Date: Fri, 23 Dec 2016 09:10:57 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310468 - projects/ipsec/sys/netipsec Message-ID: <201612230910.uBN9AvRA042214@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Fri Dec 23 09:10:57 2016 New Revision: 310468 URL: https://svnweb.freebsd.org/changeset/base/310468 Log: Move ipsec_newisr() and ipsec_delisr() into key.c. Move ipsec_address() and ipsec_logsastr() into key_debug.c. Also rename ipsec_sa2str() to reflect in the name what it actually does. Modified: projects/ipsec/sys/netipsec/ipsec.c projects/ipsec/sys/netipsec/ipsec.h projects/ipsec/sys/netipsec/ipsec_input.c projects/ipsec/sys/netipsec/key.c projects/ipsec/sys/netipsec/key_debug.c projects/ipsec/sys/netipsec/key_debug.h projects/ipsec/sys/netipsec/xform_ah.c projects/ipsec/sys/netipsec/xform_esp.c Modified: projects/ipsec/sys/netipsec/ipsec.c ============================================================================== --- projects/ipsec/sys/netipsec/ipsec.c Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/ipsec.c Fri Dec 23 09:10:57 2016 (r310468) @@ -941,21 +941,6 @@ ipsec_run_hhooks(struct ipsec_ctx_data * return (0); } -struct ipsecrequest * -ipsec_newisr(void) -{ - - return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, - M_NOWAIT | M_ZERO)); -} - -void -ipsec_delisr(struct ipsecrequest *p) -{ - - free(p, M_IPSEC_SR); -} - /* * Return current level. * Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned. @@ -1428,7 +1413,7 @@ ok: ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n", __func__, replay->overflow, - ipsec_logsastr(sav, buf, sizeof(buf)))); + ipsec_sa2str(sav, buf, sizeof(buf)))); } return (0); } @@ -1479,73 +1464,6 @@ ipsec_updateid(struct secasvar *sav, uin return (0); } -/* Return a printable string for the address. */ -char* -ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) -{ - - switch (sa->sa.sa_family) { -#ifdef INET - case AF_INET: - return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); -#endif /* INET */ -#ifdef INET6 - case AF_INET6: - if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { - snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, - &sa->sin6.sin6_addr, buf, size), - sa->sin6.sin6_scope_id); - return (buf); - } else - return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, - buf, size)); -#endif /* INET6 */ - case 0: - return ("*"); - default: - return ("(unknown address family)"); - } -} - -char * -ipsec_logsastr(struct secasvar *sav, char *buf, size_t size) -{ - char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; - - IPSEC_ASSERT(sav->sah->saidx.src.sa.sa_family == - sav->sah->saidx.dst.sa.sa_family, ("address family mismatch")); - - snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", - (u_long)ntohl(sav->spi), - ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), - ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); - return (buf); -} - -void -ipsec_dumpmbuf(const struct mbuf *m) -{ - const u_char *p; - int totlen; - int i; - - totlen = 0; - printf("---\n"); - while (m) { - p = mtod(m, const u_char *); - for (i = 0; i < m->m_len; i++) { - printf("%02x ", p[i]); - totlen++; - if (totlen % 16 == 0) - printf("\n"); - } - m = m->m_next; - } - if (totlen % 16 != 0) - printf("\n"); - printf("---\n"); -} - static void def_policy_init(const void *unused __unused) { Modified: projects/ipsec/sys/netipsec/ipsec.h ============================================================================== --- projects/ipsec/sys/netipsec/ipsec.h Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/ipsec.h Fri Dec 23 09:10:57 2016 (r310468) @@ -320,10 +320,6 @@ int ipsec_updateid(struct secasvar *, ui void ipsec_setsockaddrs(const struct mbuf *, union sockaddr_union *, union sockaddr_union *); -char *ipsec_address(const union sockaddr_union *, char *, socklen_t); -char *ipsec_logsastr(struct secasvar *, char *, size_t); - -extern void ipsec_dumpmbuf(const struct mbuf *); int ipsec4_in_reject(const struct mbuf *, struct inpcb *); int ipsec4_input(struct mbuf *, int, int); Modified: projects/ipsec/sys/netipsec/ipsec_input.c ============================================================================== --- projects/ipsec/sys/netipsec/ipsec_input.c Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/ipsec_input.c Fri Dec 23 09:10:57 2016 (r310468) @@ -90,6 +90,7 @@ __FBSDID("$FreeBSD$"); #include <netipsec/key.h> #include <netipsec/keydb.h> +#include <netipsec/key_debug.h> #include <netipsec/xform.h> #include <netinet6/ip6protosw.h> Modified: projects/ipsec/sys/netipsec/key.c ============================================================================== --- projects/ipsec/sys/netipsec/key.c Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/key.c Fri Dec 23 09:10:57 2016 (r310468) @@ -1245,6 +1245,21 @@ key_newsp(void) return (sp); } +struct ipsecrequest * +ipsec_newisr(void) +{ + + return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, + M_NOWAIT | M_ZERO)); +} + +void +ipsec_delisr(struct ipsecrequest *p) +{ + + free(p, M_IPSEC_SR); +} + /* * create secpolicy structure from sadb_x_policy structure. * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure Modified: projects/ipsec/sys/netipsec/key_debug.c ============================================================================== --- projects/ipsec/sys/netipsec/key_debug.c Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/key_debug.c Fri Dec 23 09:10:57 2016 (r310468) @@ -787,6 +787,47 @@ kdebug_mbuf(const struct mbuf *m0) return; } + +/* Return a printable string for the address. */ +char * +ipsec_address(const union sockaddr_union* sa, char *buf, socklen_t size) +{ + + switch (sa->sa.sa_family) { +#ifdef INET + case AF_INET: + return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); +#endif /* INET */ +#ifdef INET6 + case AF_INET6: + if (IN6_IS_SCOPE_LINKLOCAL(&sa->sin6.sin6_addr)) { + snprintf(buf, size, "%s%%%u", inet_ntop(AF_INET6, + &sa->sin6.sin6_addr, buf, size), + sa->sin6.sin6_scope_id); + return (buf); + } else + return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, + buf, size)); +#endif /* INET6 */ + case 0: + return ("*"); + default: + return ("(unknown address family)"); + } +} + +char * +ipsec_sa2str(struct secasvar *sav, char *buf, size_t size) +{ + char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN]; + + snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", + (u_long)ntohl(sav->spi), + ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), + ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); + return (buf); +} + #endif /* _KERNEL */ void Modified: projects/ipsec/sys/netipsec/key_debug.h ============================================================================== --- projects/ipsec/sys/netipsec/key_debug.h Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/key_debug.h Fri Dec 23 09:10:57 2016 (r310468) @@ -75,6 +75,7 @@ struct secashead; struct secasvar; struct secreplay; struct mbuf; +union sockaddr_union; const char* kdebug_secpolicy_state(u_int); const char* kdebug_secpolicy_policy(u_int); const char* kdebug_secpolicyindex_dir(u_int); @@ -88,6 +89,8 @@ void kdebug_secash(struct secashead *, c void kdebug_secasv(struct secasvar *); void kdebug_mbufhdr(const struct mbuf *); void kdebug_mbuf(const struct mbuf *); +char *ipsec_address(const union sockaddr_union *, char *, socklen_t); +char *ipsec_sa2str(struct secasvar *, char *, size_t); #endif /*_KERNEL*/ struct sockaddr; Modified: projects/ipsec/sys/netipsec/xform_ah.c ============================================================================== --- projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/xform_ah.c Fri Dec 23 09:10:57 2016 (r310468) @@ -614,7 +614,7 @@ ah_input(struct mbuf *m, struct secasvar SECASVAR_UNLOCK(sav); AHSTAT_INC(ahs_replay); DPRINTF(("%s: packet replay failure: %s\n", __func__, - ipsec_logsastr(sav, buf, sizeof(buf)))); + ipsec_sa2str(sav, buf, sizeof(buf)))); m_freem(m); return (EACCES); } Modified: projects/ipsec/sys/netipsec/xform_esp.c ============================================================================== --- projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 08:59:23 2016 (r310467) +++ projects/ipsec/sys/netipsec/xform_esp.c Fri Dec 23 09:10:57 2016 (r310468) @@ -360,7 +360,7 @@ esp_input(struct mbuf *m, struct secasva if (ipsec_chkreplay(ntohl(esp->esp_seq), sav) == 0) { SECASVAR_UNLOCK(sav); DPRINTF(("%s: packet replay check for %s\n", __func__, - ipsec_logsastr(sav, buf, sizeof(buf)))); + ipsec_sa2str(sav, buf, sizeof(buf)))); ESPSTAT_INC(esps_replay); m_freem(m); return (EACCES); @@ -561,7 +561,7 @@ esp_input_cb(struct cryptop *crp) if (ipsec_updatereplay(ntohl(seq), sav)) { SECASVAR_UNLOCK(sav); DPRINTF(("%s: packet replay check for %s\n", __func__, - ipsec_logsastr(sav, buf, sizeof(buf)))); + ipsec_sa2str(sav, buf, sizeof(buf)))); ESPSTAT_INC(esps_replay); error = EACCES; goto bad;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612230910.uBN9AvRA042214>