From: bluhm Date: Thu, 8 Jul 2021 15:13:14 +0000 (+0000) Subject: Debug printfs in encdebug were inconsistent, some missing newlines X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=698a75dd6a698616868b7128459e3604a6a54134;p=openbsd Debug printfs in encdebug were inconsistent, some missing newlines produced ugly output. Move the function name and the newline into the DPRINTF macro. This simplifies the debug statements. OK tobhe@ --- diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index f6ca211b8af..5cd4fa9a64e 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.58 2021/07/05 12:01:20 tobhe Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.59 2021/07/08 15:13:14 bluhm Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -84,9 +84,14 @@ #endif #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif #define BITMAP_SA (1LL << SADB_EXT_SA) @@ -285,14 +290,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) bzero(headers, (SADB_EXT_MAX + 1) * sizeof(void *)); if (left < sizeof(struct sadb_msg)) { - DPRINTF(("pfkeyv2_parsemessage: message too short\n")); + DPRINTF("message too short"); return (EINVAL); } headers[0] = p; if (sadb_msg->sadb_msg_len * sizeof(uint64_t) != left) { - DPRINTF(("pfkeyv2_parsemessage: length not a multiple of 64\n")); + DPRINTF("length not a multiple of 64"); return (EINVAL); } @@ -300,37 +305,35 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) left -= sizeof(struct sadb_msg); if (sadb_msg->sadb_msg_reserved) { - DPRINTF(("pfkeyv2_parsemessage: message header reserved " - "field set\n")); + DPRINTF("message header reserved field set"); return (EINVAL); } if (sadb_msg->sadb_msg_type > SADB_MAX) { - DPRINTF(("pfkeyv2_parsemessage: message type > %d\n", - SADB_MAX)); + DPRINTF("message type > %d", SADB_MAX); return (EINVAL); } if (!sadb_msg->sadb_msg_type) { - DPRINTF(("pfkeyv2_parsemessage: message type unset\n")); + DPRINTF("message type unset"); return (EINVAL); } if (sadb_msg->sadb_msg_pid != curproc->p_p->ps_pid) { - DPRINTF(("pfkeyv2_parsemessage: bad PID value\n")); + DPRINTF("bad PID value"); return (EINVAL); } if (sadb_msg->sadb_msg_errno) { if (left) { - DPRINTF(("pfkeyv2_parsemessage: too-large error message\n")); + DPRINTF("too-large error message"); return (EINVAL); } return (0); } if (sadb_msg->sadb_msg_type == SADB_X_PROMISC) { - DPRINTF(("pfkeyv2_parsemessage: message type promiscuous\n")); + DPRINTF("message type promiscuous"); return (0); } @@ -339,40 +342,37 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) while (left > 0) { sadb_ext = (struct sadb_ext *)p; if (left < sizeof(struct sadb_ext)) { - DPRINTF(("pfkeyv2_parsemessage: extension header too " - "short\n")); + DPRINTF("extension header too short"); return (EINVAL); } i = sadb_ext->sadb_ext_len * sizeof(uint64_t); if (left < i) { - DPRINTF(("pfkeyv2_parsemessage: extension header " - "exceeds message length\n")); + DPRINTF("extension header exceeds message length"); return (EINVAL); } if (sadb_ext->sadb_ext_type > SADB_EXT_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("unknown extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (!sadb_ext->sadb_ext_type) { - DPRINTF(("pfkeyv2_parsemessage: unset extension " - "header\n")); + DPRINTF("unset extension header"); return (EINVAL); } if (!(allow & (1LL << sadb_ext->sadb_ext_type))) { - DPRINTF(("pfkeyv2_parsemessage: extension header %d " - "not permitted on message type %d\n", - sadb_ext->sadb_ext_type, sadb_msg->sadb_msg_type)); + DPRINTF("extension header %d not permitted on message " + "type %d", + sadb_ext->sadb_ext_type, sadb_msg->sadb_msg_type); return (EINVAL); } if (headers[sadb_ext->sadb_ext_type]) { - DPRINTF(("pfkeyv2_parsemessage: duplicate extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("duplicate extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -385,49 +385,48 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_sa *sadb_sa = (struct sadb_sa *)p; if (i != sizeof(struct sadb_sa)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for SA extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad header length for SA extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_state > SADB_SASTATE_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown SA " - "state %d in SA extension header %d\n", + DPRINTF("unknown SA state %d in SA extension " + "header %d", sadb_sa->sadb_sa_state, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_state == SADB_SASTATE_DEAD) { - DPRINTF(("pfkeyv2_parsemessage: cannot set SA " - "state to dead, SA extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("cannot set SA state to dead, " + "SA extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_encrypt > SADB_EALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown " - "encryption algorithm %d in SA extension " - "header %d\n", sadb_sa->sadb_sa_encrypt, - sadb_ext->sadb_ext_type)); + DPRINTF("unknown encryption algorithm %d " + "in SA extension header %d", + sadb_sa->sadb_sa_encrypt, + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_auth > SADB_AALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown " - "authentication algorithm %d in SA " - "extension header %d\n", + DPRINTF("unknown authentication algorithm %d " + "in SA extension header %d", sadb_sa->sadb_sa_auth, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_replay > 64) { - DPRINTF(("pfkeyv2_parsemessage: unsupported " - "replay window size %d in SA extension " - "header %d\n", sadb_sa->sadb_sa_replay, - sadb_ext->sadb_ext_type)); + DPRINTF("unsupported replay window size %d " + "in SA extension header %d", + sadb_sa->sadb_sa_replay, + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -436,16 +435,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case SADB_X_EXT_FLOW_TYPE: case SADB_X_EXT_SATYPE2: if (i != sizeof(struct sadb_protocol)) { - DPRINTF(("pfkeyv2_parsemessage: bad PROTOCOL/" - "FLOW/SATYPE2 header length in extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad PROTOCOL/FLOW/SATYPE2 header " + "length in extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; case SADB_X_EXT_POLICY: if (i != sizeof(struct sadb_x_policy)) { - DPRINTF(("pfkeyv2_parsemessage: bad POLICY " - "header length\n")); + DPRINTF("bad POLICY header length"); return (EINVAL); } break; @@ -454,9 +452,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case SADB_EXT_LIFETIME_SOFT: case SADB_X_EXT_LIFETIME_LASTUSE: if (i != sizeof(struct sadb_lifetime)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for LIFETIME extension header " - "%d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad header length for LIFETIME " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; @@ -476,24 +474,24 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) if (i < sizeof(struct sadb_address) + sizeof(struct sockaddr)) { - DPRINTF(("pfkeyv2_parsemessage: bad ADDRESS " - "extension header %d length\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad ADDRESS extension header %d " + "length", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_address->sadb_address_reserved) { - DPRINTF(("pfkeyv2_parsemessage: ADDRESS " - "extension header %d reserved field set\n", - sadb_ext->sadb_ext_type)); + DPRINTF("ADDRESS extension header %d reserved " + "field set", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sa->sa_len && (i != sizeof(struct sadb_address) + PADUP(sa->sa_len))) { - DPRINTF(("pfkeyv2_parsemessage: bad sockaddr " - "length field in ADDRESS extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad sockaddr length field in ADDRESS " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -501,18 +499,16 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case AF_INET: if (sizeof(struct sadb_address) + PADUP(sizeof(struct sockaddr_in)) != i) { - DPRINTF(("pfkeyv2_parsemessage: " - "invalid ADDRESS extension header " - "%d length\n", - sadb_ext->sadb_ext_type)); + DPRINTF("invalid ADDRESS extension " + "header %d length", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sa->sa_len != sizeof(struct sockaddr_in)) { - DPRINTF(("pfkeyv2_parsemessage: bad " - "sockaddr_in length in ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad sockaddr_in length in " + "ADDRESS extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -527,11 +523,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) default: if (((struct sockaddr_in *)sa)->sin_port) { - DPRINTF(("pfkeyv2_parsemessage" - ": port field set in " + DPRINTF("port field set in " "sockaddr_in of ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; @@ -542,12 +537,11 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) bzero(zero, sizeof(zero)); if (bcmp(&((struct sockaddr_in *)sa)->sin_zero, zero, sizeof(zero))) { - DPRINTF(("pfkeyv2_parsemessage" - ": reserved sockaddr_in " + DPRINTF("reserved sockaddr_in " "field non-zero'ed in " "ADDRESS extension header " - "%d\n", - sadb_ext->sadb_ext_type)); + "%d", + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -556,28 +550,25 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case AF_INET6: if (i != sizeof(struct sadb_address) + PADUP(sizeof(struct sockaddr_in6))) { - DPRINTF(("pfkeyv2_parsemessage: " - "invalid sockaddr_in6 length in " - "ADDRESS extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("invalid sockaddr_in6 length " + "in ADDRESS extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sa->sa_len != sizeof(struct sockaddr_in6)) { - DPRINTF(("pfkeyv2_parsemessage: bad " - "sockaddr_in6 length in ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad sockaddr_in6 length in " + "ADDRESS extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (((struct sockaddr_in6 *)sa)->sin6_flowinfo) { - DPRINTF(("pfkeyv2_parsemessage: " - "flowinfo field set in " + DPRINTF("flowinfo field set in " "sockaddr_in6 of ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -592,11 +583,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) default: if (((struct sockaddr_in6 *)sa)->sin6_port) { - DPRINTF(("pfkeyv2_parsemessage" - ": port field set in " + DPRINTF("port field set in " "sockaddr_in6 of ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; @@ -608,10 +598,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) SADB_X_SATYPE_TCPSIGNATURE && sa->sa_family == 0) break; - DPRINTF(("pfkeyv2_parsemessage: unknown " - "address family %d in ADDRESS extension " - "header %d\n", - sa->sa_family, sadb_ext->sadb_ext_type)); + DPRINTF("unknown address family %d in ADDRESS " + "extension header %d", + sa->sa_family, sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -622,30 +611,30 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_key *sadb_key = (struct sadb_key *)p; if (i < sizeof(struct sadb_key)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad header length in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (!sadb_key->sadb_key_bits) { - DPRINTF(("pfkeyv2_parsemessage: key length " - "unset in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("key length unset in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (((sadb_key->sadb_key_bits + 63) / 64) * sizeof(uint64_t) != i - sizeof(struct sadb_key)) { - DPRINTF(("pfkeyv2_parsemessage: invalid key " - "length in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("invalid key length in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_key->sadb_key_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved field" - " set in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("reserved field set in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -656,25 +645,24 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_ident *sadb_ident = (struct sadb_ident *)p; if (i < sizeof(struct sadb_ident)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length of IDENTITY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad header length of IDENTITY " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown " - "identity type %d in IDENTITY extension " - "header %d\n", + DPRINTF("unknown identity type %d in IDENTITY " + "extension header %d", sadb_ident->sadb_ident_type, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_ident->sadb_ident_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved " - "field set in IDENTITY extension header " - "%d\n", sadb_ext->sadb_ext_type)); + DPRINTF("reserved field set in IDENTITY " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -684,10 +672,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) int j; if (*(char *)(p + i - 1)) { - DPRINTF(("pfkeyv2_parsemessage: non " - "NUL-terminated identity in " - "IDENTITY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("non NUL-terminated identity " + "in IDENTITY extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -695,11 +682,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) sizeof(struct sadb_ident); if (i != j) { - DPRINTF(("pfkeyv2_parsemessage: actual" - " identity length does not match " - "expected length in identity " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("actual identity length does " + "not match expected length in " + "identity extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -710,9 +696,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_sens *sadb_sens = (struct sadb_sens *)p; if (i < sizeof(struct sadb_sens)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for SENSITIVITY extension " - "header\n")); + DPRINTF("bad header length for SENSITIVITY " + "extension header"); return (EINVAL); } @@ -720,9 +705,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) sadb_sens->sadb_sens_integ_len) * sizeof(uint64_t) + sizeof(struct sadb_sens)) { - DPRINTF(("pfkeyv2_parsemessage: bad payload " - "length for SENSITIVITY extension " - "header\n")); + DPRINTF("bad payload length for SENSITIVITY " + "extension header"); return (EINVAL); } } @@ -732,21 +716,19 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_prop *sadb_prop = (struct sadb_prop *)p; if (i < sizeof(struct sadb_prop)) { - DPRINTF(("pfkeyv2_parsemessage: bad PROPOSAL " - "header length\n")); + DPRINTF("bad PROPOSAL header length"); return (EINVAL); } if (sadb_prop->sadb_prop_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved field" - "set in PROPOSAL extension header\n")); + DPRINTF("reserved fieldset in PROPOSAL " + "extension header"); return (EINVAL); } if ((i - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb)) { - DPRINTF(("pfkeyv2_parsemessage: bad proposal " - "length\n")); + DPRINTF("bad proposal length"); return (EINVAL); } @@ -762,28 +744,25 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) j++) { if (sadb_comb->sadb_comb_auth > SADB_AALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage" - ": unknown authentication " - "algorithm %d in " - "PROPOSAL\n", - sadb_comb->sadb_comb_auth)); + DPRINTF("unknown " + "authentication algorithm " + "%d in PROPOSAL", + sadb_comb->sadb_comb_auth); return (EINVAL); } if (sadb_comb->sadb_comb_encrypt > SADB_EALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage" - ": unknown encryption " - "algorithm %d in " - "PROPOSAL\n", - sadb_comb->sadb_comb_encrypt)); + DPRINTF("unknown encryption " + "algorithm %d in PROPOSAL", + sadb_comb-> + sadb_comb_encrypt); return (EINVAL); } if (sadb_comb->sadb_comb_reserved) { - DPRINTF(("pfkeyv2_parsemessage" - ": reserved field set in " - "COMB header\n")); + DPRINTF("reserved field set " + "in COMB header"); return (EINVAL); } } @@ -799,16 +778,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) int j; if (i < sizeof(struct sadb_supported)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for SUPPORTED extension header " - "%d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad header length for SUPPORTED " "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_supported->sadb_supported_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved " - "field set in SUPPORTED extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("reserved field set in SUPPORTED " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -827,22 +805,20 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) j < sadb_supported->sadb_supported_len - 1; j++) { if (sadb_alg->sadb_alg_id > max_alg) { - DPRINTF(("pfkeyv2_parsemessage" - ": unknown algorithm %d " + DPRINTF("unknown algorithm %d " "in SUPPORTED extension " - "header %d\n", + "header %d", sadb_alg->sadb_alg_id, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_alg->sadb_alg_reserved) { - DPRINTF(("pfkeyv2_parsemessage" - ": reserved field set in " - "supported algorithms " + DPRINTF("reserved field set " + "in supported algorithms " "header inside SUPPORTED " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -857,64 +833,56 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) (struct sadb_spirange *)p; if (i != sizeof(struct sadb_spirange)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length of SPIRANGE extension header\n")); + DPRINTF("bad header length of SPIRANGE " + "extension header"); return (EINVAL); } if (sadb_spirange->sadb_spirange_min > sadb_spirange->sadb_spirange_max) { - DPRINTF(("pfkeyv2_parsemessage: bad SPI " - "range\n")); + DPRINTF("bad SPI range"); return (EINVAL); } } break; case SADB_X_EXT_UDPENCAP: if (i != sizeof(struct sadb_x_udpencap)) { - DPRINTF(("pfkeyv2_parsemessage: bad UDPENCAP " - "header length\n")); + DPRINTF("bad UDPENCAP header length"); return (EINVAL); } break; case SADB_X_EXT_RDOMAIN: if (i != sizeof(struct sadb_x_rdomain)) { - DPRINTF(("pfkeyv2_parsemessage: bad RDOMAIN " - "header length\n")); + DPRINTF("bad RDOMAIN header length"); return (EINVAL); } break; #if NPF > 0 case SADB_X_EXT_TAG: if (i < sizeof(struct sadb_x_tag)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAG extension header too small")); + DPRINTF("TAG extension header too small"); return (EINVAL); } if (i > (sizeof(struct sadb_x_tag) + PF_TAG_NAME_SIZE)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAG extension header too long")); + DPRINTF("TAG extension header too long"); return (EINVAL); } break; case SADB_X_EXT_TAP: if (i < sizeof(struct sadb_x_tap)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAP extension header too small")); + DPRINTF("TAP extension header too small"); return (EINVAL); } if (i > sizeof(struct sadb_x_tap)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAP extension header too long")); + DPRINTF("TAP extension header too long"); return (EINVAL); } break; #endif default: - DPRINTF(("pfkeyv2_parsemessage: unknown extension " - "header type %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("unknown extension header type %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -924,7 +892,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) } if (left) { - DPRINTF(("pfkeyv2_parsemessage: message too long\n")); + DPRINTF("message too long"); return (EINVAL); } @@ -934,8 +902,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) required = sadb_exts_required_in[sadb_msg->sadb_msg_type]; if ((seen & required) != required) { - DPRINTF(("pfkeyv2_parsemessage: required fields " - "missing\n")); + DPRINTF("required fields missing"); return (EINVAL); } } @@ -944,16 +911,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case SADB_UPDATE: if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { - DPRINTF(("pfkeyv2_parsemessage: updating non-mature " - "SA prohibited\n")); + DPRINTF("updating non-mature SA prohibited"); return (EINVAL); } break; case SADB_ADD: if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { - DPRINTF(("pfkeyv2_parsemessage: adding non-mature " - "SA prohibited\n")); + DPRINTF("adding non-mature SA prohibited"); return (EINVAL); } break; diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 9be571c0220..7943d5f6207 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.148 2021/07/08 09:22:30 bluhm Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.149 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -71,9 +71,14 @@ #include "bpfilter.h" #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif int ah_massage_headers(struct mbuf **, int, int, int, int); @@ -127,15 +132,14 @@ ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("%s: unsupported authentication algorithm %d" - " specified\n", __func__, ii->ii_authalg)); + DPRINTF("unsupported authentication algorithm %d specified", + ii->ii_authalg); return EINVAL; } if (ii->ii_authkeylen != thash->keysize && thash->keysize != 0) { - DPRINTF(("ah_init(): keylength %d doesn't match algorithm " - "%s keysize (%d)\n", ii->ii_authkeylen, thash->name, - thash->keysize)); + DPRINTF("keylength %d doesn't match algorithm %s keysize (%d)", + ii->ii_authkeylen, thash->name, thash->keysize); return EINVAL; } @@ -143,8 +147,7 @@ ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) tdbp->tdb_authalgxform = thash; tdbp->tdb_rpl = AH_HMAC_INITIAL_RPL; - DPRINTF(("%s: initialized TDB with hash algorithm %s\n", __func__, - thash->name)); + DPRINTF("initialized TDB with hash algorithm %s", thash->name); tdbp->tdb_amxkeylen = ii->ii_authkeylen; tdbp->tdb_amxkey = malloc(tdbp->tdb_amxkeylen, M_XDATA, M_WAITOK); @@ -215,7 +218,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) */ *m0 = m = m_pullup(m, skip); if (m == NULL) { - DPRINTF(("%s: m_pullup() failed\n", __func__)); + DPRINTF("m_pullup() failed"); ahstat_inc(ahs_hdrops); return ENOBUFS; } @@ -233,9 +236,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) for (off = sizeof(struct ip); off < skip;) { if (ptr[off] != IPOPT_EOL && ptr[off] != IPOPT_NOP && off + 1 >= skip) { - DPRINTF(("%s: illegal IPv4 option length for" - " option %d\n", __func__, ptr[off])); - + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -257,10 +260,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) case 0x95: /* RFC1770 */ /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option" - " length for option %d\n", __func__, - ptr[off])); - + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -273,10 +275,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) case IPOPT_SSRR: /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option" - " length for option %d\n", __func__, - ptr[off])); - + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -302,9 +303,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) default: /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option" - " length for option %d\n", __func__, - ptr[off])); + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -319,9 +320,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) /* Sanity check. */ if (off > skip) { - DPRINTF(("%s: malformed IPv4 options header\n", - __func__)); - + DPRINTF("malformed IPv4 options header"); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -337,7 +336,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) /* We don't do IPv6 Jumbograms. */ if (ip6.ip6_plen == 0) { - DPRINTF(("%s: unsupported IPv6 jumbogram", __func__)); + DPRINTF("unsupported IPv6 jumbogram"); ahstat_inc(ahs_hdrops); m_freem(m); return EMSGSIZE; @@ -358,7 +357,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) error = m_copyback(m, 0, sizeof(struct ip6_hdr), &ip6, M_NOWAIT); if (error) { - DPRINTF(("%s: m_copyback no memory", __func__)); + DPRINTF("m_copyback no memory"); ahstat_inc(ahs_hdrops); m_freem(m); return error; @@ -370,8 +369,8 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) ptr = malloc(skip - sizeof(struct ip6_hdr), M_XDATA, M_NOWAIT); if (ptr == NULL) { - DPRINTF(("%s: failed to allocate memory" - " for IPv6 headers\n", __func__)); + DPRINTF("failed to allocate " + "memory for IPv6 headers"); ahstat_inc(ahs_hdrops); m_freem(m); return ENOBUFS; @@ -488,8 +487,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) } default: - DPRINTF(("%s: unexpected IPv6 header type %d\n", - __func__, off)); + DPRINTF("unexpected IPv6 header type %d", off); error6: if (alloc) free(ptr, M_XDATA, 0); @@ -556,32 +554,31 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) case 0: /* All's well. */ break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("replay counter wrapped for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_wrap); error = ENOBUFS; goto drop; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("old packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); error = ENOBUFS; goto drop; case 3: - DPRINTF(("%s: duplicate packet received in SA " - "%s/%08x\n", __func__, - ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("duplicate packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); error = ENOBUFS; goto drop; default: - DPRINTF(("%s: bogus value from " - "checkreplaywindow() in SA %s/%08x\n", __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); error = ENOBUFS; goto drop; @@ -590,20 +587,20 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Verify AH header length. */ if (hl * sizeof(u_int32_t) != ahx->authsize + rplen - AH_FLENGTH) { - DPRINTF(("%s: bad authenticator length %ld for packet " - "in SA %s/%08x\n", __func__, hl * sizeof(u_int32_t), + DPRINTF("bad authenticator length %ld for packet in SA %s/%08x", + hl * sizeof(u_int32_t), ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_badauthl); error = EACCES; goto drop; } if (skip + ahx->authsize + rplen > m->m_pkthdr.len) { - DPRINTF(("%s: bad mbuf length %d (expecting %d) " - "for packet in SA %s/%08x\n", __func__, + DPRINTF("bad mbuf length %d (expecting %d) for packet " + "in SA %s/%08x", m->m_pkthdr.len, skip + ahx->authsize + rplen, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_badauthl); error = EACCES; goto drop; @@ -634,8 +631,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", - __func__)); + DPRINTF("failed to acquire crypto descriptors"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; @@ -662,7 +658,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) tc = malloc(sizeof(*tc) + skip + rplen + ahx->authsize, M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; @@ -741,10 +737,9 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Verify authenticator. */ if (timingsafe_bcmp(ptr + skip + rplen, calc, ahx->authsize)) { - DPRINTF(("%s: authentication failed for packet in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); - + DPRINTF("authentication failed for packet in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_badauth); goto baddone; } @@ -768,29 +763,28 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) #endif break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("replay counter wrapped for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_wrap); goto baddone; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("old packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); goto baddone; case 3: - DPRINTF(("%s): duplicate packet received in " - "SA %s/%08x\n", __func__, - ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("duplicate packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); goto baddone; default: - DPRINTF(("%s: bogus value from " - "checkreplaywindow() in SA %s/%08x\n", __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); goto baddone; } @@ -799,9 +793,9 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Record the beginning of the AH header. */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { - DPRINTF(("%s: bad mbuf chain for packet in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + DPRINTF("bad mbuf chain for packet in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_hdrops); goto baddone; } @@ -934,9 +928,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, * manual) keying. */ if ((tdb->tdb_rpl == 0) && (tdb->tdb_wnd > 0)) { - DPRINTF(("%s: SA %s/%08x should have expired\n", __func__, + DPRINTF("SA %s/%08x should have expired", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_wrap); error = EINVAL; goto drop; @@ -948,10 +942,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET: /* Check for IP maximum packet size violations. */ if (rplen + ahx->authsize + m->m_pkthdr.len > IP_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, + DPRINTF("packet in SA %s/%08x got too big", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_toobig); error = EMSGSIZE; goto drop; @@ -962,9 +955,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET6: /* Check for IPv6 maximum packet size violations. */ if (rplen + ahx->authsize + m->m_pkthdr.len > IPV6_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("packet in SA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_toobig); error = EMSGSIZE; goto drop; @@ -973,10 +966,10 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, #endif /* INET6 */ default: - DPRINTF(("%s: unknown/unsupported protocol family %d, " - "SA %s/%08x\n", __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unknown/unsupported protocol family %d, SA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_nopf); error = EPFNOSUPPORT; goto drop; @@ -1026,9 +1019,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Inject AH header. */ mi = m_makespace(m, skip, rplen + ahx->authsize, &roff); if (mi == NULL) { - DPRINTF(("%s: failed to inject AH header for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + DPRINTF("failed to inject AH header for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_hdrops); error = ENOBUFS; goto drop; @@ -1058,8 +1051,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", - __func__)); + DPRINTF("failed to acquire crypto descriptors"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; @@ -1087,7 +1079,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Allocate IPsec-specific opaque crypto info. */ tc = malloc(sizeof(*tc) + skip, M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 948f838bef8..34607dc0b40 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.165 2021/07/08 09:22:30 bluhm Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.166 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -70,9 +70,14 @@ #include "bpfilter.h" #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* @@ -96,8 +101,8 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) int error; if (!ii->ii_encalg && !ii->ii_authalg) { - DPRINTF(("esp_init(): neither authentication nor encryption " - "algorithm given")); + DPRINTF("neither authentication nor encryption algorithm " + "given"); return EINVAL; } @@ -140,22 +145,23 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("esp_init(): unsupported encryption " - "algorithm %d specified\n", ii->ii_encalg)); + DPRINTF("unsupported encryption algorithm %d " + "specified", + ii->ii_encalg); return EINVAL; } if (ii->ii_enckeylen < txform->minkey) { - DPRINTF(("esp_init(): keylength %d too small " - "(min length is %d) for algorithm %s\n", - ii->ii_enckeylen, txform->minkey, txform->name)); + DPRINTF("keylength %d too small (min length is %d) " + "for algorithm %s", + ii->ii_enckeylen, txform->minkey, txform->name); return EINVAL; } if (ii->ii_enckeylen > txform->maxkey) { - DPRINTF(("esp_init(): keylength %d too large " - "(max length is %d) for algorithm %s\n", - ii->ii_enckeylen, txform->maxkey, txform->name)); + DPRINTF("keylength %d too large (max length is %d) " + "for algorithm %s", + ii->ii_enckeylen, txform->maxkey, txform->name); return EINVAL; } @@ -182,8 +188,7 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) tdbp->tdb_encalgxform = txform; - DPRINTF(("esp_init(): initialized TDB with enc algorithm %s\n", - txform->name)); + DPRINTF("initialized TDB with enc algorithm %s", txform->name); tdbp->tdb_ivlen = txform->ivsize; } @@ -231,22 +236,22 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("esp_init(): unsupported authentication " - "algorithm %d specified\n", ii->ii_authalg)); + DPRINTF("unsupported authentication algorithm %d " + "specified", + ii->ii_authalg); return EINVAL; } if (ii->ii_authkeylen != thash->keysize) { - DPRINTF(("esp_init(): keylength %d doesn't match " - "algorithm %s keysize (%d)\n", ii->ii_authkeylen, - thash->name, thash->keysize)); + DPRINTF("keylength %d doesn't match algorithm %s " + "keysize (%d)", + ii->ii_authkeylen, thash->name, thash->keysize); return EINVAL; } tdbp->tdb_authalgxform = thash; - DPRINTF(("esp_init(): initialized TDB with hash algorithm %s\n", - thash->name)); + DPRINTF("initialized TDB with hash algorithm %s", thash->name); } tdbp->tdb_xform = xsp; @@ -354,7 +359,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) alen = esph ? esph->authsize : 0; plen = m->m_pkthdr.len - (skip + hlen + alen); if (plen <= 0) { - DPRINTF(("%s: invalid payload length\n", __func__)); + DPRINTF("invalid payload length"); espstat_inc(esps_badilen); error = EINVAL; goto drop; @@ -366,10 +371,11 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) * block size. */ if (plen & (espx->blocksize - 1)) { - DPRINTF(("%s: payload of %d octets not a multiple of %d" - " octets, SA %s/%08x\n", __func__, - plen, espx->blocksize, ipsp_address(&tdb->tdb_dst, - buf, sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("payload of %d octets not a multiple " + "of %d octets, SA %s/%08x", + plen, espx->blocksize, + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_badilen); error = EINVAL; goto drop; @@ -386,35 +392,31 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) case 0: /* All's well */ break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, + DPRINTF("replay counter wrapped for SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_wrap); error = EACCES; goto drop; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, + DPRINTF("old packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); error = EACCES; goto drop; case 3: - DPRINTF(("%s: duplicate packet received" - " in SA %s/%08x\n", __func__, + DPRINTF("duplicate packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); error = EACCES; goto drop; default: - DPRINTF(("%s: bogus value from" - " checkreplaywindow() in SA %s/%08x\n", - __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); error = EACCES; goto drop; @@ -446,7 +448,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Get crypto descriptors */ crp = crypto_getreq(esph && espx ? 2 : 1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); + DPRINTF("failed to acquire crypto descriptors"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; @@ -458,7 +460,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) else tc = malloc(sizeof(*tc) + alen, M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; @@ -570,10 +572,10 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Verify authenticator */ if (timingsafe_bcmp(ptr, aalg, esph->authsize)) { - DPRINTF(("%s: authentication " - "failed for packet in SA %s/%08x\n", __func__, - ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("authentication failed for packet " + "in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_badauth); goto baddone; } @@ -596,31 +598,28 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, + DPRINTF("replay counter wrapped for SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_wrap); goto baddone; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, + DPRINTF("old packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); goto baddone; case 3: - DPRINTF(("%s: duplicate packet received" - " in SA %s/%08x\n", __func__, + DPRINTF("duplicate packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); goto baddone; default: - DPRINTF(("%s: bogus value from" - " checkreplaywindow() in SA %s/%08x\n", __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); goto baddone; } @@ -632,9 +631,9 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Find beginning of ESP header */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { - DPRINTF(("%s: bad mbuf chain, SA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); goto baddone; } @@ -701,19 +700,19 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Verify pad length */ if (lastthree[1] + 2 > m->m_pkthdr.len - skip) { - DPRINTF(("%s: invalid padding length %d for packet in " - "SA %s/%08x\n", __func__, lastthree[1], + DPRINTF("invalid padding length %d for packet in SA %s/%08x", + lastthree[1], ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_badilen); goto baddone; } /* Verify correct decryption by checking the last padding bytes */ if ((lastthree[1] != lastthree[0]) && (lastthree[1] != 0)) { - DPRINTF(("%s: decryption failed for packet in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("decryption failed for packet in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_badenc); goto baddone; } @@ -799,10 +798,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET: /* Check for IP maximum packet size violations. */ if (skip + hlen + rlen + padding + alen > IP_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), - ntohl(tdb->tdb_spi))); + DPRINTF("packet in SA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_toobig); error = EMSGSIZE; goto drop; @@ -813,9 +811,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET6: /* Check for IPv6 maximum packet size violations. */ if (skip + hlen + rlen + padding + alen > IPV6_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("acket in SA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_toobig); error = EMSGSIZE; goto drop; @@ -824,10 +822,10 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, #endif /* INET6 */ default: - DPRINTF(("%s: unknown/unsupported protocol family %d, " - "SA %s/%08x\n", __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unknown/unsupported protocol family %d, SA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_nopf); error = EPFNOSUPPORT; goto drop; @@ -865,9 +863,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct mbuf *n = m_dup_pkt(m, 0, M_DONTWAIT); if (n == NULL) { - DPRINTF(("%s: bad mbuf chain, SA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); error = ENOBUFS; goto drop; @@ -880,9 +878,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Inject ESP header. */ mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { - DPRINTF(("%s: failed to inject ESP header for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("failed to inject ESP header for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); error = ENOBUFS; goto drop; @@ -906,9 +904,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, */ mo = m_makespace(m, m->m_pkthdr.len, padding + alen, &roff); if (mo == NULL) { - DPRINTF(("%s: m_makespace() failed for SA %s/%08x\n", __func__, + DPRINTF("m_makespace() failed for SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); error = ENOBUFS; goto drop; @@ -930,8 +928,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Get crypto descriptors. */ crp = crypto_getreq(esph && espx ? 2 : 1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", - __func__)); + DPRINTF("failed to acquire crypto descriptors"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; @@ -970,7 +967,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* IPsec-specific opaque crypto info. */ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 8540694dcb5..5f9433fd5bd 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.69 2021/07/08 09:22:30 bluhm Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.70 2021/07/08 15:13:14 bluhm Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -57,9 +57,14 @@ #include "bpfilter.h" #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* @@ -90,15 +95,14 @@ ipcomp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("%s: unsupported compression algorithm %d specified\n", - __func__, ii->ii_compalg)); + DPRINTF("unsupported compression algorithm %d specified", + ii->ii_compalg); return EINVAL; } tdbp->tdb_compalgxform = tcomp; - DPRINTF(("%s: initialized TDB with ipcomp algorithm %s\n", __func__, - tcomp->name)); + DPRINTF("initialized TDB with ipcomp algorithm %s", tcomp->name); tdbp->tdb_xform = xsp; @@ -146,7 +150,7 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) crp = crypto_getreq(1); if (crp == NULL) { m_freem(m); - DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); + DPRINTF("failed to acquire crypto descriptors"); ipcompstat_inc(ipcomps_crypto); return ENOBUFS; } @@ -155,7 +159,7 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) if (tc == NULL) { m_freem(m); crypto_freereq(crp); - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ipcompstat_inc(ipcomps_crypto); return ENOBUFS; } @@ -239,9 +243,9 @@ ipcomp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen /* Find the beginning of the IPCOMP header */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { - DPRINTF(("%s: bad mbuf chain, IPCA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, IPCA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_hdrops); goto baddone; } @@ -362,9 +366,9 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, * worry */ if (m->m_pkthdr.len + hlen > IP_MAXPACKET) { - DPRINTF(("%s: packet in IPCA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("packet in IPCA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_toobig); error = EMSGSIZE; goto drop; @@ -375,9 +379,9 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET6: /* Check for IPv6 maximum packet size violations */ if (m->m_pkthdr.len + hlen > IPV6_MAXPACKET) { - DPRINTF(("%s: packet in IPCA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("packet in IPCA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_toobig); error = EMSGSIZE; goto drop; @@ -386,10 +390,10 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, #endif /* INET6 */ default: - DPRINTF(("%s: unknown/unsupported protocol family %d, " - "IPCA %s/%08x\n", __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unknown/unsupported protocol family %d, IPCA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_nopf); error = EPFNOSUPPORT; goto drop; @@ -426,9 +430,9 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct mbuf *n = m_dup_pkt(m, 0, M_DONTWAIT); if (n == NULL) { - DPRINTF(("%s: bad mbuf chain, IPCA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, IPCA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_hdrops); error = ENOBUFS; goto drop; @@ -442,7 +446,7 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Get crypto descriptors */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); + DPRINTF("failed to acquire crypto descriptors"); ipcompstat_inc(ipcomps_crypto); error = ENOBUFS; goto drop; @@ -461,7 +465,7 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* IPsec-specific opaque crypto info */ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ipcompstat_inc(ipcomps_crypto); error = ENOBUFS; goto drop; @@ -524,9 +528,9 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, /* Inject IPCOMP header */ mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff); if (mo == NULL) { - DPRINTF(("%s: failed to inject IPCOMP header for " - "IPCA %s/%08x\n", __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("ailed to inject IPCOMP header for IPCA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_wrap); goto baddone; } @@ -552,10 +556,10 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, break; #endif default: - DPRINTF(("%s: unsupported protocol family %d, IPCA %s/%08x\n", - __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unsupported protocol family %d, IPCA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_nopf); goto baddone; } diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index 831c3e4e666..c3c261f7566 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.91 2021/07/07 18:03:46 bluhm Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.92 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -72,9 +72,14 @@ #endif #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* @@ -101,7 +106,7 @@ ipip_input(struct mbuf **mp, int *offp, int nxt, int af) /* If we do not accept IP-in-IP explicitly, drop. */ if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) { - DPRINTF(("%s: dropped due to policy\n", __func__)); + DPRINTF("dropped due to policy"); ipipstat_inc(ipips_pdrops); m_freemp(mp); return IPPROTO_DONE; @@ -159,7 +164,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, /* Bring the IP header in the first mbuf, if not there already */ if (m->m_len < hlen) { if ((m = *mp = m_pullup(m, hlen)) == NULL) { - DPRINTF(("%s: m_pullup() failed\n", __func__)); + DPRINTF("m_pullup() failed"); ipipstat_inc(ipips_hdrops); goto bad; } @@ -214,7 +219,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, */ if (m->m_len < hlen) { if ((m = *mp = m_pullup(m, hlen)) == NULL) { - DPRINTF(("%s: m_pullup() failed\n", __func__)); + DPRINTF("m_pullup() failed"); ipipstat_inc(ipips_hdrops); goto bad; } @@ -240,7 +245,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, mode = m->m_flags & (M_AUTH|M_CONF) ? ECN_ALLOWED_IPSEC : ECN_ALLOWED; if (!ip_ecn_egress(mode, &otos, &itos)) { - DPRINTF(("%s: ip_ecn_egress() failed\n", __func__)); + DPRINTF("ip_ecn_egress() failed"); ipipstat_inc(ipips_pdrops); goto bad; } @@ -254,7 +259,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, ip6 = mtod(m, struct ip6_hdr *); itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; if (!ip_ecn_egress(ECN_ALLOWED, &otos, &itos)) { - DPRINTF(("%s: ip_ecn_egress() failed\n", __func__)); + DPRINTF("ip_ecn_egress() failed"); ipipstat_inc(ipips_pdrops); goto bad; } @@ -350,10 +355,10 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, tdb->tdb_src.sin.sin_addr.s_addr == INADDR_ANY || tdb->tdb_dst.sin.sin_addr.s_addr == INADDR_ANY) { - DPRINTF(("%s: unspecified tunnel endpoind " - "address in SA %s/%08x\n", __func__, + DPRINTF("unspecified tunnel endpoind address " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipipstat_inc(ipips_unspec); m_freem(m); @@ -363,7 +368,7 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); if (m == NULL) { - DPRINTF(("%s: M_PREPEND failed\n", __func__)); + DPRINTF("M_PREPEND failed"); ipipstat_inc(ipips_hdrops); *mp = NULL; return ENOBUFS; @@ -436,10 +441,10 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, tdb->tdb_src.sa.sa_family != AF_INET6 || IN6_IS_ADDR_UNSPECIFIED(&tdb->tdb_src.sin6.sin6_addr)) { - DPRINTF(("%s: unspecified tunnel endpoind " - "address in SA %s/%08x\n", __func__, + DPRINTF("unspecified tunnel endpoind address " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipipstat_inc(ipips_unspec); m_freem(m); @@ -459,7 +464,7 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == NULL) { - DPRINTF(("%s: M_PREPEND failed\n", __func__)); + DPRINTF("M_PREPEND failed"); ipipstat_inc(ipips_hdrops); *mp = NULL; return ENOBUFS; @@ -509,8 +514,8 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, #endif /* INET6 */ default: - DPRINTF(("%s: unsupported protocol family %d\n", __func__, - tdb->tdb_dst.sa.sa_family)); + DPRINTF("unsupported protocol family %d", + tdb->tdb_dst.sa.sa_family); m_freem(m); *mp = NULL; ipipstat_inc(ipips_family); @@ -565,7 +570,7 @@ int ipe4_input(struct mbuf *m, struct tdb *tdb, int hlen, int proto) { /* This is a rather serious mistake, so no conditional printing. */ - printf("ipe4_input(): should never be called\n"); + printf("%s: should never be called\n", __func__); m_freem(m); return EINVAL; } diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 4d40e61a92d..5c4cf2f9efe 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.238 2021/03/10 10:21:49 jsg Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.239 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -74,9 +74,14 @@ void tdb_hashstats(void); #endif #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif void tdb_rehash(void); @@ -910,9 +915,10 @@ tdb_init(struct tdb *tdbp, u_int16_t alg, struct ipsecinit *ii) } } - DPRINTF(("%s: no alg %d for spi %08x, addr %s, proto %d\n", __func__, - alg, ntohl(tdbp->tdb_spi), ipsp_address(&tdbp->tdb_dst, buf, - sizeof(buf)), tdbp->tdb_sproto)); + DPRINTF("no alg %d for spi %08x, addr %s, proto %d", + alg, ntohl(tdbp->tdb_spi), + ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)), + tdbp->tdb_sproto); return EINVAL; } @@ -983,8 +989,8 @@ ipsp_ids_insert(struct ipsec_ids *ids) /* if refcount was zero, then timeout is running */ if (found->id_refcount++ == 0) timeout_del(&found->id_timeout); - DPRINTF(("%s: ids %p count %d\n", __func__, - found, found->id_refcount)); + DPRINTF("ids %p count %d", + found, found->id_refcount); return found; } ids->id_flow = start_flow = ipsec_ids_next_flow; @@ -995,13 +1001,13 @@ ipsp_ids_insert(struct ipsec_ids *ids) if (++ipsec_ids_next_flow == 0) ipsec_ids_next_flow = 1; if (ipsec_ids_next_flow == start_flow) { - DPRINTF(("ipsec_ids_next_flow exhausted %u\n", - ipsec_ids_next_flow)); + DPRINTF("psec_ids_next_flow exhausted %u", + ipsec_ids_next_flow); return NULL; } } ids->id_refcount = 1; - DPRINTF(("%s: new ids %p flow %u\n", __func__, ids, ids->id_flow)); + DPRINTF("new ids %p flow %u", ids, ids->id_flow); timeout_set_proc(&ids->id_timeout, ipsp_ids_timeout, ids); return ids; } @@ -1023,7 +1029,7 @@ ipsp_ids_timeout(void *arg) { struct ipsec_ids *ids = arg; - DPRINTF(("%s: ids %p count %d\n", __func__, ids, ids->id_refcount)); + DPRINTF("ids %p count %d", ids, ids->id_refcount); KASSERT(ids->id_refcount == 0); NET_LOCK(); @@ -1043,7 +1049,7 @@ ipsp_ids_free(struct ipsec_ids *ids) * If the refcount becomes zero, then a timeout is started. This * timeout must be cancelled if refcount is increased from zero. */ - DPRINTF(("%s: ids %p count %d\n", __func__, ids, ids->id_refcount)); + DPRINTF("ids %p count %d", ids, ids->id_refcount); KASSERT(ids->id_refcount > 0); if (--ids->id_refcount == 0) timeout_add_sec(&ids->id_timeout, ipsec_ids_idle); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 396caa3ea13..e9fd37635fe 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.371 2021/05/12 08:09:33 mvs Exp $ */ +/* $OpenBSD: ip_output.c,v 1.372 2021/07/08 15:13:14 bluhm Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -66,9 +66,14 @@ #ifdef IPSEC #ifdef ENCDEBUG -#define DPRINTF(x) do { if (encdebug) printf x ; } while (0) +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif #endif /* IPSEC */ @@ -611,8 +616,8 @@ ip_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route *ro, int fwd) m->m_pkthdr.ph_rtableid, 1); rt_mtucloned = 1; } - DPRINTF(("%s: spi %08x mtu %d rt %p cloned %d\n", __func__, - ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned)); + DPRINTF("spi %08x mtu %d rt %p cloned %d", + ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned); if (rt != NULL) { rt->rt_mtu = tdb->tdb_mtu; if (ro != NULL && ro->ro_rt != NULL) { diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 414830c4653..0c6bdeaa994 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.174 2021/06/18 15:34:21 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.175 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -85,9 +85,14 @@ void ipsec_common_ctlinput(u_int, int, struct sockaddr *, void *, int); #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* sysctl variables */ @@ -199,20 +204,20 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, IPSEC_ISTAT(esps_input, ahs_input, ipcomps_input); if (m == NULL) { - DPRINTF(("%s: NULL packet received\n", __func__)); + DPRINTF("NULL packet received"); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return EINVAL; } if ((sproto == IPPROTO_IPCOMP) && (m->m_flags & M_COMP)) { - DPRINTF(("%s: repeated decompression\n", __func__)); + DPRINTF("repeated decompression"); ipcompstat_inc(ipcomps_pdrops); error = EINVAL; goto drop; } if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t)) { - DPRINTF(("%s: packet too small\n", __func__)); + DPRINTF("packet too small"); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); error = EINVAL; goto drop; @@ -266,7 +271,7 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, #endif /* INET6 */ default: - DPRINTF(("%s: unsupported protocol family %d\n", __func__, af)); + DPRINTF("unsupported protocol family %d", af); IPSEC_ISTAT(esps_nopf, ahs_nopf, ipcomps_nopf); error = EPFNOSUPPORT; goto drop; @@ -275,45 +280,44 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, tdbp = gettdb(rtable_l2(m->m_pkthdr.ph_rtableid), spi, &dst_address, sproto); if (tdbp == NULL) { - DPRINTF(("%s: could not find SA for packet to %s, spi %08x\n", - __func__, - ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi))); + DPRINTF("could not find SA for packet to %s, spi %08x", + ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi)); IPSEC_ISTAT(esps_notdb, ahs_notdb, ipcomps_notdb); error = ENOENT; goto drop; } if (tdbp->tdb_flags & TDBF_INVALID) { - DPRINTF(("%s: attempted to use invalid SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use invalid SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); IPSEC_ISTAT(esps_invalid, ahs_invalid, ipcomps_invalid); error = EINVAL; goto drop; } if (udpencap && !(tdbp->tdb_flags & TDBF_UDPENCAP)) { - DPRINTF(("%s: attempted to use non-udpencap SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use non-udpencap SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); espstat_inc(esps_udpinval); error = EINVAL; goto drop; } if (!udpencap && (tdbp->tdb_flags & TDBF_UDPENCAP)) { - DPRINTF(("%s: attempted to use udpencap SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use udpencap SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); espstat_inc(esps_udpneeded); error = EINVAL; goto drop; } if (tdbp->tdb_xform == NULL) { - DPRINTF(("%s: attempted to use uninitialized SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use uninitialized SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); IPSEC_ISTAT(esps_noxform, ahs_noxform, ipcomps_noxform); error = ENXIO; goto drop; @@ -322,10 +326,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, if (sproto != IPPROTO_IPCOMP) { if ((encif = enc_getif(tdbp->tdb_rdomain_post, tdbp->tdb_tap)) == NULL) { - DPRINTF(("%s: no enc%u interface for SA %s/%08x/%u\n", - __func__, - tdbp->tdb_tap, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("no enc%u interface for SA %s/%08x/%u", + tdbp->tdb_tap, + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); IPSEC_ISTAT(esps_pdrops, ahs_pdrops, ipcomps_pdrops); error = EACCES; goto drop; @@ -379,7 +383,7 @@ ipsec_input_cb(struct cryptop *crp) KERNEL_ASSERT_LOCKED(); if (m == NULL) { - DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); + DPRINTF("bogus returned buffer from crypto"); ipsecstat_inc(ipsec_crypto); goto droponly; } @@ -388,7 +392,7 @@ ipsec_input_cb(struct cryptop *crp) NET_LOCK(); tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto); if (tdb == NULL) { - DPRINTF(("%s: TDB is expired while in crypto", __func__)); + DPRINTF("TDB is expired while in crypto"); ipsecstat_inc(ipsec_notdb); goto baddone; } @@ -403,7 +407,7 @@ ipsec_input_cb(struct cryptop *crp) crypto_dispatch(crp); return; } - DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); + DPRINTF("crypto error %d", crp->crp_etype); ipsecstat_inc(ipsec_noxform); goto baddone; } @@ -488,9 +492,9 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) /* Fix IPv4 header */ if (af == AF_INET) { if ((m->m_len < skip) && ((m = m_pullup(m, skip)) == NULL)) { - DPRINTF(("%s: processing failed for SA %s/%08x\n", - __func__, ipsp_address(&tdbp->tdb_dst, - buf, sizeof(buf)), ntohl(tdbp->tdb_spi))); + DPRINTF("processing failed for SA %s/%08x", + ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)), + ntohl(tdbp->tdb_spi)); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return -1; } @@ -537,10 +541,9 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) if (m->m_len < sizeof(struct ip6_hdr) && (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { - DPRINTF(("%s: processing failed for SA %s/%08x\n", - __func__, ipsp_address(&tdbp->tdb_dst, - buf, sizeof(buf)), ntohl(tdbp->tdb_spi))); - + DPRINTF("processing failed for SA %s/%08x", + ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)), + ntohl(tdbp->tdb_spi)); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return -1; } @@ -640,7 +643,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { m_freem(m); - DPRINTF(("%s: failed to get tag\n", __func__)); + DPRINTF("failed to get tag"); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return -1; } @@ -998,9 +1001,8 @@ ipsec_common_ctlinput(u_int rdomain, int cmd, struct sockaddr *sa, tdbp->tdb_mtu = mtu; tdbp->tdb_mtutimeout = gettime() + ip_mtudisc_timeout; - DPRINTF(("%s: spi %08x mtu %d adjust %ld\n", __func__, - ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, - adjust)); + DPRINTF("spi %08x mtu %d adjust %ld", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, adjust); } } } @@ -1053,10 +1055,9 @@ udpencap_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) tdbp->tdb_mtu = mtu - adjust; tdbp->tdb_mtutimeout = gettime() + ip_mtudisc_timeout; - DPRINTF(("%s: spi %08x mtu %d adjust %ld\n", - __func__, + DPRINTF("spi %08x mtu %d adjust %ld", ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, - adjust)); + adjust); } } } @@ -1089,7 +1090,7 @@ ah6_input(struct mbuf **mp, int *offp, int proto, int af) return rip6_input(mp, offp, proto, af); if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("%s: bad offset\n", __func__)); + DPRINTF("bad offset"); ahstat_inc(ahs_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1119,7 +1120,7 @@ ah6_input(struct mbuf **mp, int *offp, int proto, int af) /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("%s: bad packet header chain\n", __func__)); + DPRINTF("bad packet header chain"); ahstat_inc(ahs_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1146,7 +1147,7 @@ esp6_input(struct mbuf **mp, int *offp, int proto, int af) return rip6_input(mp, offp, proto, af); if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("%s: bad offset\n", __func__)); + DPRINTF("bad offset"); espstat_inc(esps_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1176,7 +1177,7 @@ esp6_input(struct mbuf **mp, int *offp, int proto, int af) /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("%s: bad packet header chain\n", __func__)); + DPRINTF("bad packet header chain"); espstat_inc(esps_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1204,7 +1205,7 @@ ipcomp6_input(struct mbuf **mp, int *offp, int proto, int af) return rip6_input(mp, offp, proto, af); if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("%s: bad offset\n", __func__)); + DPRINTF("bad offset"); ipcompstat_inc(ipcomps_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1233,7 +1234,7 @@ ipcomp6_input(struct mbuf **mp, int *offp, int proto, int af) /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("%s: bad packet header chain\n", __func__)); + DPRINTF("bad packet header chain"); ipcompstat_inc(ipcomps_hdrops); m_freemp(mp); return IPPROTO_DONE; diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index dcae758d3c0..a1f1616addd 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.81 2021/07/07 18:03:46 bluhm Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.82 2021/07/08 15:13:14 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -51,9 +51,14 @@ #include #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif int udpencap_enable = 1; /* enabled by default */ @@ -89,24 +94,24 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) if ((tdb->tdb_sproto == IPPROTO_ESP && !esp_enable) || (tdb->tdb_sproto == IPPROTO_AH && !ah_enable) || (tdb->tdb_sproto == IPPROTO_IPCOMP && !ipcomp_enable)) { - DPRINTF(("ipsp_process_packet(): IPsec outbound packet " - "dropped due to policy (check your sysctls)\n")); + DPRINTF("IPsec outbound packet dropped due to policy " + "(check your sysctls)"); error = EHOSTUNREACH; goto drop; } /* Sanity check. */ if (!tdb->tdb_xform) { - DPRINTF(("%s: uninitialized TDB\n", __func__)); + DPRINTF("uninitialized TDB"); error = EHOSTUNREACH; goto drop; } /* Check if the SPI is invalid. */ if (tdb->tdb_flags & TDBF_INVALID) { - DPRINTF(("ipsp_process_packet(): attempt to use invalid " - "SA %s/%08x/%u\n", ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi), tdb->tdb_sproto)); + DPRINTF("attempt to use invalid SA %s/%08x/%u", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi), tdb->tdb_sproto); error = ENXIO; goto drop; } @@ -122,11 +127,10 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) #endif /* INET6 */ default: - DPRINTF(("ipsp_process_packet(): attempt to use " - "SA %s/%08x/%u for protocol family %d\n", + DPRINTF("attempt to use SA %s/%08x/%u for protocol family %d", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), ntohl(tdb->tdb_spi), tdb->tdb_sproto, - tdb->tdb_dst.sa.sa_family)); + tdb->tdb_dst.sa.sa_family); error = ENXIO; goto drop; } @@ -394,7 +398,7 @@ ipsec_output_cb(struct cryptop *crp) KERNEL_ASSERT_LOCKED(); if (m == NULL) { - DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); + DPRINTF("bogus returned buffer from crypto"); ipsecstat_inc(ipsec_crypto); goto droponly; } @@ -402,7 +406,7 @@ ipsec_output_cb(struct cryptop *crp) NET_LOCK(); tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto); if (tdb == NULL) { - DPRINTF(("%s: TDB is expired while in crypto\n", __func__)); + DPRINTF("TDB is expired while in crypto"); ipsecstat_inc(ipsec_notdb); goto baddone; } @@ -417,7 +421,7 @@ ipsec_output_cb(struct cryptop *crp) crypto_dispatch(crp); return; } - DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); + DPRINTF("crypto error %d", crp->crp_etype); ipsecstat_inc(ipsec_noxform); goto baddone; } @@ -498,8 +502,8 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) break; #endif /* INET6 */ default: - DPRINTF(("ipsp_process_done(): unknown protocol family " - "(%d)\n", tdb->tdb_dst.sa.sa_family)); + DPRINTF("unknown protocol family (%d)", + tdb->tdb_dst.sa.sa_family); error = ENXIO; goto drop; } @@ -552,8 +556,8 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) #endif /* INET6 */ default: - DPRINTF(("ipsp_process_done(): unknown protocol family (%d)\n", - tdb->tdb_dst.sa.sa_family)); + DPRINTF("unknown protocol family (%d)", + tdb->tdb_dst.sa.sa_family); error = ENXIO; goto drop; } @@ -565,8 +569,7 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsp_process_done(): could not allocate packet " - "tag\n")); + DPRINTF("could not allocate packet tag"); error = ENOMEM; goto drop; } @@ -701,9 +704,7 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32_t mtu) mtu -= adjust; tdbp->tdb_mtu = mtu; tdbp->tdb_mtutimeout = gettime() + ip_mtudisc_timeout; - DPRINTF(("ipsec_adjust_mtu: " - "spi %08x mtu %d adjust %ld mbuf %p\n", - ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, - adjust, m)); + DPRINTF("spi %08x mtu %d adjust %ld mbuf %p", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, adjust, m); } } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index e11ac43961b..bf7975336db 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.257 2021/05/12 08:09:33 mvs Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.258 2021/07/08 15:13:14 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -108,9 +108,14 @@ #include #ifdef ENCDEBUG -#define DPRINTF(x) do { if (encdebug) printf x ; } while (0) +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif #endif /* IPSEC */ @@ -2837,8 +2842,8 @@ ip6_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route_in6 *ro, m->m_pkthdr.ph_rtableid, 1); rt_mtucloned = 1; } - DPRINTF(("%s: spi %08x mtu %d rt %p cloned %d\n", __func__, - ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned)); + DPRINTF("spi %08x mtu %d rt %p cloned %d", + ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned); if (rt != NULL) { rt->rt_mtu = tdb->tdb_mtu; if (ro != NULL && ro->ro_rt != NULL) {