IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
tdbp->tdb_mtutimeout = time_second +
ip_mtudisc_timeout;
DPRINTF(("ipsec_common_ctlinput: "
- "spi %08x mtu %d adjust %d\n",
+ "spi %08x mtu %d adjust %ld\n",
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust));
}
tdbp->tdb_mtutimeout = time_second +
ip_mtudisc_timeout;
DPRINTF(("udpencap_ctlinput: "
- "spi %08x mtu %d adjust %d\n",
+ "spi %08x mtu %d adjust %ld\n",
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust));
}
-/* $OpenBSD: ipsec_output.c,v 1.56 2015/01/24 00:29:06 deraadt Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.57 2015/04/14 14:20:01 mikeb Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
struct ip6_hdr *ip6;
#endif /* INET6 */
+#ifdef ENCDEBUG
+ char buf[INET6_ADDRSTRLEN];
+#endif
+
/* Check that the transform is allowed by the administrator. */
if ((tdb->tdb_sproto == IPPROTO_ESP && !esp_enable) ||
(tdb->tdb_sproto == IPPROTO_AH && !ah_enable) ||
/* Check if the SPI is invalid. */
if (tdb->tdb_flags & TDBF_INVALID) {
DPRINTF(("ipsp_process_packet(): attempt to use invalid "
- "SA %s/%08x/%u\n", ipsp_address(tdb->tdb_dst),
- ntohl(tdb->tdb_spi), tdb->tdb_sproto));
+ "SA %s/%08x/%u\n", ipsp_address(&tdb->tdb_dst, buf,
+ sizeof(buf)), ntohl(tdb->tdb_spi), tdb->tdb_sproto));
m_freem(m);
return ENXIO;
}
default:
DPRINTF(("ipsp_process_packet(): attempt to use "
"SA %s/%08x/%u for protocol family %d\n",
- ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi),
- tdb->tdb_sproto, tdb->tdb_dst.sa.sa_family));
+ ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
+ ntohl(tdb->tdb_spi), tdb->tdb_sproto,
+ tdb->tdb_dst.sa.sa_family));
m_freem(m);
return ENXIO;
}
tdbp->tdb_mtu = mtu;
tdbp->tdb_mtutimeout = time_second + ip_mtudisc_timeout;
DPRINTF(("ipsec_adjust_mtu: "
- "spi %08x mtu %d adjust %d mbuf %p\n",
+ "spi %08x mtu %d adjust %ld mbuf %p\n",
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust, m));
}
projects / openbsd / commitdiff