svn commit: r222845 - in head/sys: netinet netinet6
Bjoern A. Zeeb
bz at FreeBSD.org
Wed Jun 8 03:02:12 UTC 2011
Author: bz
Date: Wed Jun 8 03:02:11 2011
New Revision: 222845
URL: http://svn.freebsd.org/changeset/base/222845
Log:
Correct comments and debug logging in ipsec to better match reality.
MFC after: 3 days
Modified:
head/sys/netinet/ip_input.c
head/sys/netinet/ip_ipsec.c
head/sys/netinet6/ip6_ipsec.c
Modified: head/sys/netinet/ip_input.c
==============================================================================
--- head/sys/netinet/ip_input.c Wed Jun 8 01:28:46 2011 (r222844)
+++ head/sys/netinet/ip_input.c Wed Jun 8 03:02:11 2011 (r222845)
@@ -488,7 +488,7 @@ tooshort:
}
#ifdef IPSEC
/*
- * Bypass packet filtering for packets from a tunnel (gif).
+ * Bypass packet filtering for packets previously handled by IPsec.
*/
if (ip_ipsec_filtertunnel(m))
goto passin;
Modified: head/sys/netinet/ip_ipsec.c
==============================================================================
--- head/sys/netinet/ip_ipsec.c Wed Jun 8 01:28:46 2011 (r222844)
+++ head/sys/netinet/ip_ipsec.c Wed Jun 8 03:02:11 2011 (r222845)
@@ -95,7 +95,7 @@ ip_ipsec_filtertunnel(struct mbuf *m)
#if defined(IPSEC)
/*
- * Bypass packet filtering for packets from a tunnel.
+ * Bypass packet filtering for packets previously handled by IPsec.
*/
if (!V_ip4_ipsec_filtertunnel &&
m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
Modified: head/sys/netinet6/ip6_ipsec.c
==============================================================================
--- head/sys/netinet6/ip6_ipsec.c Wed Jun 8 01:28:46 2011 (r222844)
+++ head/sys/netinet6/ip6_ipsec.c Wed Jun 8 03:02:11 2011 (r222845)
@@ -97,7 +97,7 @@ SYSCTL_VNET_INT(_net_inet6_ipsec6, OID_A
/*
* Check if we have to jump over firewall processing for this packet.
- * Called from ip_input().
+ * Called from ip6_input().
* 1 = jump over firewall, 0 = packet goes through firewall.
*/
int
@@ -106,7 +106,7 @@ ip6_ipsec_filtertunnel(struct mbuf *m)
#if defined(IPSEC)
/*
- * Bypass packet filtering for packets from a tunnel.
+ * Bypass packet filtering for packets previously handled by IPsec.
*/
if (!V_ip6_ipsec6_filtertunnel &&
m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) != NULL)
@@ -118,7 +118,7 @@ ip6_ipsec_filtertunnel(struct mbuf *m)
/*
* Check if this packet has an active SA and needs to be dropped instead
* of forwarded.
- * Called from ip_input().
+ * Called from ip6_input().
* 1 = drop packet, 0 = forward packet.
*/
int
@@ -141,7 +141,7 @@ ip6_ipsec_fwd(struct mbuf *m)
if (sp == NULL) { /* NB: can happen if error */
splx(s);
/*XXX error stat???*/
- DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/
+ DPRINTF(("%s: no SP for forwarding\n", __func__)); /*XXX*/
return 1;
}
@@ -163,7 +163,7 @@ ip6_ipsec_fwd(struct mbuf *m)
* Check if protocol type doesn't have a further header and do IPSEC
* decryption or reject right now. Protocols with further headers get
* their IPSEC treatment within the protocol specific processing.
- * Called from ip_input().
+ * Called from ip6_input().
* 1 = drop packet, 0 = continue processing packet.
*/
int
@@ -206,7 +206,7 @@ ip6_ipsec_input(struct mbuf *m, int nxt)
} else {
/* XXX error stat??? */
error = EINVAL;
- DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/
+ DPRINTF(("%s: no SP, packet discarded\n", __func__));/*XXX*/
return 1;
}
splx(s);
More information about the svn-src-head
mailing list