From 698a75dd6a698616868b7128459e3604a6a54134 Mon Sep 17 00:00:00 2001 From: bluhm Date: Thu, 8 Jul 2021 15:13:14 +0000 Subject: [PATCH] Debug printfs in encdebug were inconsistent, some missing newlines produced ugly output. Move the function name and the newline into the DPRINTF macro. This simplifies the debug statements. OK tobhe@ --- sys/net/pfkeyv2_parsemessage.c | 359 +++++++++++++++------------------ sys/netinet/ip_ah.c | 178 ++++++++-------- sys/netinet/ip_esp.c | 169 ++++++++-------- sys/netinet/ip_ipcomp.c | 64 +++--- sys/netinet/ip_ipip.c | 43 ++-- sys/netinet/ip_ipsp.c | 32 +-- sys/netinet/ip_output.c | 15 +- sys/netinet/ipsec_input.c | 99 ++++----- sys/netinet/ipsec_output.c | 51 ++--- sys/netinet6/ip6_output.c | 15 +- 10 files changed, 503 insertions(+), 522 deletions(-) diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index f6ca211b8af..5cd4fa9a64e 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.58 2021/07/05 12:01:20 tobhe Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.59 2021/07/08 15:13:14 bluhm Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -84,9 +84,14 @@ #endif #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif #define BITMAP_SA (1LL << SADB_EXT_SA) @@ -285,14 +290,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) bzero(headers, (SADB_EXT_MAX + 1) * sizeof(void *)); if (left < sizeof(struct sadb_msg)) { - DPRINTF(("pfkeyv2_parsemessage: message too short\n")); + DPRINTF("message too short"); return (EINVAL); } headers[0] = p; if (sadb_msg->sadb_msg_len * sizeof(uint64_t) != left) { - DPRINTF(("pfkeyv2_parsemessage: length not a multiple of 64\n")); + DPRINTF("length not a multiple of 64"); return (EINVAL); } @@ -300,37 +305,35 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) left -= sizeof(struct sadb_msg); if (sadb_msg->sadb_msg_reserved) { - DPRINTF(("pfkeyv2_parsemessage: message header reserved " - "field set\n")); + DPRINTF("message header reserved field set"); return (EINVAL); } if (sadb_msg->sadb_msg_type > SADB_MAX) { - DPRINTF(("pfkeyv2_parsemessage: message type > %d\n", - SADB_MAX)); + DPRINTF("message type > %d", SADB_MAX); return (EINVAL); } if (!sadb_msg->sadb_msg_type) { - DPRINTF(("pfkeyv2_parsemessage: message type unset\n")); + DPRINTF("message type unset"); return (EINVAL); } if (sadb_msg->sadb_msg_pid != curproc->p_p->ps_pid) { - DPRINTF(("pfkeyv2_parsemessage: bad PID value\n")); + DPRINTF("bad PID value"); return (EINVAL); } if (sadb_msg->sadb_msg_errno) { if (left) { - DPRINTF(("pfkeyv2_parsemessage: too-large error message\n")); + DPRINTF("too-large error message"); return (EINVAL); } return (0); } if (sadb_msg->sadb_msg_type == SADB_X_PROMISC) { - DPRINTF(("pfkeyv2_parsemessage: message type promiscuous\n")); + DPRINTF("message type promiscuous"); return (0); } @@ -339,40 +342,37 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) while (left > 0) { sadb_ext = (struct sadb_ext *)p; if (left < sizeof(struct sadb_ext)) { - DPRINTF(("pfkeyv2_parsemessage: extension header too " - "short\n")); + DPRINTF("extension header too short"); return (EINVAL); } i = sadb_ext->sadb_ext_len * sizeof(uint64_t); if (left < i) { - DPRINTF(("pfkeyv2_parsemessage: extension header " - "exceeds message length\n")); + DPRINTF("extension header exceeds message length"); return (EINVAL); } if (sadb_ext->sadb_ext_type > SADB_EXT_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("unknown extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (!sadb_ext->sadb_ext_type) { - DPRINTF(("pfkeyv2_parsemessage: unset extension " - "header\n")); + DPRINTF("unset extension header"); return (EINVAL); } if (!(allow & (1LL << sadb_ext->sadb_ext_type))) { - DPRINTF(("pfkeyv2_parsemessage: extension header %d " - "not permitted on message type %d\n", - sadb_ext->sadb_ext_type, sadb_msg->sadb_msg_type)); + DPRINTF("extension header %d not permitted on message " + "type %d", + sadb_ext->sadb_ext_type, sadb_msg->sadb_msg_type); return (EINVAL); } if (headers[sadb_ext->sadb_ext_type]) { - DPRINTF(("pfkeyv2_parsemessage: duplicate extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("duplicate extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -385,49 +385,48 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_sa *sadb_sa = (struct sadb_sa *)p; if (i != sizeof(struct sadb_sa)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for SA extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad header length for SA extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_state > SADB_SASTATE_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown SA " - "state %d in SA extension header %d\n", + DPRINTF("unknown SA state %d in SA extension " + "header %d", sadb_sa->sadb_sa_state, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_state == SADB_SASTATE_DEAD) { - DPRINTF(("pfkeyv2_parsemessage: cannot set SA " - "state to dead, SA extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("cannot set SA state to dead, " + "SA extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_encrypt > SADB_EALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown " - "encryption algorithm %d in SA extension " - "header %d\n", sadb_sa->sadb_sa_encrypt, - sadb_ext->sadb_ext_type)); + DPRINTF("unknown encryption algorithm %d " + "in SA extension header %d", + sadb_sa->sadb_sa_encrypt, + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_auth > SADB_AALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown " - "authentication algorithm %d in SA " - "extension header %d\n", + DPRINTF("unknown authentication algorithm %d " + "in SA extension header %d", sadb_sa->sadb_sa_auth, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_sa->sadb_sa_replay > 64) { - DPRINTF(("pfkeyv2_parsemessage: unsupported " - "replay window size %d in SA extension " - "header %d\n", sadb_sa->sadb_sa_replay, - sadb_ext->sadb_ext_type)); + DPRINTF("unsupported replay window size %d " + "in SA extension header %d", + sadb_sa->sadb_sa_replay, + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -436,16 +435,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case SADB_X_EXT_FLOW_TYPE: case SADB_X_EXT_SATYPE2: if (i != sizeof(struct sadb_protocol)) { - DPRINTF(("pfkeyv2_parsemessage: bad PROTOCOL/" - "FLOW/SATYPE2 header length in extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad PROTOCOL/FLOW/SATYPE2 header " + "length in extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; case SADB_X_EXT_POLICY: if (i != sizeof(struct sadb_x_policy)) { - DPRINTF(("pfkeyv2_parsemessage: bad POLICY " - "header length\n")); + DPRINTF("bad POLICY header length"); return (EINVAL); } break; @@ -454,9 +452,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case SADB_EXT_LIFETIME_SOFT: case SADB_X_EXT_LIFETIME_LASTUSE: if (i != sizeof(struct sadb_lifetime)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for LIFETIME extension header " - "%d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad header length for LIFETIME " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; @@ -476,24 +474,24 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) if (i < sizeof(struct sadb_address) + sizeof(struct sockaddr)) { - DPRINTF(("pfkeyv2_parsemessage: bad ADDRESS " - "extension header %d length\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad ADDRESS extension header %d " + "length", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_address->sadb_address_reserved) { - DPRINTF(("pfkeyv2_parsemessage: ADDRESS " - "extension header %d reserved field set\n", - sadb_ext->sadb_ext_type)); + DPRINTF("ADDRESS extension header %d reserved " + "field set", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sa->sa_len && (i != sizeof(struct sadb_address) + PADUP(sa->sa_len))) { - DPRINTF(("pfkeyv2_parsemessage: bad sockaddr " - "length field in ADDRESS extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad sockaddr length field in ADDRESS " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -501,18 +499,16 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case AF_INET: if (sizeof(struct sadb_address) + PADUP(sizeof(struct sockaddr_in)) != i) { - DPRINTF(("pfkeyv2_parsemessage: " - "invalid ADDRESS extension header " - "%d length\n", - sadb_ext->sadb_ext_type)); + DPRINTF("invalid ADDRESS extension " + "header %d length", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sa->sa_len != sizeof(struct sockaddr_in)) { - DPRINTF(("pfkeyv2_parsemessage: bad " - "sockaddr_in length in ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad sockaddr_in length in " + "ADDRESS extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -527,11 +523,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) default: if (((struct sockaddr_in *)sa)->sin_port) { - DPRINTF(("pfkeyv2_parsemessage" - ": port field set in " + DPRINTF("port field set in " "sockaddr_in of ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; @@ -542,12 +537,11 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) bzero(zero, sizeof(zero)); if (bcmp(&((struct sockaddr_in *)sa)->sin_zero, zero, sizeof(zero))) { - DPRINTF(("pfkeyv2_parsemessage" - ": reserved sockaddr_in " + DPRINTF("reserved sockaddr_in " "field non-zero'ed in " "ADDRESS extension header " - "%d\n", - sadb_ext->sadb_ext_type)); + "%d", + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -556,28 +550,25 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case AF_INET6: if (i != sizeof(struct sadb_address) + PADUP(sizeof(struct sockaddr_in6))) { - DPRINTF(("pfkeyv2_parsemessage: " - "invalid sockaddr_in6 length in " - "ADDRESS extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("invalid sockaddr_in6 length " + "in ADDRESS extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sa->sa_len != sizeof(struct sockaddr_in6)) { - DPRINTF(("pfkeyv2_parsemessage: bad " - "sockaddr_in6 length in ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad sockaddr_in6 length in " + "ADDRESS extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (((struct sockaddr_in6 *)sa)->sin6_flowinfo) { - DPRINTF(("pfkeyv2_parsemessage: " - "flowinfo field set in " + DPRINTF("flowinfo field set in " "sockaddr_in6 of ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -592,11 +583,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) default: if (((struct sockaddr_in6 *)sa)->sin6_port) { - DPRINTF(("pfkeyv2_parsemessage" - ": port field set in " + DPRINTF("port field set in " "sockaddr_in6 of ADDRESS " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } break; @@ -608,10 +598,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) SADB_X_SATYPE_TCPSIGNATURE && sa->sa_family == 0) break; - DPRINTF(("pfkeyv2_parsemessage: unknown " - "address family %d in ADDRESS extension " - "header %d\n", - sa->sa_family, sadb_ext->sadb_ext_type)); + DPRINTF("unknown address family %d in ADDRESS " + "extension header %d", + sa->sa_family, sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -622,30 +611,30 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_key *sadb_key = (struct sadb_key *)p; if (i < sizeof(struct sadb_key)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad header length in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (!sadb_key->sadb_key_bits) { - DPRINTF(("pfkeyv2_parsemessage: key length " - "unset in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("key length unset in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (((sadb_key->sadb_key_bits + 63) / 64) * sizeof(uint64_t) != i - sizeof(struct sadb_key)) { - DPRINTF(("pfkeyv2_parsemessage: invalid key " - "length in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("invalid key length in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_key->sadb_key_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved field" - " set in KEY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("reserved field set in KEY extension " + "header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -656,25 +645,24 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_ident *sadb_ident = (struct sadb_ident *)p; if (i < sizeof(struct sadb_ident)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length of IDENTITY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("bad header length of IDENTITY " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { - DPRINTF(("pfkeyv2_parsemessage: unknown " - "identity type %d in IDENTITY extension " - "header %d\n", + DPRINTF("unknown identity type %d in IDENTITY " + "extension header %d", sadb_ident->sadb_ident_type, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_ident->sadb_ident_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved " - "field set in IDENTITY extension header " - "%d\n", sadb_ext->sadb_ext_type)); + DPRINTF("reserved field set in IDENTITY " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -684,10 +672,9 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) int j; if (*(char *)(p + i - 1)) { - DPRINTF(("pfkeyv2_parsemessage: non " - "NUL-terminated identity in " - "IDENTITY extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("non NUL-terminated identity " + "in IDENTITY extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -695,11 +682,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) sizeof(struct sadb_ident); if (i != j) { - DPRINTF(("pfkeyv2_parsemessage: actual" - " identity length does not match " - "expected length in identity " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("actual identity length does " + "not match expected length in " + "identity extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } } @@ -710,9 +696,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_sens *sadb_sens = (struct sadb_sens *)p; if (i < sizeof(struct sadb_sens)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for SENSITIVITY extension " - "header\n")); + DPRINTF("bad header length for SENSITIVITY " + "extension header"); return (EINVAL); } @@ -720,9 +705,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) sadb_sens->sadb_sens_integ_len) * sizeof(uint64_t) + sizeof(struct sadb_sens)) { - DPRINTF(("pfkeyv2_parsemessage: bad payload " - "length for SENSITIVITY extension " - "header\n")); + DPRINTF("bad payload length for SENSITIVITY " + "extension header"); return (EINVAL); } } @@ -732,21 +716,19 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) struct sadb_prop *sadb_prop = (struct sadb_prop *)p; if (i < sizeof(struct sadb_prop)) { - DPRINTF(("pfkeyv2_parsemessage: bad PROPOSAL " - "header length\n")); + DPRINTF("bad PROPOSAL header length"); return (EINVAL); } if (sadb_prop->sadb_prop_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved field" - "set in PROPOSAL extension header\n")); + DPRINTF("reserved fieldset in PROPOSAL " + "extension header"); return (EINVAL); } if ((i - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb)) { - DPRINTF(("pfkeyv2_parsemessage: bad proposal " - "length\n")); + DPRINTF("bad proposal length"); return (EINVAL); } @@ -762,28 +744,25 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) j++) { if (sadb_comb->sadb_comb_auth > SADB_AALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage" - ": unknown authentication " - "algorithm %d in " - "PROPOSAL\n", - sadb_comb->sadb_comb_auth)); + DPRINTF("unknown " + "authentication algorithm " + "%d in PROPOSAL", + sadb_comb->sadb_comb_auth); return (EINVAL); } if (sadb_comb->sadb_comb_encrypt > SADB_EALG_MAX) { - DPRINTF(("pfkeyv2_parsemessage" - ": unknown encryption " - "algorithm %d in " - "PROPOSAL\n", - sadb_comb->sadb_comb_encrypt)); + DPRINTF("unknown encryption " + "algorithm %d in PROPOSAL", + sadb_comb-> + sadb_comb_encrypt); return (EINVAL); } if (sadb_comb->sadb_comb_reserved) { - DPRINTF(("pfkeyv2_parsemessage" - ": reserved field set in " - "COMB header\n")); + DPRINTF("reserved field set " + "in COMB header"); return (EINVAL); } } @@ -799,16 +778,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) int j; if (i < sizeof(struct sadb_supported)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length for SUPPORTED extension header " - "%d\n", sadb_ext->sadb_ext_type)); + DPRINTF("bad header length for SUPPORTED " "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_supported->sadb_supported_reserved) { - DPRINTF(("pfkeyv2_parsemessage: reserved " - "field set in SUPPORTED extension " - "header %d\n", sadb_ext->sadb_ext_type)); + DPRINTF("reserved field set in SUPPORTED " + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -827,22 +805,20 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) j < sadb_supported->sadb_supported_len - 1; j++) { if (sadb_alg->sadb_alg_id > max_alg) { - DPRINTF(("pfkeyv2_parsemessage" - ": unknown algorithm %d " + DPRINTF("unknown algorithm %d " "in SUPPORTED extension " - "header %d\n", + "header %d", sadb_alg->sadb_alg_id, - sadb_ext->sadb_ext_type)); + sadb_ext->sadb_ext_type); return (EINVAL); } if (sadb_alg->sadb_alg_reserved) { - DPRINTF(("pfkeyv2_parsemessage" - ": reserved field set in " - "supported algorithms " + DPRINTF("reserved field set " + "in supported algorithms " "header inside SUPPORTED " - "extension header %d\n", - sadb_ext->sadb_ext_type)); + "extension header %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -857,64 +833,56 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) (struct sadb_spirange *)p; if (i != sizeof(struct sadb_spirange)) { - DPRINTF(("pfkeyv2_parsemessage: bad header " - "length of SPIRANGE extension header\n")); + DPRINTF("bad header length of SPIRANGE " + "extension header"); return (EINVAL); } if (sadb_spirange->sadb_spirange_min > sadb_spirange->sadb_spirange_max) { - DPRINTF(("pfkeyv2_parsemessage: bad SPI " - "range\n")); + DPRINTF("bad SPI range"); return (EINVAL); } } break; case SADB_X_EXT_UDPENCAP: if (i != sizeof(struct sadb_x_udpencap)) { - DPRINTF(("pfkeyv2_parsemessage: bad UDPENCAP " - "header length\n")); + DPRINTF("bad UDPENCAP header length"); return (EINVAL); } break; case SADB_X_EXT_RDOMAIN: if (i != sizeof(struct sadb_x_rdomain)) { - DPRINTF(("pfkeyv2_parsemessage: bad RDOMAIN " - "header length\n")); + DPRINTF("bad RDOMAIN header length"); return (EINVAL); } break; #if NPF > 0 case SADB_X_EXT_TAG: if (i < sizeof(struct sadb_x_tag)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAG extension header too small")); + DPRINTF("TAG extension header too small"); return (EINVAL); } if (i > (sizeof(struct sadb_x_tag) + PF_TAG_NAME_SIZE)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAG extension header too long")); + DPRINTF("TAG extension header too long"); return (EINVAL); } break; case SADB_X_EXT_TAP: if (i < sizeof(struct sadb_x_tap)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAP extension header too small")); + DPRINTF("TAP extension header too small"); return (EINVAL); } if (i > sizeof(struct sadb_x_tap)) { - DPRINTF(("pfkeyv2_parsemessage: " - "TAP extension header too long")); + DPRINTF("TAP extension header too long"); return (EINVAL); } break; #endif default: - DPRINTF(("pfkeyv2_parsemessage: unknown extension " - "header type %d\n", - sadb_ext->sadb_ext_type)); + DPRINTF("unknown extension header type %d", + sadb_ext->sadb_ext_type); return (EINVAL); } @@ -924,7 +892,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) } if (left) { - DPRINTF(("pfkeyv2_parsemessage: message too long\n")); + DPRINTF("message too long"); return (EINVAL); } @@ -934,8 +902,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) required = sadb_exts_required_in[sadb_msg->sadb_msg_type]; if ((seen & required) != required) { - DPRINTF(("pfkeyv2_parsemessage: required fields " - "missing\n")); + DPRINTF("required fields missing"); return (EINVAL); } } @@ -944,16 +911,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) case SADB_UPDATE: if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { - DPRINTF(("pfkeyv2_parsemessage: updating non-mature " - "SA prohibited\n")); + DPRINTF("updating non-mature SA prohibited"); return (EINVAL); } break; case SADB_ADD: if (((struct sadb_sa *)headers[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { - DPRINTF(("pfkeyv2_parsemessage: adding non-mature " - "SA prohibited\n")); + DPRINTF("adding non-mature SA prohibited"); return (EINVAL); } break; diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 9be571c0220..7943d5f6207 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.148 2021/07/08 09:22:30 bluhm Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.149 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -71,9 +71,14 @@ #include "bpfilter.h" #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif int ah_massage_headers(struct mbuf **, int, int, int, int); @@ -127,15 +132,14 @@ ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("%s: unsupported authentication algorithm %d" - " specified\n", __func__, ii->ii_authalg)); + DPRINTF("unsupported authentication algorithm %d specified", + ii->ii_authalg); return EINVAL; } if (ii->ii_authkeylen != thash->keysize && thash->keysize != 0) { - DPRINTF(("ah_init(): keylength %d doesn't match algorithm " - "%s keysize (%d)\n", ii->ii_authkeylen, thash->name, - thash->keysize)); + DPRINTF("keylength %d doesn't match algorithm %s keysize (%d)", + ii->ii_authkeylen, thash->name, thash->keysize); return EINVAL; } @@ -143,8 +147,7 @@ ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) tdbp->tdb_authalgxform = thash; tdbp->tdb_rpl = AH_HMAC_INITIAL_RPL; - DPRINTF(("%s: initialized TDB with hash algorithm %s\n", __func__, - thash->name)); + DPRINTF("initialized TDB with hash algorithm %s", thash->name); tdbp->tdb_amxkeylen = ii->ii_authkeylen; tdbp->tdb_amxkey = malloc(tdbp->tdb_amxkeylen, M_XDATA, M_WAITOK); @@ -215,7 +218,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) */ *m0 = m = m_pullup(m, skip); if (m == NULL) { - DPRINTF(("%s: m_pullup() failed\n", __func__)); + DPRINTF("m_pullup() failed"); ahstat_inc(ahs_hdrops); return ENOBUFS; } @@ -233,9 +236,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) for (off = sizeof(struct ip); off < skip;) { if (ptr[off] != IPOPT_EOL && ptr[off] != IPOPT_NOP && off + 1 >= skip) { - DPRINTF(("%s: illegal IPv4 option length for" - " option %d\n", __func__, ptr[off])); - + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -257,10 +260,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) case 0x95: /* RFC1770 */ /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option" - " length for option %d\n", __func__, - ptr[off])); - + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -273,10 +275,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) case IPOPT_SSRR: /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option" - " length for option %d\n", __func__, - ptr[off])); - + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -302,9 +303,9 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) default: /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("%s: illegal IPv4 option" - " length for option %d\n", __func__, - ptr[off])); + DPRINTF("illegal IPv4 option length " + "for option %d", + ptr[off]); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -319,9 +320,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) /* Sanity check. */ if (off > skip) { - DPRINTF(("%s: malformed IPv4 options header\n", - __func__)); - + DPRINTF("malformed IPv4 options header"); ahstat_inc(ahs_hdrops); m_freem(m); return EINVAL; @@ -337,7 +336,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) /* We don't do IPv6 Jumbograms. */ if (ip6.ip6_plen == 0) { - DPRINTF(("%s: unsupported IPv6 jumbogram", __func__)); + DPRINTF("unsupported IPv6 jumbogram"); ahstat_inc(ahs_hdrops); m_freem(m); return EMSGSIZE; @@ -358,7 +357,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) error = m_copyback(m, 0, sizeof(struct ip6_hdr), &ip6, M_NOWAIT); if (error) { - DPRINTF(("%s: m_copyback no memory", __func__)); + DPRINTF("m_copyback no memory"); ahstat_inc(ahs_hdrops); m_freem(m); return error; @@ -370,8 +369,8 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) ptr = malloc(skip - sizeof(struct ip6_hdr), M_XDATA, M_NOWAIT); if (ptr == NULL) { - DPRINTF(("%s: failed to allocate memory" - " for IPv6 headers\n", __func__)); + DPRINTF("failed to allocate " + "memory for IPv6 headers"); ahstat_inc(ahs_hdrops); m_freem(m); return ENOBUFS; @@ -488,8 +487,7 @@ ah_massage_headers(struct mbuf **m0, int af, int skip, int alg, int out) } default: - DPRINTF(("%s: unexpected IPv6 header type %d\n", - __func__, off)); + DPRINTF("unexpected IPv6 header type %d", off); error6: if (alloc) free(ptr, M_XDATA, 0); @@ -556,32 +554,31 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) case 0: /* All's well. */ break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("replay counter wrapped for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_wrap); error = ENOBUFS; goto drop; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("old packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); error = ENOBUFS; goto drop; case 3: - DPRINTF(("%s: duplicate packet received in SA " - "%s/%08x\n", __func__, - ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("duplicate packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); error = ENOBUFS; goto drop; default: - DPRINTF(("%s: bogus value from " - "checkreplaywindow() in SA %s/%08x\n", __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); error = ENOBUFS; goto drop; @@ -590,20 +587,20 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Verify AH header length. */ if (hl * sizeof(u_int32_t) != ahx->authsize + rplen - AH_FLENGTH) { - DPRINTF(("%s: bad authenticator length %ld for packet " - "in SA %s/%08x\n", __func__, hl * sizeof(u_int32_t), + DPRINTF("bad authenticator length %ld for packet in SA %s/%08x", + hl * sizeof(u_int32_t), ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_badauthl); error = EACCES; goto drop; } if (skip + ahx->authsize + rplen > m->m_pkthdr.len) { - DPRINTF(("%s: bad mbuf length %d (expecting %d) " - "for packet in SA %s/%08x\n", __func__, + DPRINTF("bad mbuf length %d (expecting %d) for packet " + "in SA %s/%08x", m->m_pkthdr.len, skip + ahx->authsize + rplen, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_badauthl); error = EACCES; goto drop; @@ -634,8 +631,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", - __func__)); + DPRINTF("failed to acquire crypto descriptors"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; @@ -662,7 +658,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) tc = malloc(sizeof(*tc) + skip + rplen + ahx->authsize, M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; @@ -741,10 +737,9 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Verify authenticator. */ if (timingsafe_bcmp(ptr + skip + rplen, calc, ahx->authsize)) { - DPRINTF(("%s: authentication failed for packet in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); - + DPRINTF("authentication failed for packet in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_badauth); goto baddone; } @@ -768,29 +763,28 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) #endif break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("replay counter wrapped for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_wrap); goto baddone; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("old packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); goto baddone; case 3: - DPRINTF(("%s): duplicate packet received in " - "SA %s/%08x\n", __func__, - ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("duplicate packet received in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); goto baddone; default: - DPRINTF(("%s: bogus value from " - "checkreplaywindow() in SA %s/%08x\n", __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_replay); goto baddone; } @@ -799,9 +793,9 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Record the beginning of the AH header. */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { - DPRINTF(("%s: bad mbuf chain for packet in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + DPRINTF("bad mbuf chain for packet in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_hdrops); goto baddone; } @@ -934,9 +928,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, * manual) keying. */ if ((tdb->tdb_rpl == 0) && (tdb->tdb_wnd > 0)) { - DPRINTF(("%s: SA %s/%08x should have expired\n", __func__, + DPRINTF("SA %s/%08x should have expired", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_wrap); error = EINVAL; goto drop; @@ -948,10 +942,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET: /* Check for IP maximum packet size violations. */ if (rplen + ahx->authsize + m->m_pkthdr.len > IP_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, + DPRINTF("packet in SA %s/%08x got too big", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_toobig); error = EMSGSIZE; goto drop; @@ -962,9 +955,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET6: /* Check for IPv6 maximum packet size violations. */ if (rplen + ahx->authsize + m->m_pkthdr.len > IPV6_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("packet in SA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_toobig); error = EMSGSIZE; goto drop; @@ -973,10 +966,10 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, #endif /* INET6 */ default: - DPRINTF(("%s: unknown/unsupported protocol family %d, " - "SA %s/%08x\n", __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unknown/unsupported protocol family %d, SA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_nopf); error = EPFNOSUPPORT; goto drop; @@ -1026,9 +1019,9 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Inject AH header. */ mi = m_makespace(m, skip, rplen + ahx->authsize, &roff); if (mi == NULL) { - DPRINTF(("%s: failed to inject AH header for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + DPRINTF("failed to inject AH header for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ahstat_inc(ahs_hdrops); error = ENOBUFS; goto drop; @@ -1058,8 +1051,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", - __func__)); + DPRINTF("failed to acquire crypto descriptors"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; @@ -1087,7 +1079,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Allocate IPsec-specific opaque crypto info. */ tc = malloc(sizeof(*tc) + skip, M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ahstat_inc(ahs_crypto); error = ENOBUFS; goto drop; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 948f838bef8..34607dc0b40 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.165 2021/07/08 09:22:30 bluhm Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.166 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -70,9 +70,14 @@ #include "bpfilter.h" #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* @@ -96,8 +101,8 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) int error; if (!ii->ii_encalg && !ii->ii_authalg) { - DPRINTF(("esp_init(): neither authentication nor encryption " - "algorithm given")); + DPRINTF("neither authentication nor encryption algorithm " + "given"); return EINVAL; } @@ -140,22 +145,23 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("esp_init(): unsupported encryption " - "algorithm %d specified\n", ii->ii_encalg)); + DPRINTF("unsupported encryption algorithm %d " + "specified", + ii->ii_encalg); return EINVAL; } if (ii->ii_enckeylen < txform->minkey) { - DPRINTF(("esp_init(): keylength %d too small " - "(min length is %d) for algorithm %s\n", - ii->ii_enckeylen, txform->minkey, txform->name)); + DPRINTF("keylength %d too small (min length is %d) " + "for algorithm %s", + ii->ii_enckeylen, txform->minkey, txform->name); return EINVAL; } if (ii->ii_enckeylen > txform->maxkey) { - DPRINTF(("esp_init(): keylength %d too large " - "(max length is %d) for algorithm %s\n", - ii->ii_enckeylen, txform->maxkey, txform->name)); + DPRINTF("keylength %d too large (max length is %d) " + "for algorithm %s", + ii->ii_enckeylen, txform->maxkey, txform->name); return EINVAL; } @@ -182,8 +188,7 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) tdbp->tdb_encalgxform = txform; - DPRINTF(("esp_init(): initialized TDB with enc algorithm %s\n", - txform->name)); + DPRINTF("initialized TDB with enc algorithm %s", txform->name); tdbp->tdb_ivlen = txform->ivsize; } @@ -231,22 +236,22 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("esp_init(): unsupported authentication " - "algorithm %d specified\n", ii->ii_authalg)); + DPRINTF("unsupported authentication algorithm %d " + "specified", + ii->ii_authalg); return EINVAL; } if (ii->ii_authkeylen != thash->keysize) { - DPRINTF(("esp_init(): keylength %d doesn't match " - "algorithm %s keysize (%d)\n", ii->ii_authkeylen, - thash->name, thash->keysize)); + DPRINTF("keylength %d doesn't match algorithm %s " + "keysize (%d)", + ii->ii_authkeylen, thash->name, thash->keysize); return EINVAL; } tdbp->tdb_authalgxform = thash; - DPRINTF(("esp_init(): initialized TDB with hash algorithm %s\n", - thash->name)); + DPRINTF("initialized TDB with hash algorithm %s", thash->name); } tdbp->tdb_xform = xsp; @@ -354,7 +359,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) alen = esph ? esph->authsize : 0; plen = m->m_pkthdr.len - (skip + hlen + alen); if (plen <= 0) { - DPRINTF(("%s: invalid payload length\n", __func__)); + DPRINTF("invalid payload length"); espstat_inc(esps_badilen); error = EINVAL; goto drop; @@ -366,10 +371,11 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) * block size. */ if (plen & (espx->blocksize - 1)) { - DPRINTF(("%s: payload of %d octets not a multiple of %d" - " octets, SA %s/%08x\n", __func__, - plen, espx->blocksize, ipsp_address(&tdb->tdb_dst, - buf, sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("payload of %d octets not a multiple " + "of %d octets, SA %s/%08x", + plen, espx->blocksize, + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_badilen); error = EINVAL; goto drop; @@ -386,35 +392,31 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) case 0: /* All's well */ break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, + DPRINTF("replay counter wrapped for SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_wrap); error = EACCES; goto drop; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, + DPRINTF("old packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); error = EACCES; goto drop; case 3: - DPRINTF(("%s: duplicate packet received" - " in SA %s/%08x\n", __func__, + DPRINTF("duplicate packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); error = EACCES; goto drop; default: - DPRINTF(("%s: bogus value from" - " checkreplaywindow() in SA %s/%08x\n", - __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); error = EACCES; goto drop; @@ -446,7 +448,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Get crypto descriptors */ crp = crypto_getreq(esph && espx ? 2 : 1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); + DPRINTF("failed to acquire crypto descriptors"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; @@ -458,7 +460,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) else tc = malloc(sizeof(*tc) + alen, M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; @@ -570,10 +572,10 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Verify authenticator */ if (timingsafe_bcmp(ptr, aalg, esph->authsize)) { - DPRINTF(("%s: authentication " - "failed for packet in SA %s/%08x\n", __func__, - ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("authentication failed for packet " + "in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_badauth); goto baddone; } @@ -596,31 +598,28 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) break; case 1: - DPRINTF(("%s: replay counter wrapped for SA %s/%08x\n", - __func__, + DPRINTF("replay counter wrapped for SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_wrap); goto baddone; case 2: - DPRINTF(("%s: old packet received in SA %s/%08x\n", - __func__, + DPRINTF("old packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); goto baddone; case 3: - DPRINTF(("%s: duplicate packet received" - " in SA %s/%08x\n", __func__, + DPRINTF("duplicate packet received in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); goto baddone; default: - DPRINTF(("%s: bogus value from" - " checkreplaywindow() in SA %s/%08x\n", __func__, + DPRINTF("bogus value from checkreplaywindow() " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_replay); goto baddone; } @@ -632,9 +631,9 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Find beginning of ESP header */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { - DPRINTF(("%s: bad mbuf chain, SA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); goto baddone; } @@ -701,19 +700,19 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) /* Verify pad length */ if (lastthree[1] + 2 > m->m_pkthdr.len - skip) { - DPRINTF(("%s: invalid padding length %d for packet in " - "SA %s/%08x\n", __func__, lastthree[1], + DPRINTF("invalid padding length %d for packet in SA %s/%08x", + lastthree[1], ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_badilen); goto baddone; } /* Verify correct decryption by checking the last padding bytes */ if ((lastthree[1] != lastthree[0]) && (lastthree[1] != 0)) { - DPRINTF(("%s: decryption failed for packet in SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("decryption failed for packet in SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_badenc); goto baddone; } @@ -799,10 +798,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET: /* Check for IP maximum packet size violations. */ if (skip + hlen + rlen + padding + alen > IP_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), - ntohl(tdb->tdb_spi))); + DPRINTF("packet in SA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_toobig); error = EMSGSIZE; goto drop; @@ -813,9 +811,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET6: /* Check for IPv6 maximum packet size violations. */ if (skip + hlen + rlen + padding + alen > IPV6_MAXPACKET) { - DPRINTF(("%s: packet in SA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("acket in SA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_toobig); error = EMSGSIZE; goto drop; @@ -824,10 +822,10 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, #endif /* INET6 */ default: - DPRINTF(("%s: unknown/unsupported protocol family %d, " - "SA %s/%08x\n", __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unknown/unsupported protocol family %d, SA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_nopf); error = EPFNOSUPPORT; goto drop; @@ -865,9 +863,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct mbuf *n = m_dup_pkt(m, 0, M_DONTWAIT); if (n == NULL) { - DPRINTF(("%s: bad mbuf chain, SA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); error = ENOBUFS; goto drop; @@ -880,9 +878,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Inject ESP header. */ mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { - DPRINTF(("%s: failed to inject ESP header for SA %s/%08x\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("failed to inject ESP header for SA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); error = ENOBUFS; goto drop; @@ -906,9 +904,9 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, */ mo = m_makespace(m, m->m_pkthdr.len, padding + alen, &roff); if (mo == NULL) { - DPRINTF(("%s: m_makespace() failed for SA %s/%08x\n", __func__, + DPRINTF("m_makespace() failed for SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); espstat_inc(esps_hdrops); error = ENOBUFS; goto drop; @@ -930,8 +928,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Get crypto descriptors. */ crp = crypto_getreq(esph && espx ? 2 : 1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", - __func__)); + DPRINTF("failed to acquire crypto descriptors"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; @@ -970,7 +967,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* IPsec-specific opaque crypto info. */ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); espstat_inc(esps_crypto); error = ENOBUFS; goto drop; diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 8540694dcb5..5f9433fd5bd 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.69 2021/07/08 09:22:30 bluhm Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.70 2021/07/08 15:13:14 bluhm Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -57,9 +57,14 @@ #include "bpfilter.h" #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* @@ -90,15 +95,14 @@ ipcomp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) break; default: - DPRINTF(("%s: unsupported compression algorithm %d specified\n", - __func__, ii->ii_compalg)); + DPRINTF("unsupported compression algorithm %d specified", + ii->ii_compalg); return EINVAL; } tdbp->tdb_compalgxform = tcomp; - DPRINTF(("%s: initialized TDB with ipcomp algorithm %s\n", __func__, - tcomp->name)); + DPRINTF("initialized TDB with ipcomp algorithm %s", tcomp->name); tdbp->tdb_xform = xsp; @@ -146,7 +150,7 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) crp = crypto_getreq(1); if (crp == NULL) { m_freem(m); - DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); + DPRINTF("failed to acquire crypto descriptors"); ipcompstat_inc(ipcomps_crypto); return ENOBUFS; } @@ -155,7 +159,7 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) if (tc == NULL) { m_freem(m); crypto_freereq(crp); - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ipcompstat_inc(ipcomps_crypto); return ENOBUFS; } @@ -239,9 +243,9 @@ ipcomp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen /* Find the beginning of the IPCOMP header */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { - DPRINTF(("%s: bad mbuf chain, IPCA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, IPCA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_hdrops); goto baddone; } @@ -362,9 +366,9 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, * worry */ if (m->m_pkthdr.len + hlen > IP_MAXPACKET) { - DPRINTF(("%s: packet in IPCA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("packet in IPCA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_toobig); error = EMSGSIZE; goto drop; @@ -375,9 +379,9 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, case AF_INET6: /* Check for IPv6 maximum packet size violations */ if (m->m_pkthdr.len + hlen > IPV6_MAXPACKET) { - DPRINTF(("%s: packet in IPCA %s/%08x got too big\n", - __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("packet in IPCA %s/%08x got too big", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_toobig); error = EMSGSIZE; goto drop; @@ -386,10 +390,10 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, #endif /* INET6 */ default: - DPRINTF(("%s: unknown/unsupported protocol family %d, " - "IPCA %s/%08x\n", __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unknown/unsupported protocol family %d, IPCA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_nopf); error = EPFNOSUPPORT; goto drop; @@ -426,9 +430,9 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct mbuf *n = m_dup_pkt(m, 0, M_DONTWAIT); if (n == NULL) { - DPRINTF(("%s: bad mbuf chain, IPCA %s/%08x\n", __func__, + DPRINTF("bad mbuf chain, IPCA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_hdrops); error = ENOBUFS; goto drop; @@ -442,7 +446,7 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* Get crypto descriptors */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("%s: failed to acquire crypto descriptors\n", __func__)); + DPRINTF("failed to acquire crypto descriptors"); ipcompstat_inc(ipcomps_crypto); error = ENOBUFS; goto drop; @@ -461,7 +465,7 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, /* IPsec-specific opaque crypto info */ tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT | M_ZERO); if (tc == NULL) { - DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); + DPRINTF("failed to allocate tdb_crypto"); ipcompstat_inc(ipcomps_crypto); error = ENOBUFS; goto drop; @@ -524,9 +528,9 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, /* Inject IPCOMP header */ mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff); if (mo == NULL) { - DPRINTF(("%s: failed to inject IPCOMP header for " - "IPCA %s/%08x\n", __func__, ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi))); + DPRINTF("ailed to inject IPCOMP header for IPCA %s/%08x", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_wrap); goto baddone; } @@ -552,10 +556,10 @@ ipcomp_output_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, break; #endif default: - DPRINTF(("%s: unsupported protocol family %d, IPCA %s/%08x\n", - __func__, tdb->tdb_dst.sa.sa_family, + DPRINTF("unsupported protocol family %d, IPCA %s/%08x", + tdb->tdb_dst.sa.sa_family, ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipcompstat_inc(ipcomps_nopf); goto baddone; } diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index 831c3e4e666..c3c261f7566 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.91 2021/07/07 18:03:46 bluhm Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.92 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -72,9 +72,14 @@ #endif #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* @@ -101,7 +106,7 @@ ipip_input(struct mbuf **mp, int *offp, int nxt, int af) /* If we do not accept IP-in-IP explicitly, drop. */ if (!ipip_allow && ((*mp)->m_flags & (M_AUTH|M_CONF)) == 0) { - DPRINTF(("%s: dropped due to policy\n", __func__)); + DPRINTF("dropped due to policy"); ipipstat_inc(ipips_pdrops); m_freemp(mp); return IPPROTO_DONE; @@ -159,7 +164,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, /* Bring the IP header in the first mbuf, if not there already */ if (m->m_len < hlen) { if ((m = *mp = m_pullup(m, hlen)) == NULL) { - DPRINTF(("%s: m_pullup() failed\n", __func__)); + DPRINTF("m_pullup() failed"); ipipstat_inc(ipips_hdrops); goto bad; } @@ -214,7 +219,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, */ if (m->m_len < hlen) { if ((m = *mp = m_pullup(m, hlen)) == NULL) { - DPRINTF(("%s: m_pullup() failed\n", __func__)); + DPRINTF("m_pullup() failed"); ipipstat_inc(ipips_hdrops); goto bad; } @@ -240,7 +245,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, mode = m->m_flags & (M_AUTH|M_CONF) ? ECN_ALLOWED_IPSEC : ECN_ALLOWED; if (!ip_ecn_egress(mode, &otos, &itos)) { - DPRINTF(("%s: ip_ecn_egress() failed\n", __func__)); + DPRINTF("ip_ecn_egress() failed"); ipipstat_inc(ipips_pdrops); goto bad; } @@ -254,7 +259,7 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, ip6 = mtod(m, struct ip6_hdr *); itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; if (!ip_ecn_egress(ECN_ALLOWED, &otos, &itos)) { - DPRINTF(("%s: ip_ecn_egress() failed\n", __func__)); + DPRINTF("ip_ecn_egress() failed"); ipipstat_inc(ipips_pdrops); goto bad; } @@ -350,10 +355,10 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, tdb->tdb_src.sin.sin_addr.s_addr == INADDR_ANY || tdb->tdb_dst.sin.sin_addr.s_addr == INADDR_ANY) { - DPRINTF(("%s: unspecified tunnel endpoind " - "address in SA %s/%08x\n", __func__, + DPRINTF("unspecified tunnel endpoind address " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipipstat_inc(ipips_unspec); m_freem(m); @@ -363,7 +368,7 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); if (m == NULL) { - DPRINTF(("%s: M_PREPEND failed\n", __func__)); + DPRINTF("M_PREPEND failed"); ipipstat_inc(ipips_hdrops); *mp = NULL; return ENOBUFS; @@ -436,10 +441,10 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, tdb->tdb_src.sa.sa_family != AF_INET6 || IN6_IS_ADDR_UNSPECIFIED(&tdb->tdb_src.sin6.sin6_addr)) { - DPRINTF(("%s: unspecified tunnel endpoind " - "address in SA %s/%08x\n", __func__, + DPRINTF("unspecified tunnel endpoind address " + "in SA %s/%08x", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), - ntohl(tdb->tdb_spi))); + ntohl(tdb->tdb_spi)); ipipstat_inc(ipips_unspec); m_freem(m); @@ -459,7 +464,7 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == NULL) { - DPRINTF(("%s: M_PREPEND failed\n", __func__)); + DPRINTF("M_PREPEND failed"); ipipstat_inc(ipips_hdrops); *mp = NULL; return ENOBUFS; @@ -509,8 +514,8 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, #endif /* INET6 */ default: - DPRINTF(("%s: unsupported protocol family %d\n", __func__, - tdb->tdb_dst.sa.sa_family)); + DPRINTF("unsupported protocol family %d", + tdb->tdb_dst.sa.sa_family); m_freem(m); *mp = NULL; ipipstat_inc(ipips_family); @@ -565,7 +570,7 @@ int ipe4_input(struct mbuf *m, struct tdb *tdb, int hlen, int proto) { /* This is a rather serious mistake, so no conditional printing. */ - printf("ipe4_input(): should never be called\n"); + printf("%s: should never be called\n", __func__); m_freem(m); return EINVAL; } diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 4d40e61a92d..5c4cf2f9efe 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.238 2021/03/10 10:21:49 jsg Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.239 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -74,9 +74,14 @@ void tdb_hashstats(void); #endif #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif void tdb_rehash(void); @@ -910,9 +915,10 @@ tdb_init(struct tdb *tdbp, u_int16_t alg, struct ipsecinit *ii) } } - DPRINTF(("%s: no alg %d for spi %08x, addr %s, proto %d\n", __func__, - alg, ntohl(tdbp->tdb_spi), ipsp_address(&tdbp->tdb_dst, buf, - sizeof(buf)), tdbp->tdb_sproto)); + DPRINTF("no alg %d for spi %08x, addr %s, proto %d", + alg, ntohl(tdbp->tdb_spi), + ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)), + tdbp->tdb_sproto); return EINVAL; } @@ -983,8 +989,8 @@ ipsp_ids_insert(struct ipsec_ids *ids) /* if refcount was zero, then timeout is running */ if (found->id_refcount++ == 0) timeout_del(&found->id_timeout); - DPRINTF(("%s: ids %p count %d\n", __func__, - found, found->id_refcount)); + DPRINTF("ids %p count %d", + found, found->id_refcount); return found; } ids->id_flow = start_flow = ipsec_ids_next_flow; @@ -995,13 +1001,13 @@ ipsp_ids_insert(struct ipsec_ids *ids) if (++ipsec_ids_next_flow == 0) ipsec_ids_next_flow = 1; if (ipsec_ids_next_flow == start_flow) { - DPRINTF(("ipsec_ids_next_flow exhausted %u\n", - ipsec_ids_next_flow)); + DPRINTF("psec_ids_next_flow exhausted %u", + ipsec_ids_next_flow); return NULL; } } ids->id_refcount = 1; - DPRINTF(("%s: new ids %p flow %u\n", __func__, ids, ids->id_flow)); + DPRINTF("new ids %p flow %u", ids, ids->id_flow); timeout_set_proc(&ids->id_timeout, ipsp_ids_timeout, ids); return ids; } @@ -1023,7 +1029,7 @@ ipsp_ids_timeout(void *arg) { struct ipsec_ids *ids = arg; - DPRINTF(("%s: ids %p count %d\n", __func__, ids, ids->id_refcount)); + DPRINTF("ids %p count %d", ids, ids->id_refcount); KASSERT(ids->id_refcount == 0); NET_LOCK(); @@ -1043,7 +1049,7 @@ ipsp_ids_free(struct ipsec_ids *ids) * If the refcount becomes zero, then a timeout is started. This * timeout must be cancelled if refcount is increased from zero. */ - DPRINTF(("%s: ids %p count %d\n", __func__, ids, ids->id_refcount)); + DPRINTF("ids %p count %d", ids, ids->id_refcount); KASSERT(ids->id_refcount > 0); if (--ids->id_refcount == 0) timeout_add_sec(&ids->id_timeout, ipsec_ids_idle); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 396caa3ea13..e9fd37635fe 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.371 2021/05/12 08:09:33 mvs Exp $ */ +/* $OpenBSD: ip_output.c,v 1.372 2021/07/08 15:13:14 bluhm Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -66,9 +66,14 @@ #ifdef IPSEC #ifdef ENCDEBUG -#define DPRINTF(x) do { if (encdebug) printf x ; } while (0) +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif #endif /* IPSEC */ @@ -611,8 +616,8 @@ ip_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route *ro, int fwd) m->m_pkthdr.ph_rtableid, 1); rt_mtucloned = 1; } - DPRINTF(("%s: spi %08x mtu %d rt %p cloned %d\n", __func__, - ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned)); + DPRINTF("spi %08x mtu %d rt %p cloned %d", + ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned); if (rt != NULL) { rt->rt_mtu = tdb->tdb_mtu; if (ro != NULL && ro->ro_rt != NULL) { diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 414830c4653..0c6bdeaa994 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.174 2021/06/18 15:34:21 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.175 2021/07/08 15:13:14 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -85,9 +85,14 @@ void ipsec_common_ctlinput(u_int, int, struct sockaddr *, void *, int); #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif /* sysctl variables */ @@ -199,20 +204,20 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, IPSEC_ISTAT(esps_input, ahs_input, ipcomps_input); if (m == NULL) { - DPRINTF(("%s: NULL packet received\n", __func__)); + DPRINTF("NULL packet received"); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return EINVAL; } if ((sproto == IPPROTO_IPCOMP) && (m->m_flags & M_COMP)) { - DPRINTF(("%s: repeated decompression\n", __func__)); + DPRINTF("repeated decompression"); ipcompstat_inc(ipcomps_pdrops); error = EINVAL; goto drop; } if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t)) { - DPRINTF(("%s: packet too small\n", __func__)); + DPRINTF("packet too small"); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); error = EINVAL; goto drop; @@ -266,7 +271,7 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, #endif /* INET6 */ default: - DPRINTF(("%s: unsupported protocol family %d\n", __func__, af)); + DPRINTF("unsupported protocol family %d", af); IPSEC_ISTAT(esps_nopf, ahs_nopf, ipcomps_nopf); error = EPFNOSUPPORT; goto drop; @@ -275,45 +280,44 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, tdbp = gettdb(rtable_l2(m->m_pkthdr.ph_rtableid), spi, &dst_address, sproto); if (tdbp == NULL) { - DPRINTF(("%s: could not find SA for packet to %s, spi %08x\n", - __func__, - ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi))); + DPRINTF("could not find SA for packet to %s, spi %08x", + ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi)); IPSEC_ISTAT(esps_notdb, ahs_notdb, ipcomps_notdb); error = ENOENT; goto drop; } if (tdbp->tdb_flags & TDBF_INVALID) { - DPRINTF(("%s: attempted to use invalid SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use invalid SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); IPSEC_ISTAT(esps_invalid, ahs_invalid, ipcomps_invalid); error = EINVAL; goto drop; } if (udpencap && !(tdbp->tdb_flags & TDBF_UDPENCAP)) { - DPRINTF(("%s: attempted to use non-udpencap SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use non-udpencap SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); espstat_inc(esps_udpinval); error = EINVAL; goto drop; } if (!udpencap && (tdbp->tdb_flags & TDBF_UDPENCAP)) { - DPRINTF(("%s: attempted to use udpencap SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use udpencap SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); espstat_inc(esps_udpneeded); error = EINVAL; goto drop; } if (tdbp->tdb_xform == NULL) { - DPRINTF(("%s: attempted to use uninitialized SA %s/%08x/%u\n", - __func__, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("attempted to use uninitialized SA %s/%08x/%u", + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); IPSEC_ISTAT(esps_noxform, ahs_noxform, ipcomps_noxform); error = ENXIO; goto drop; @@ -322,10 +326,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto, if (sproto != IPPROTO_IPCOMP) { if ((encif = enc_getif(tdbp->tdb_rdomain_post, tdbp->tdb_tap)) == NULL) { - DPRINTF(("%s: no enc%u interface for SA %s/%08x/%u\n", - __func__, - tdbp->tdb_tap, ipsp_address(&dst_address, buf, - sizeof(buf)), ntohl(spi), tdbp->tdb_sproto)); + DPRINTF("no enc%u interface for SA %s/%08x/%u", + tdbp->tdb_tap, + ipsp_address(&dst_address, buf, sizeof(buf)), + ntohl(spi), tdbp->tdb_sproto); IPSEC_ISTAT(esps_pdrops, ahs_pdrops, ipcomps_pdrops); error = EACCES; goto drop; @@ -379,7 +383,7 @@ ipsec_input_cb(struct cryptop *crp) KERNEL_ASSERT_LOCKED(); if (m == NULL) { - DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); + DPRINTF("bogus returned buffer from crypto"); ipsecstat_inc(ipsec_crypto); goto droponly; } @@ -388,7 +392,7 @@ ipsec_input_cb(struct cryptop *crp) NET_LOCK(); tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto); if (tdb == NULL) { - DPRINTF(("%s: TDB is expired while in crypto", __func__)); + DPRINTF("TDB is expired while in crypto"); ipsecstat_inc(ipsec_notdb); goto baddone; } @@ -403,7 +407,7 @@ ipsec_input_cb(struct cryptop *crp) crypto_dispatch(crp); return; } - DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); + DPRINTF("crypto error %d", crp->crp_etype); ipsecstat_inc(ipsec_noxform); goto baddone; } @@ -488,9 +492,9 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) /* Fix IPv4 header */ if (af == AF_INET) { if ((m->m_len < skip) && ((m = m_pullup(m, skip)) == NULL)) { - DPRINTF(("%s: processing failed for SA %s/%08x\n", - __func__, ipsp_address(&tdbp->tdb_dst, - buf, sizeof(buf)), ntohl(tdbp->tdb_spi))); + DPRINTF("processing failed for SA %s/%08x", + ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)), + ntohl(tdbp->tdb_spi)); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return -1; } @@ -537,10 +541,9 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) if (m->m_len < sizeof(struct ip6_hdr) && (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { - DPRINTF(("%s: processing failed for SA %s/%08x\n", - __func__, ipsp_address(&tdbp->tdb_dst, - buf, sizeof(buf)), ntohl(tdbp->tdb_spi))); - + DPRINTF("processing failed for SA %s/%08x", + ipsp_address(&tdbp->tdb_dst, buf, sizeof(buf)), + ntohl(tdbp->tdb_spi)); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return -1; } @@ -640,7 +643,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { m_freem(m); - DPRINTF(("%s: failed to get tag\n", __func__)); + DPRINTF("failed to get tag"); IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); return -1; } @@ -998,9 +1001,8 @@ ipsec_common_ctlinput(u_int rdomain, int cmd, struct sockaddr *sa, tdbp->tdb_mtu = mtu; tdbp->tdb_mtutimeout = gettime() + ip_mtudisc_timeout; - DPRINTF(("%s: spi %08x mtu %d adjust %ld\n", __func__, - ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, - adjust)); + DPRINTF("spi %08x mtu %d adjust %ld", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, adjust); } } } @@ -1053,10 +1055,9 @@ udpencap_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) tdbp->tdb_mtu = mtu - adjust; tdbp->tdb_mtutimeout = gettime() + ip_mtudisc_timeout; - DPRINTF(("%s: spi %08x mtu %d adjust %ld\n", - __func__, + DPRINTF("spi %08x mtu %d adjust %ld", ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, - adjust)); + adjust); } } } @@ -1089,7 +1090,7 @@ ah6_input(struct mbuf **mp, int *offp, int proto, int af) return rip6_input(mp, offp, proto, af); if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("%s: bad offset\n", __func__)); + DPRINTF("bad offset"); ahstat_inc(ahs_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1119,7 +1120,7 @@ ah6_input(struct mbuf **mp, int *offp, int proto, int af) /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("%s: bad packet header chain\n", __func__)); + DPRINTF("bad packet header chain"); ahstat_inc(ahs_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1146,7 +1147,7 @@ esp6_input(struct mbuf **mp, int *offp, int proto, int af) return rip6_input(mp, offp, proto, af); if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("%s: bad offset\n", __func__)); + DPRINTF("bad offset"); espstat_inc(esps_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1176,7 +1177,7 @@ esp6_input(struct mbuf **mp, int *offp, int proto, int af) /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("%s: bad packet header chain\n", __func__)); + DPRINTF("bad packet header chain"); espstat_inc(esps_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1204,7 +1205,7 @@ ipcomp6_input(struct mbuf **mp, int *offp, int proto, int af) return rip6_input(mp, offp, proto, af); if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("%s: bad offset\n", __func__)); + DPRINTF("bad offset"); ipcompstat_inc(ipcomps_hdrops); m_freemp(mp); return IPPROTO_DONE; @@ -1233,7 +1234,7 @@ ipcomp6_input(struct mbuf **mp, int *offp, int proto, int af) /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("%s: bad packet header chain\n", __func__)); + DPRINTF("bad packet header chain"); ipcompstat_inc(ipcomps_hdrops); m_freemp(mp); return IPPROTO_DONE; diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index dcae758d3c0..a1f1616addd 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.81 2021/07/07 18:03:46 bluhm Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.82 2021/07/08 15:13:14 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -51,9 +51,14 @@ #include #ifdef ENCDEBUG -#define DPRINTF(x) if (encdebug) printf x +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif int udpencap_enable = 1; /* enabled by default */ @@ -89,24 +94,24 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) if ((tdb->tdb_sproto == IPPROTO_ESP && !esp_enable) || (tdb->tdb_sproto == IPPROTO_AH && !ah_enable) || (tdb->tdb_sproto == IPPROTO_IPCOMP && !ipcomp_enable)) { - DPRINTF(("ipsp_process_packet(): IPsec outbound packet " - "dropped due to policy (check your sysctls)\n")); + DPRINTF("IPsec outbound packet dropped due to policy " + "(check your sysctls)"); error = EHOSTUNREACH; goto drop; } /* Sanity check. */ if (!tdb->tdb_xform) { - DPRINTF(("%s: uninitialized TDB\n", __func__)); + DPRINTF("uninitialized TDB"); error = EHOSTUNREACH; goto drop; } /* Check if the SPI is invalid. */ if (tdb->tdb_flags & TDBF_INVALID) { - DPRINTF(("ipsp_process_packet(): attempt to use invalid " - "SA %s/%08x/%u\n", ipsp_address(&tdb->tdb_dst, buf, - sizeof(buf)), ntohl(tdb->tdb_spi), tdb->tdb_sproto)); + DPRINTF("attempt to use invalid SA %s/%08x/%u", + ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), + ntohl(tdb->tdb_spi), tdb->tdb_sproto); error = ENXIO; goto drop; } @@ -122,11 +127,10 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) #endif /* INET6 */ default: - DPRINTF(("ipsp_process_packet(): attempt to use " - "SA %s/%08x/%u for protocol family %d\n", + DPRINTF("attempt to use SA %s/%08x/%u for protocol family %d", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), ntohl(tdb->tdb_spi), tdb->tdb_sproto, - tdb->tdb_dst.sa.sa_family)); + tdb->tdb_dst.sa.sa_family); error = ENXIO; goto drop; } @@ -394,7 +398,7 @@ ipsec_output_cb(struct cryptop *crp) KERNEL_ASSERT_LOCKED(); if (m == NULL) { - DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); + DPRINTF("bogus returned buffer from crypto"); ipsecstat_inc(ipsec_crypto); goto droponly; } @@ -402,7 +406,7 @@ ipsec_output_cb(struct cryptop *crp) NET_LOCK(); tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto); if (tdb == NULL) { - DPRINTF(("%s: TDB is expired while in crypto\n", __func__)); + DPRINTF("TDB is expired while in crypto"); ipsecstat_inc(ipsec_notdb); goto baddone; } @@ -417,7 +421,7 @@ ipsec_output_cb(struct cryptop *crp) crypto_dispatch(crp); return; } - DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); + DPRINTF("crypto error %d", crp->crp_etype); ipsecstat_inc(ipsec_noxform); goto baddone; } @@ -498,8 +502,8 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) break; #endif /* INET6 */ default: - DPRINTF(("ipsp_process_done(): unknown protocol family " - "(%d)\n", tdb->tdb_dst.sa.sa_family)); + DPRINTF("unknown protocol family (%d)", + tdb->tdb_dst.sa.sa_family); error = ENXIO; goto drop; } @@ -552,8 +556,8 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) #endif /* INET6 */ default: - DPRINTF(("ipsp_process_done(): unknown protocol family (%d)\n", - tdb->tdb_dst.sa.sa_family)); + DPRINTF("unknown protocol family (%d)", + tdb->tdb_dst.sa.sa_family); error = ENXIO; goto drop; } @@ -565,8 +569,7 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsp_process_done(): could not allocate packet " - "tag\n")); + DPRINTF("could not allocate packet tag"); error = ENOMEM; goto drop; } @@ -701,9 +704,7 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32_t mtu) mtu -= adjust; tdbp->tdb_mtu = mtu; tdbp->tdb_mtutimeout = gettime() + ip_mtudisc_timeout; - DPRINTF(("ipsec_adjust_mtu: " - "spi %08x mtu %d adjust %ld mbuf %p\n", - ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, - adjust, m)); + DPRINTF("spi %08x mtu %d adjust %ld mbuf %p", + ntohl(tdbp->tdb_spi), tdbp->tdb_mtu, adjust, m); } } diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index e11ac43961b..bf7975336db 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.257 2021/05/12 08:09:33 mvs Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.258 2021/07/08 15:13:14 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -108,9 +108,14 @@ #include #ifdef ENCDEBUG -#define DPRINTF(x) do { if (encdebug) printf x ; } while (0) +#define DPRINTF(fmt, args...) \ + do { \ + if (encdebug) \ + printf("%s: " fmt "\n", __func__, ## args); \ + } while (0) #else -#define DPRINTF(x) +#define DPRINTF(fmt, args...) \ + do { } while (0) #endif #endif /* IPSEC */ @@ -2837,8 +2842,8 @@ ip6_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route_in6 *ro, m->m_pkthdr.ph_rtableid, 1); rt_mtucloned = 1; } - DPRINTF(("%s: spi %08x mtu %d rt %p cloned %d\n", __func__, - ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned)); + DPRINTF("spi %08x mtu %d rt %p cloned %d", + ntohl(tdb->tdb_spi), tdb->tdb_mtu, rt, rt_mtucloned); if (rt != NULL) { rt->rt_mtu = tdb->tdb_mtu; if (ro != NULL && ro->ro_rt != NULL) { -- 2.20.1