PERFORCE change 38496 for review
Sam Leffler
sam at FreeBSD.org
Tue Sep 23 14:22:23 PDT 2003
http://perforce.freebsd.org/chv.cgi?CH=38496
Change 38496 by sam at sam_ebb on 2003/09/23 14:22:05
First pass cleanup sweep and netbsd diff reduction:
o add ipsec_osdep.h that holds os-specific definitions for portability
o s/KASSERT/IPSEC_ASSERT/ for portability
o s/SPLASSERT/IPSEC_SPLASSERT/ for portability
o remove function names from ASSERT strings since line#+file pinpints
the location
o use __func__ uniformly to reduce string storage
o convert some random #ifdef DIAGNOSTIC code to assertions
o remove some debuggging assertions no longer needed
Affected files ...
.. //depot/projects/netperf/sys/netipsec/ipcomp.h#2 edit
.. //depot/projects/netperf/sys/netipsec/ipsec.c#4 edit
.. //depot/projects/netperf/sys/netipsec/ipsec.h#4 edit
.. //depot/projects/netperf/sys/netipsec/ipsec_input.c#5 edit
.. //depot/projects/netperf/sys/netipsec/ipsec_mbuf.c#2 edit
.. //depot/projects/netperf/sys/netipsec/ipsec_osdep.h#1 add
.. //depot/projects/netperf/sys/netipsec/ipsec_output.c#4 edit
.. //depot/projects/netperf/sys/netipsec/key.c#4 edit
.. //depot/projects/netperf/sys/netipsec/key_debug.c#2 edit
.. //depot/projects/netperf/sys/netipsec/keysock.c#2 edit
.. //depot/projects/netperf/sys/netipsec/xform_ah.c#4 edit
.. //depot/projects/netperf/sys/netipsec/xform_esp.c#4 edit
.. //depot/projects/netperf/sys/netipsec/xform_ipcomp.c#4 edit
.. //depot/projects/netperf/sys/netipsec/xform_ipip.c#2 edit
Differences ...
==== //depot/projects/netperf/sys/netipsec/ipcomp.h#2 (text+ko) ====
==== //depot/projects/netperf/sys/netipsec/ipsec.c#4 (text+ko) ====
@@ -92,8 +92,6 @@
#include <machine/in_cksum.h>
-#include <net/net_osdep.h>
-
#ifdef IPSEC_DEBUG
int ipsec_debug = 1;
#else
@@ -249,14 +247,14 @@
{
struct secpolicy *sp;
- KASSERT(tdbi != NULL, ("ipsec_getpolicy: null tdbi"));
- KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
- ("ipsec_getpolicy: invalid direction %u", dir));
+ IPSEC_ASSERT(tdbi != NULL, ("null tdbi"));
+ IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
+ ("invalid direction %u", dir));
sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir);
if (sp == NULL) /*XXX????*/
sp = KEY_ALLOCSP_DEFAULT();
- KASSERT(sp != NULL, ("ipsec_getpolicy: null SP"));
+ IPSEC_ASSERT(sp != NULL, ("null SP"));
return sp;
}
@@ -283,11 +281,11 @@
struct secpolicy *currsp = NULL; /* policy on socket */
struct secpolicy *sp;
- KASSERT(m != NULL, ("ipsec_getpolicybysock: null mbuf"));
- KASSERT(inp != NULL, ("ipsec_getpolicybysock: null inpcb"));
- KASSERT(error != NULL, ("ipsec_getpolicybysock: null error"));
- KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
- ("ipsec_getpolicybysock: invalid direction %u", dir));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(inp != NULL, ("null inpcb"));
+ IPSEC_ASSERT(error != NULL, ("null error"));
+ IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
+ ("invalid direction %u", dir));
/* set spidx in pcb */
if (inp->inp_vflag & INP_IPV6PROTO) {
@@ -304,7 +302,7 @@
if (*error)
return NULL;
- KASSERT(pcbsp != NULL, ("ipsec_getpolicybysock: null pcbsp"));
+ IPSEC_ASSERT(pcbsp != NULL, ("null pcbsp"));
switch (dir) {
case IPSEC_DIR_INBOUND:
currsp = pcbsp->sp_in;
@@ -313,7 +311,7 @@
currsp = pcbsp->sp_out;
break;
}
- KASSERT(currsp != NULL, ("ipsec_getpolicybysock: null currsp"));
+ IPSEC_ASSERT(currsp != NULL, ("null currsp"));
if (pcbsp->priv) { /* when privilieged socket */
switch (currsp->policy) {
@@ -331,8 +329,8 @@
break;
default:
- ipseclog((LOG_ERR, "ipsec_getpolicybysock: "
- "Invalid policy for PCB %d\n", currsp->policy));
+ ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n",
+ __func__, currsp->policy));
*error = EINVAL;
return NULL;
}
@@ -341,9 +339,9 @@
if (sp == NULL) { /* no SP found */
switch (currsp->policy) {
case IPSEC_POLICY_BYPASS:
- ipseclog((LOG_ERR, "ipsec_getpolicybysock: "
- "Illegal policy for non-priviliged defined %d\n",
- currsp->policy));
+ ipseclog((LOG_ERR, "%s: Illegal policy for "
+ "non-priviliged defined %d\n",
+ __func__, currsp->policy));
*error = EINVAL;
return NULL;
@@ -357,20 +355,18 @@
break;
default:
- ipseclog((LOG_ERR, "ipsec_getpolicybysock: "
- "Invalid policy for PCB %d\n", currsp->policy));
+ ipseclog((LOG_ERR, "%s: Invalid policy for "
+ "PCB %d\n", __func__, currsp->policy));
*error = EINVAL;
return NULL;
}
}
}
- KASSERT(sp != NULL,
- ("ipsec_getpolicybysock: null SP (priv %u policy %u",
- pcbsp->priv, currsp->policy));
+ IPSEC_ASSERT(sp != NULL,
+ ("null SP (priv %u policy %u", pcbsp->priv, currsp->policy));
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP ipsec_getpolicybysock (priv %u policy %u) allocates "
- "SP:%p (refcnt %u)\n", pcbsp->priv, currsp->policy,
- sp, sp->refcnt));
+ printf("DP %s (priv %u policy %u) allocate SP:%p (refcnt %u)\n",
+ __func__, pcbsp->priv, currsp->policy, sp, sp->refcnt));
return sp;
}
@@ -394,10 +390,10 @@
struct secpolicyindex spidx;
struct secpolicy *sp;
- KASSERT(m != NULL, ("ipsec_getpolicybyaddr: null mbuf"));
- KASSERT(error != NULL, ("ipsec_getpolicybyaddr: null error"));
- KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
- ("ipsec4_getpolicybaddr: invalid direction %u", dir));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(error != NULL, ("null error"));
+ IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
+ ("invalid direction %u", dir));
sp = NULL;
if (key_havesp(dir)) {
@@ -405,8 +401,8 @@
*error = ipsec_setspidx(m, &spidx,
(flag & IP_FORWARDING) ? 0 : 1);
if (*error != 0) {
- DPRINTF(("ipsec_getpolicybyaddr: setpidx failed,"
- " dir %u flag %u\n", dir, flag));
+ DPRINTF(("%s: setpidx failed, dir %u flag %u\n",
+ __func__, dir, flag));
bzero(&spidx, sizeof (spidx));
return NULL;
}
@@ -416,7 +412,7 @@
}
if (sp == NULL) /* no SP found, use system default */
sp = KEY_ALLOCSP_DEFAULT();
- KASSERT(sp != NULL, ("ipsec_getpolicybyaddr: null SP"));
+ IPSEC_ASSERT(sp != NULL, ("null SP"));
return sp;
}
@@ -435,17 +431,15 @@
else
sp = ipsec_getpolicybysock(m, dir, inp, error);
if (sp == NULL) {
- KASSERT(*error != 0,
- ("ipsec4_checkpolicy: getpolicy failed w/o error"));
+ IPSEC_ASSERT(*error != 0, ("getpolicy failed w/o error"));
newipsecstat.ips_out_inval++;
return NULL;
}
- KASSERT(*error == 0,
- ("ipsec4_checkpolicy: sp w/ error set to %u", *error));
+ IPSEC_ASSERT(*error == 0, ("sp w/ error set to %u", *error));
switch (sp->policy) {
case IPSEC_POLICY_ENTRUST:
default:
- printf("ipsec4_checkpolicy: invalid policy %u\n", sp->policy);
+ printf("%s: invalid policy %u\n", __func__, sp->policy);
/* fall thru... */
case IPSEC_POLICY_DISCARD:
newipsecstat.ips_out_polvio++;
@@ -475,10 +469,10 @@
{
int error;
- KASSERT(pcb != NULL, ("ipsec4_setspidx_inpcb: null pcb"));
- KASSERT(pcb->inp_sp != NULL, ("ipsec4_setspidx_inpcb: null inp_sp"));
- KASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL,
- ("ipsec4_setspidx_inpcb: null sp_in || sp_out"));
+ IPSEC_ASSERT(pcb != NULL, ("null pcb"));
+ IPSEC_ASSERT(pcb->inp_sp != NULL, ("null inp_sp"));
+ IPSEC_ASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL,
+ ("null sp_in || sp_out"));
error = ipsec_setspidx(m, &pcb->inp_sp->sp_in->spidx, 1);
if (error == 0) {
@@ -503,10 +497,10 @@
struct secpolicyindex *spidx;
int error;
- KASSERT(pcb != NULL, ("ipsec6_setspidx_in6pcb: null pcb"));
- KASSERT(pcb->in6p_sp != NULL, ("ipsec6_setspidx_in6pcb: null inp_sp"));
- KASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL,
- ("ipsec6_setspidx_in6pcb: null sp_in || sp_out"));
+ IPSEC_ASSERT(pcb != NULL, ("null pcb"));
+ IPSEC_ASSERT(pcb->in6p_sp != NULL, ("null inp_sp"));
+ IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL,
+ ("null sp_in || sp_out"));
bzero(&pcb->in6p_sp->sp_in->spidx, sizeof(*spidx));
bzero(&pcb->in6p_sp->sp_out->spidx, sizeof(*spidx));
@@ -550,7 +544,7 @@
int len;
int error;
- KASSERT(m != NULL, ("ipsec_setspidx: null mbuf"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
/*
* validate m->m_pkthdr.len. we see incorrect length if we
@@ -562,18 +556,15 @@
len += n->m_len;
if (m->m_pkthdr.len != len) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_setspidx: "
- "total of m_len(%d) != pkthdr.len(%d), "
- "ignored.\n",
- len, m->m_pkthdr.len));
+ printf("%s: pkthdr len(%d) mismatch (%d), ignored.\n",
+ __func__, len, m->m_pkthdr.len));
return EINVAL;
}
if (m->m_pkthdr.len < sizeof(struct ip)) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_setspidx: "
- "pkthdr.len(%d) < sizeof(struct ip), ignored.\n",
- m->m_pkthdr.len));
+ printf("%s: pkthdr len(%d) too small (v4), ignored.\n",
+ __func__, m->m_pkthdr.len));
return EINVAL;
}
@@ -599,9 +590,8 @@
case 6:
if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_setspidx: "
- "pkthdr.len(%d) < sizeof(struct ip6_hdr), "
- "ignored.\n", m->m_pkthdr.len));
+ printf("%s: pkthdr len(%d) too small (v6), "
+ "ignored\n", __func__, m->m_pkthdr.len));
return EINVAL;
}
error = ipsec6_setspidx_ipaddr(m, spidx);
@@ -612,8 +602,8 @@
#endif
default:
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_setspidx: "
- "unknown IP version %u, ignored.\n", v));
+ printf("%s: " "unknown IP version %u, ignored.\n",
+ __func__, v));
return EINVAL;
}
}
@@ -625,9 +615,8 @@
int off;
/* sanity check */
- KASSERT(m != NULL, ("ipsec4_get_ulp: null mbuf"));
- KASSERT(m->m_pkthdr.len >= sizeof(struct ip),
- ("ipsec4_get_ulp: packet too short"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));
/* NB: ip_input() flips it into host endian XXX need more checking */
if (m->m_len < sizeof (struct ip)) {
@@ -747,10 +736,10 @@
/* sanity check */
if (m == NULL)
- panic("ipsec6_get_ulp: NULL pointer was passed.\n");
+ panic("%s: NULL pointer was passed.\n", __func__);
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec6_get_ulp:\n"); kdebug_mbuf(m));
+ printf("%s:\n", __func__); kdebug_mbuf(m));
/* set default */
spidx->ul_proto = IPSEC_ULPROTO_ANY;
@@ -851,19 +840,16 @@
/* sanity check. */
if (so == NULL || pcb_sp == NULL)
- panic("ipsec_init_policy: NULL pointer was passed.\n");
+ panic("%s: NULL pointer was passed.\n", __func__);
new = (struct inpcbpolicy *) malloc(sizeof(struct inpcbpolicy),
M_IPSEC_INPCB, M_NOWAIT|M_ZERO);
if (new == NULL) {
- ipseclog((LOG_DEBUG, "ipsec_init_policy: No more memory.\n"));
+ ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
return ENOBUFS;
}
- if (so->so_cred != 0 && so->so_cred->cr_uid == 0)
- new->priv = 1;
- else
- new->priv = 0;
+ new->priv = IPSEC_IS_PRIVILEGED_SO(so);
if ((new->sp_in = KEY_NEWSP()) == NULL) {
ipsec_delpcbpolicy(new);
@@ -1005,7 +991,7 @@
xpl = (struct sadb_x_policy *)request;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_set_policy: passed policy\n");
+ printf("%s: passed policy\n", __func__);
kdebug_sadb_x_policy((struct sadb_ext *)xpl));
/* check policy type */
@@ -1028,7 +1014,7 @@
KEY_FREESP(pcb_sp);
*pcb_sp = newsp;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_set_policy: new policy\n");
+ printf("%s: new policy\n", __func__);
kdebug_secpolicy(newsp));
return 0;
@@ -1046,14 +1032,13 @@
*mp = key_sp2msg(pcb_sp);
if (!*mp) {
- ipseclog((LOG_DEBUG, "ipsec_get_policy: No more memory.\n"));
+ ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
return ENOBUFS;
}
(*mp)->m_type = MT_DATA;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_get_policy:\n");
- kdebug_mbuf(*mp));
+ printf("%s:\n", __func__); kdebug_mbuf(*mp));
return 0;
}
@@ -1085,7 +1070,7 @@
pcb_sp = &inp->inp_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n",
+ ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
return EINVAL;
}
@@ -1106,7 +1091,7 @@
/* sanity check. */
if (inp == NULL || request == NULL || mp == NULL)
return EINVAL;
- KASSERT(inp->inp_sp != NULL, ("ipsec4_get_policy: null inp_sp"));
+ IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp"));
if (len < sizeof(*xpl))
return EINVAL;
xpl = (struct sadb_x_policy *)request;
@@ -1120,7 +1105,7 @@
pcb_sp = inp->inp_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n",
+ ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
return EINVAL;
}
@@ -1133,7 +1118,7 @@
ipsec4_delete_pcbpolicy(inp)
struct inpcb *inp;
{
- KASSERT(inp != NULL, ("ipsec4_delete_pcbpolicy: null inp"));
+ IPSEC_ASSERT(inp != NULL, ("null inp"));
if (inp->inp_sp == NULL)
return 0;
@@ -1178,7 +1163,7 @@
pcb_sp = &in6p->in6p_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n",
+ ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
return EINVAL;
}
@@ -1199,7 +1184,7 @@
/* sanity check. */
if (in6p == NULL || request == NULL || mp == NULL)
return EINVAL;
- KASSERT(in6p->in6p_sp != NULL, ("ipsec6_get_policy: null in6p_sp"));
+ IPSEC_ASSERT(in6p->in6p_sp != NULL, ("null in6p_sp"));
if (len < sizeof(*xpl))
return EINVAL;
xpl = (struct sadb_x_policy *)request;
@@ -1213,7 +1198,7 @@
pcb_sp = in6p->in6p_sp->sp_out;
break;
default:
- ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n",
+ ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
return EINVAL;
}
@@ -1225,7 +1210,7 @@
ipsec6_delete_pcbpolicy(in6p)
struct in6pcb *in6p;
{
- KASSERT(in6p != NULL, ("ipsec6_delete_pcbpolicy: null in6p"));
+ IPSEC_ASSERT(in6p != NULL, ("null in6p"));
if (in6p->in6p_sp == NULL)
return 0;
@@ -1255,10 +1240,9 @@
u_int esp_trans_deflev, esp_net_deflev;
u_int ah_trans_deflev, ah_net_deflev;
- KASSERT(isr != NULL && isr->sp != NULL,
- ("ipsec_get_reqlevel: null argument"));
- KASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family,
- ("ipsec_get_reqlevel: af family mismatch, src %u, dst %u",
+ IPSEC_ASSERT(isr != NULL && isr->sp != NULL, ("null argument"));
+ IPSEC_ASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family,
+ ("af family mismatch, src %u, dst %u",
isr->sp->spidx.src.sa.sa_family,
isr->sp->spidx.dst.sa.sa_family));
@@ -1293,8 +1277,8 @@
break;
#endif /* INET6 */
default:
- panic("key_get_reqlevel: unknown af %u",
- isr->sp->spidx.src.sa.sa_family);
+ panic("%s: unknown af %u",
+ __func__, isr->sp->spidx.src.sa.sa_family);
}
#undef IPSEC_CHECK_DEFAULT
@@ -1322,8 +1306,7 @@
level = IPSEC_LEVEL_USE;
break;
default:
- panic("ipsec_get_reqlevel: "
- "Illegal protocol defined %u\n",
+ panic("%s: Illegal protocol defined %u\n", __func__,
isr->saidx.proto);
}
break;
@@ -1337,8 +1320,7 @@
break;
default:
- panic("ipsec_get_reqlevel: Illegal IPsec level %u\n",
- isr->level);
+ panic("%s: Illegal IPsec level %u\n", __func__, isr->level);
}
return level;
@@ -1361,8 +1343,7 @@
int need_auth;
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec_in_reject: using SP\n");
- kdebug_secpolicy(sp));
+ printf("%s: using SP\n", __func__); kdebug_secpolicy(sp));
/* check policy */
switch (sp->policy) {
@@ -1373,8 +1354,8 @@
return 0;
}
- KASSERT(sp->policy == IPSEC_POLICY_IPSEC,
- ("ipsec_in_reject: invalid policy %u", sp->policy));
+ IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
+ ("invalid policy %u", sp->policy));
/* XXX should compare policy against ipsec header history */
@@ -1386,7 +1367,7 @@
case IPPROTO_ESP:
if ((m->m_flags & M_DECRYPTED) == 0) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_in_reject: ESP m_flags:%x\n",
+ printf("%s: ESP m_flags:%x\n", __func__,
m->m_flags));
return 1;
}
@@ -1396,7 +1377,7 @@
isr->sav->tdb_authalgxform != NULL &&
(m->m_flags & M_AUTHIPDGM) == 0) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_in_reject: ESP/AH m_flags:%x\n",
+ printf("%s: ESP/AH m_flags:%x\n", __func__,
m->m_flags));
return 1;
}
@@ -1405,7 +1386,7 @@
need_auth = 1;
if ((m->m_flags & M_AUTHIPHDR) == 0) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
- printf("ipsec_in_reject: AH m_flags:%x\n",
+ printf("%s: AH m_flags:%x\n", __func__,
m->m_flags));
return 1;
}
@@ -1437,7 +1418,7 @@
int error;
int result;
- KASSERT(m != NULL, ("ipsec4_in_reject_so: null mbuf"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
/* get SP for this packet.
* When we are called from ip_forward(), we call
@@ -1512,8 +1493,7 @@
size_t siz;
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec_hdrsiz: using SP\n");
- kdebug_secpolicy(sp));
+ printf("%s: using SP\n", __func__); kdebug_secpolicy(sp));
switch (sp->policy) {
case IPSEC_POLICY_DISCARD:
@@ -1522,8 +1502,8 @@
return 0;
}
- KASSERT(sp->policy == IPSEC_POLICY_IPSEC,
- ("ipsec_hdrsiz: invalid policy %u", sp->policy));
+ IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
+ ("invalid policy %u", sp->policy));
siz = 0;
for (isr = sp->req; isr != NULL; isr = isr->next) {
@@ -1552,8 +1532,8 @@
break;
#endif
default:
- ipseclog((LOG_ERR, "ipsec_hdrsiz: "
- "unknown AF %d in IPsec tunnel SA\n",
+ ipseclog((LOG_ERR, "%s: unknown AF %d in "
+ "IPsec tunnel SA\n", __func__,
((struct sockaddr *)&isr->saidx.dst)->sa_family));
break;
}
@@ -1575,7 +1555,7 @@
int error;
size_t size;
- KASSERT(m != NULL, ("ipsec4_hdrsiz: null mbuf"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
/* get SP for this packet.
* When we are called from ip_forward(), we call
@@ -1589,7 +1569,7 @@
if (sp != NULL) {
size = ipsec_hdrsiz(sp);
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec4_hdrsiz: size:%lu.\n",
+ printf("%s: size:%lu.\n", __func__,
(unsigned long)size));
KEY_FREESP(&sp);
@@ -1613,9 +1593,9 @@
int error;
size_t size;
- KASSERT(m != NULL, ("ipsec6_hdrsiz: null mbuf"));
- KASSERT(in6p == NULL || in6p->in6p_socket != NULL,
- ("ipsec6_hdrsize: socket w/o inpcb"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(in6p == NULL || in6p->in6p_socket != NULL,
+ ("socket w/o inpcb"));
/* get SP for this packet */
/* XXX Is it right to call with IP_FORWARDING. */
@@ -1628,7 +1608,7 @@
return 0;
size = ipsec_hdrsiz(sp);
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
- printf("ipsec6_hdrsiz: size:%lu.\n", (unsigned long)size));
+ printf("%s: size:%lu.\n", __func__, (unsigned long)size));
KEY_FREESP(&sp);
return size;
@@ -1656,12 +1636,10 @@
u_int32_t wsizeb; /* constant: bits of window size */
int frlast; /* constant: last frame */
-#if 0
- SPLASSERT(net, "ipsec_chkreplay");
-#endif
+ IPSEC_SPLASSERT_SOFTNET(__func__);
- KASSERT(sav != NULL, ("ipsec_chkreplay: Null SA"));
- KASSERT(sav->replay != NULL, ("ipsec_chkreplay: Null replay state"));
+ IPSEC_ASSERT(sav != NULL, ("Null SA"));
+ IPSEC_ASSERT(sav->replay != NULL, ("Null replay state"));
replay = sav->replay;
@@ -1718,12 +1696,10 @@
u_int32_t wsizeb; /* constant: bits of window size */
int frlast; /* constant: last frame */
-#if 0
- SPLASSERT(net, "ipsec_updatereplay");
-#endif
+ IPSEC_SPLASSERT_SOFTNET(__func__);
- KASSERT(sav != NULL, ("ipsec_updatereplay: Null SA"));
- KASSERT(sav->replay != NULL, ("ipsec_updatereplay: Null replay state"));
+ IPSEC_ASSERT(sav != NULL, ("Null SA"));
+ IPSEC_ASSERT(sav->replay != NULL, ("Null replay state"));
replay = sav->replay;
@@ -1794,8 +1770,8 @@
if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0)
return 1;
- ipseclog((LOG_WARNING, "replay counter made %d cycle. %s\n",
- replay->overflow, ipsec_logsastr(sav)));
+ ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n",
+ __func__, replay->overflow, ipsec_logsastr(sav)));
}
replay->count++;
@@ -1872,8 +1848,8 @@
char *p;
struct secasindex *saidx = &sav->sah->saidx;
- KASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family,
- ("ipsec_logsastr: address family mismatch"));
+ IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family,
+ ("address family mismatch"));
p = buf;
snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi));
==== //depot/projects/netperf/sys/netipsec/ipsec.h#4 (text+ko) ====
@@ -44,6 +44,7 @@
#include <net/pfkeyv2.h>
#include <netipsec/keydb.h>
+#include <netipsec/ipsec_osdep.h>
#ifdef _KERNEL
==== //depot/projects/netperf/sys/netipsec/ipsec_input.c#5 (text+ko) ====
@@ -91,8 +91,6 @@
#include <machine/in_cksum.h>
#include <machine/stdarg.h>
-#include <net/net_osdep.h>
-
#define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \
(p) == IPPROTO_AH ? (y)++ : (z)++)
@@ -113,7 +111,7 @@
IPSEC_ISTAT(sproto, espstat.esps_input, ahstat.ahs_input,
ipcompstat.ipcomps_input);
- KASSERT(m != NULL, ("ipsec_common_input: null packet"));
+ IPSEC_ASSERT(m != NULL, ("null packet"));
if ((sproto == IPPROTO_ESP && !esp_enable) ||
(sproto == IPPROTO_AH && !ah_enable) ||
@@ -128,7 +126,7 @@
m_freem(m);
IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
- DPRINTF(("ipsec_common_input: packet too small\n"));
+ DPRINTF(("%s: packet too small\n", __func__));
return EINVAL;
}
@@ -170,8 +168,7 @@
break;
#endif /* INET6 */
default:
- DPRINTF(("ipsec_common_input: unsupported protocol "
- "family %u\n", af));
+ DPRINTF(("%s: unsupported protocol family %u\n", __func__, af));
m_freem(m);
IPSEC_ISTAT(sproto, espstat.esps_nopf, ahstat.ahs_nopf,
ipcompstat.ipcomps_nopf);
@@ -181,9 +178,8 @@
/* NB: only pass dst since key_allocsa follows RFC2401 */
sav = KEY_ALLOCSA(&dst_address, sproto, spi);
if (sav == NULL) {
- DPRINTF(("ipsec_common_input: no key association found for"
- " SA %s/%08lx/%u\n",
- ipsec_address(&dst_address),
+ DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n",
+ __func__, ipsec_address(&dst_address),
(u_long) ntohl(spi), sproto));
IPSEC_ISTAT(sproto, espstat.esps_notdb, ahstat.ahs_notdb,
ipcompstat.ipcomps_notdb);
@@ -192,9 +188,8 @@
}
if (sav->tdb_xform == NULL) {
- DPRINTF(("ipsec_common_input: attempted to use uninitialized"
- " SA %s/%08lx/%u\n",
- ipsec_address(&dst_address),
+ DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n",
+ __func__, ipsec_address(&dst_address),
(u_long) ntohl(spi), sproto));
IPSEC_ISTAT(sproto, espstat.esps_noxform, ahstat.ahs_noxform,
ipcompstat.ipcomps_noxform);
@@ -266,25 +261,22 @@
struct secasindex *saidx;
int error;
-#if 0
- SPLASSERT(net, "ipsec4_common_input_cb");
-#endif
+ IPSEC_SPLASSERT_SOFTNET(__func__);
- KASSERT(m != NULL, ("ipsec4_common_input_cb: null mbuf"));
- KASSERT(sav != NULL, ("ipsec4_common_input_cb: null SA"));
- KASSERT(sav->sah != NULL, ("ipsec4_common_input_cb: null SAH"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(sav != NULL, ("null SA"));
+ IPSEC_ASSERT(sav->sah != NULL, ("null SAH"));
saidx = &sav->sah->saidx;
af = saidx->dst.sa.sa_family;
- KASSERT(af == AF_INET, ("ipsec4_common_input_cb: unexpected af %u",af));
+ IPSEC_ASSERT(af == AF_INET, ("unexpected af %u", af));
sproto = saidx->proto;
- KASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH ||
+ IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH ||
sproto == IPPROTO_IPCOMP,
- ("ipsec4_common_input_cb: unexpected security protocol %u",
- sproto));
+ ("unexpected security protocol %u", sproto));
/* Sanity check */
if (m == NULL) {
- DPRINTF(("ipsec4_common_input_cb: null mbuf"));
+ DPRINTF(("%s: null mbuf", __func__));
IPSEC_ISTAT(sproto, espstat.esps_badkcr, ahstat.ahs_badkcr,
ipcompstat.ipcomps_badkcr);
KEY_FREESAV(&sav);
@@ -294,9 +286,8 @@
if (skip != 0) {
/* Fix IPv4 header */
if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
- DPRINTF(("ipsec4_common_input_cb: processing failed "
- "for SA %s/%08lx\n",
- ipsec_address(&sav->sah->saidx.dst),
+ DPRINTF(("%s: processing failed for SA %s/%08lx\n",
+ __func__, ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
@@ -343,9 +334,9 @@
(saidx->proxy.sa.sa_family != AF_INET &&
saidx->proxy.sa.sa_family != 0)) {
- DPRINTF(("ipsec4_common_input_cb: inner "
- "source address %s doesn't correspond to "
- "expected proxy source %s, SA %s/%08lx\n",
+ DPRINTF(("%s: inner source address %s doesn't "
+ "correspond to expected proxy source %s, "
+ "SA %s/%08lx\n", __func__,
inet_ntoa4(ipn.ip_src),
ipsp_address(saidx->proxy),
ipsp_address(saidx->dst),
@@ -387,9 +378,9 @@
(saidx->proxy.sa.sa_family != AF_INET6 &&
saidx->proxy.sa.sa_family != 0)) {
- DPRINTF(("ipsec4_common_input_cb: inner "
- "source address %s doesn't correspond to "
- "expected proxy source %s, SA %s/%08lx\n",
+ DPRINTF(("%s: inner source address %s doesn't "
+ "correspond to expected proxy source %s, "
+ "SA %s/%08lx\n", __func__,
ip6_sprintf(&ip6n.ip6_src),
ipsec_address(&saidx->proxy),
ipsec_address(&saidx->dst),
@@ -417,7 +408,7 @@
mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
sizeof(struct tdb_ident), M_NOWAIT);
if (mtag == NULL) {
- DPRINTF(("ipsec4_common_input_cb: failed to get tag\n"));
+ DPRINTF(("%s: failed to get tag\n", __func__));
IPSEC_ISTAT(sproto, espstat.esps_hdrops,
ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops);
error = ENOMEM;
@@ -444,8 +435,8 @@
IPSEC_ISTAT(sproto, espstat.esps_qfull, ahstat.ahs_qfull,
ipcompstat.ipcomps_qfull);
- DPRINTF(("ipsec4_common_input_cb: queue full; "
- "proto %u packet dropped\n", sproto));
+ DPRINTF(("%s: queue full; proto %u packet dropped\n",
+ __func__, sproto));
return ENOBUFS;
}
return 0;
@@ -465,7 +456,7 @@
struct ip6_ext ip6e;
if (*offp < sizeof(struct ip6_hdr)) {
- DPRINTF(("ipsec6_common_input: bad offset %u\n", *offp));
+ DPRINTF(("%s: bad offset %u\n", __func__, *offp));
return IPPROTO_DONE;
} else if (*offp == sizeof(struct ip6_hdr)) {
protoff = offsetof(struct ip6_hdr, ip6_nxt);
@@ -482,13 +473,13 @@
l = (ip6e.ip6e_len + 2) << 2;
else
l = (ip6e.ip6e_len + 1) << 3;
- KASSERT(l > 0, ("ah6_input: l went zero or negative"));
+ IPSEC_ASSERT(l > 0, ("l went zero or negative"));
} while (protoff + l < *offp);
/* Malformed packet check */
if (protoff + l != *offp) {
- DPRINTF(("ipsec6_common_input: bad packet header chain, "
- "protoff %u, l %u, off %u\n", protoff, l, *offp));
+ DPRINTF(("%s: bad packet header chain, protoff %u, "
+ "l %u, off %u\n", __func__, protoff, l, *offp));
IPSEC_ISTAT(proto, espstat.esps_hdrops,
ahstat.ahs_hdrops,
ipcompstat.ipcomps_hdrops);
@@ -595,22 +586,20 @@
u_int8_t nxt8;
int error, nest;
- KASSERT(m != NULL, ("ipsec6_common_input_cb: null mbuf"));
- KASSERT(sav != NULL, ("ipsec6_common_input_cb: null SA"));
- KASSERT(sav->sah != NULL, ("ipsec6_common_input_cb: null SAH"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(sav != NULL, ("null SA"));
+ IPSEC_ASSERT(sav->sah != NULL, ("null SAH"));
saidx = &sav->sah->saidx;
af = saidx->dst.sa.sa_family;
- KASSERT(af == AF_INET6,
- ("ipsec6_common_input_cb: unexpected af %u", af));
+ IPSEC_ASSERT(af == AF_INET6, ("unexpected af %u", af));
sproto = saidx->proto;
- KASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH ||
+ IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH ||
sproto == IPPROTO_IPCOMP,
- ("ipsec6_common_input_cb: unexpected security protocol %u",
- sproto));
+ ("unexpected security protocol %u", sproto));
/* Sanity check */
if (m == NULL) {
- DPRINTF(("ipsec4_common_input_cb: null mbuf"));
+ DPRINTF(("%s: null mbuf", __func__));
IPSEC_ISTAT(sproto, espstat.esps_badkcr, ahstat.ahs_badkcr,
ipcompstat.ipcomps_badkcr);
error = EINVAL;
@@ -621,8 +610,8 @@
if (m->m_len < sizeof(struct ip6_hdr) &&
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
- DPRINTF(("ipsec_common_input_cb: processing failed "
- "for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst),
+ DPRINTF(("%s: processing failed for SA %s/%08lx\n",
+ __func__, ipsec_address(&sav->sah->saidx.dst),
(u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops,
@@ -663,9 +652,9 @@
(saidx->proxy.sa.sa_family != AF_INET &&
saidx->proxy.sa.sa_family != 0)) {
- DPRINTF(("ipsec_common_input_cb: inner "
- "source address %s doesn't correspond to "
- "expected proxy source %s, SA %s/%08lx\n",
+ DPRINTF(("%s: inner source address %s doesn't "
+ "correspond to expected proxy source %s, "
+ "SA %s/%08lx\n", __func__,
inet_ntoa4(ipn.ip_src),
ipsec_address(&saidx->proxy),
ipsec_address(&saidx->dst),
@@ -707,9 +696,9 @@
(saidx->proxy.sa.sa_family != AF_INET6 &&
saidx->proxy.sa.sa_family != 0)) {
- DPRINTF(("ipsec_common_input_cb: inner "
- "source address %s doesn't correspond to "
- "expected proxy source %s, SA %s/%08lx\n",
+ DPRINTF(("%s: inner source address %s doesn't "
+ "correspond to expected proxy source %s, "
+ "SA %s/%08lx\n", __func__,
ip6_sprintf(&ip6n.ip6_src),
ipsec_address(&saidx->proxy),
ipsec_address(&saidx->dst),
@@ -735,8 +724,7 @@
mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE,
sizeof(struct tdb_ident), M_NOWAIT);
if (mtag == NULL) {
- DPRINTF(("ipsec_common_input_cb: failed to "
- "get tag\n"));
+ DPRINTF(("%s: failed to get tag\n", __func__));
IPSEC_ISTAT(sproto, espstat.esps_hdrops,
ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops);
error = ENOMEM;
==== //depot/projects/netperf/sys/netipsec/ipsec_mbuf.c#2 (text+ko) ====
@@ -60,7 +60,7 @@
struct mbuf *n, *mfirst, *mlast;
int len, off;
- KASSERT(m0 != NULL, ("m_clone: null mbuf"));
+ IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
mprev = NULL;
for (m = m0; m != NULL; m = mprev->m_next) {
@@ -105,8 +105,7 @@
* it anyway, we try to reduce the number of mbufs and
* clusters so that future work is easier).
*/
- KASSERT(m->m_flags & M_EXT,
- ("m_clone: m_flags 0x%x", m->m_flags));
+ IPSEC_ASSERT(m->m_flags & M_EXT, ("m_flags 0x%x", m->m_flags));
/* NB: we only coalesce into a cluster or larger */
if (mprev != NULL && (mprev->m_flags & M_EXT) &&
m->m_len <= M_TRAILINGSPACE(mprev)) {
@@ -208,8 +207,8 @@
struct mbuf *m;
unsigned remain;
- KASSERT(m0 != NULL, ("m_dmakespace: null mbuf"));
- KASSERT(hlen < MHLEN, ("m_makespace: hlen too big: %u", hlen));
+ IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
+ IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen));
for (m = m0; m && skip > m->m_len; m = m->m_next)
skip -= m->m_len;
@@ -228,8 +227,7 @@
struct mbuf *n;
/* XXX code doesn't handle clusters XXX */
- KASSERT(remain < MLEN,
- ("m_makespace: remainder too big: %u", remain));
+ IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain));
/*
* Not enough space in m, split the contents
* of m, inserting new mbufs as required.
@@ -313,7 +311,7 @@
caddr_t retval;
if (n <= 0) { /* No stupid arguments. */
- DPRINTF(("m_pad: pad length invalid (%d)\n", n));
+ DPRINTF(("%s: pad length invalid (%d)\n", __func__, n));
m_freem(m);
return NULL;
}
@@ -323,14 +321,14 @@
m0 = m;
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list