Date: Tue, 23 Sep 2003 14:22:18 -0700 (PDT) From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 38496 for review Message-ID: <200309232122.h8NLMIZM065119@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=38496 Change 38496 by sam@sam_ebb on 2003/09/23 14:22:05 First pass cleanup sweep and netbsd diff reduction: o add ipsec_osdep.h that holds os-specific definitions for portability o s/KASSERT/IPSEC_ASSERT/ for portability o s/SPLASSERT/IPSEC_SPLASSERT/ for portability o remove function names from ASSERT strings since line#+file pinpints the location o use __func__ uniformly to reduce string storage o convert some random #ifdef DIAGNOSTIC code to assertions o remove some debuggging assertions no longer needed Affected files ... .. //depot/projects/netperf/sys/netipsec/ipcomp.h#2 edit .. //depot/projects/netperf/sys/netipsec/ipsec.c#4 edit .. //depot/projects/netperf/sys/netipsec/ipsec.h#4 edit .. //depot/projects/netperf/sys/netipsec/ipsec_input.c#5 edit .. //depot/projects/netperf/sys/netipsec/ipsec_mbuf.c#2 edit .. //depot/projects/netperf/sys/netipsec/ipsec_osdep.h#1 add .. //depot/projects/netperf/sys/netipsec/ipsec_output.c#4 edit .. //depot/projects/netperf/sys/netipsec/key.c#4 edit .. //depot/projects/netperf/sys/netipsec/key_debug.c#2 edit .. //depot/projects/netperf/sys/netipsec/keysock.c#2 edit .. //depot/projects/netperf/sys/netipsec/xform_ah.c#4 edit .. //depot/projects/netperf/sys/netipsec/xform_esp.c#4 edit .. //depot/projects/netperf/sys/netipsec/xform_ipcomp.c#4 edit .. //depot/projects/netperf/sys/netipsec/xform_ipip.c#2 edit Differences ... ==== //depot/projects/netperf/sys/netipsec/ipcomp.h#2 (text+ko) ==== ==== //depot/projects/netperf/sys/netipsec/ipsec.c#4 (text+ko) ==== @@ -92,8 +92,6 @@ #include <machine/in_cksum.h> -#include <net/net_osdep.h> - #ifdef IPSEC_DEBUG int ipsec_debug = 1; #else @@ -249,14 +247,14 @@ { struct secpolicy *sp; - KASSERT(tdbi != NULL, ("ipsec_getpolicy: null tdbi")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec_getpolicy: invalid direction %u", dir)); + IPSEC_ASSERT(tdbi != NULL, ("null tdbi")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir); if (sp == NULL) /*XXX????*/ sp = KEY_ALLOCSP_DEFAULT(); - KASSERT(sp != NULL, ("ipsec_getpolicy: null SP")); + IPSEC_ASSERT(sp != NULL, ("null SP")); return sp; } @@ -283,11 +281,11 @@ struct secpolicy *currsp = NULL; /* policy on socket */ struct secpolicy *sp; - KASSERT(m != NULL, ("ipsec_getpolicybysock: null mbuf")); - KASSERT(inp != NULL, ("ipsec_getpolicybysock: null inpcb")); - KASSERT(error != NULL, ("ipsec_getpolicybysock: null error")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec_getpolicybysock: invalid direction %u", dir)); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(inp != NULL, ("null inpcb")); + IPSEC_ASSERT(error != NULL, ("null error")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); /* set spidx in pcb */ if (inp->inp_vflag & INP_IPV6PROTO) { @@ -304,7 +302,7 @@ if (*error) return NULL; - KASSERT(pcbsp != NULL, ("ipsec_getpolicybysock: null pcbsp")); + IPSEC_ASSERT(pcbsp != NULL, ("null pcbsp")); switch (dir) { case IPSEC_DIR_INBOUND: currsp = pcbsp->sp_in; @@ -313,7 +311,7 @@ currsp = pcbsp->sp_out; break; } - KASSERT(currsp != NULL, ("ipsec_getpolicybysock: null currsp")); + IPSEC_ASSERT(currsp != NULL, ("null currsp")); if (pcbsp->priv) { /* when privilieged socket */ switch (currsp->policy) { @@ -331,8 +329,8 @@ break; default: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Invalid policy for PCB %d\n", currsp->policy)); + ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n", + __func__, currsp->policy)); *error = EINVAL; return NULL; } @@ -341,9 +339,9 @@ if (sp == NULL) { /* no SP found */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Illegal policy for non-priviliged defined %d\n", - currsp->policy)); + ipseclog((LOG_ERR, "%s: Illegal policy for " + "non-priviliged defined %d\n", + __func__, currsp->policy)); *error = EINVAL; return NULL; @@ -357,20 +355,18 @@ break; default: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Invalid policy for PCB %d\n", currsp->policy)); + ipseclog((LOG_ERR, "%s: Invalid policy for " + "PCB %d\n", __func__, currsp->policy)); *error = EINVAL; return NULL; } } } - KASSERT(sp != NULL, - ("ipsec_getpolicybysock: null SP (priv %u policy %u", - pcbsp->priv, currsp->policy)); + IPSEC_ASSERT(sp != NULL, + ("null SP (priv %u policy %u", pcbsp->priv, currsp->policy)); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP ipsec_getpolicybysock (priv %u policy %u) allocates " - "SP:%p (refcnt %u)\n", pcbsp->priv, currsp->policy, - sp, sp->refcnt)); + printf("DP %s (priv %u policy %u) allocate SP:%p (refcnt %u)\n", + __func__, pcbsp->priv, currsp->policy, sp, sp->refcnt)); return sp; } @@ -394,10 +390,10 @@ struct secpolicyindex spidx; struct secpolicy *sp; - KASSERT(m != NULL, ("ipsec_getpolicybyaddr: null mbuf")); - KASSERT(error != NULL, ("ipsec_getpolicybyaddr: null error")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec4_getpolicybaddr: invalid direction %u", dir)); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(error != NULL, ("null error")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); sp = NULL; if (key_havesp(dir)) { @@ -405,8 +401,8 @@ *error = ipsec_setspidx(m, &spidx, (flag & IP_FORWARDING) ? 0 : 1); if (*error != 0) { - DPRINTF(("ipsec_getpolicybyaddr: setpidx failed," - " dir %u flag %u\n", dir, flag)); + DPRINTF(("%s: setpidx failed, dir %u flag %u\n", + __func__, dir, flag)); bzero(&spidx, sizeof (spidx)); return NULL; } @@ -416,7 +412,7 @@ } if (sp == NULL) /* no SP found, use system default */ sp = KEY_ALLOCSP_DEFAULT(); - KASSERT(sp != NULL, ("ipsec_getpolicybyaddr: null SP")); + IPSEC_ASSERT(sp != NULL, ("null SP")); return sp; } @@ -435,17 +431,15 @@ else sp = ipsec_getpolicybysock(m, dir, inp, error); if (sp == NULL) { - KASSERT(*error != 0, - ("ipsec4_checkpolicy: getpolicy failed w/o error")); + IPSEC_ASSERT(*error != 0, ("getpolicy failed w/o error")); newipsecstat.ips_out_inval++; return NULL; } - KASSERT(*error == 0, - ("ipsec4_checkpolicy: sp w/ error set to %u", *error)); + IPSEC_ASSERT(*error == 0, ("sp w/ error set to %u", *error)); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: - printf("ipsec4_checkpolicy: invalid policy %u\n", sp->policy); + printf("%s: invalid policy %u\n", __func__, sp->policy); /* fall thru... */ case IPSEC_POLICY_DISCARD: newipsecstat.ips_out_polvio++; @@ -475,10 +469,10 @@ { int error; - KASSERT(pcb != NULL, ("ipsec4_setspidx_inpcb: null pcb")); - KASSERT(pcb->inp_sp != NULL, ("ipsec4_setspidx_inpcb: null inp_sp")); - KASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL, - ("ipsec4_setspidx_inpcb: null sp_in || sp_out")); + IPSEC_ASSERT(pcb != NULL, ("null pcb")); + IPSEC_ASSERT(pcb->inp_sp != NULL, ("null inp_sp")); + IPSEC_ASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL, + ("null sp_in || sp_out")); error = ipsec_setspidx(m, &pcb->inp_sp->sp_in->spidx, 1); if (error == 0) { @@ -503,10 +497,10 @@ struct secpolicyindex *spidx; int error; - KASSERT(pcb != NULL, ("ipsec6_setspidx_in6pcb: null pcb")); - KASSERT(pcb->in6p_sp != NULL, ("ipsec6_setspidx_in6pcb: null inp_sp")); - KASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, - ("ipsec6_setspidx_in6pcb: null sp_in || sp_out")); + IPSEC_ASSERT(pcb != NULL, ("null pcb")); + IPSEC_ASSERT(pcb->in6p_sp != NULL, ("null inp_sp")); + IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, + ("null sp_in || sp_out")); bzero(&pcb->in6p_sp->sp_in->spidx, sizeof(*spidx)); bzero(&pcb->in6p_sp->sp_out->spidx, sizeof(*spidx)); @@ -550,7 +544,7 @@ int len; int error; - KASSERT(m != NULL, ("ipsec_setspidx: null mbuf")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); /* * validate m->m_pkthdr.len. we see incorrect length if we @@ -562,18 +556,15 @@ len += n->m_len; if (m->m_pkthdr.len != len) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "total of m_len(%d) != pkthdr.len(%d), " - "ignored.\n", - len, m->m_pkthdr.len)); + printf("%s: pkthdr len(%d) mismatch (%d), ignored.\n", + __func__, len, m->m_pkthdr.len)); return EINVAL; } if (m->m_pkthdr.len < sizeof(struct ip)) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "pkthdr.len(%d) < sizeof(struct ip), ignored.\n", - m->m_pkthdr.len)); + printf("%s: pkthdr len(%d) too small (v4), ignored.\n", + __func__, m->m_pkthdr.len)); return EINVAL; } @@ -599,9 +590,8 @@ case 6: if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "pkthdr.len(%d) < sizeof(struct ip6_hdr), " - "ignored.\n", m->m_pkthdr.len)); + printf("%s: pkthdr len(%d) too small (v6), " + "ignored\n", __func__, m->m_pkthdr.len)); return EINVAL; } error = ipsec6_setspidx_ipaddr(m, spidx); @@ -612,8 +602,8 @@ #endif default: KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "unknown IP version %u, ignored.\n", v)); + printf("%s: " "unknown IP version %u, ignored.\n", + __func__, v)); return EINVAL; } } @@ -625,9 +615,8 @@ int off; /* sanity check */ - KASSERT(m != NULL, ("ipsec4_get_ulp: null mbuf")); - KASSERT(m->m_pkthdr.len >= sizeof(struct ip), - ("ipsec4_get_ulp: packet too short")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short")); /* NB: ip_input() flips it into host endian XXX need more checking */ if (m->m_len < sizeof (struct ip)) { @@ -747,10 +736,10 @@ /* sanity check */ if (m == NULL) - panic("ipsec6_get_ulp: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec6_get_ulp:\n"); kdebug_mbuf(m)); + printf("%s:\n", __func__); kdebug_mbuf(m)); /* set default */ spidx->ul_proto = IPSEC_ULPROTO_ANY; @@ -851,19 +840,16 @@ /* sanity check. */ if (so == NULL || pcb_sp == NULL) - panic("ipsec_init_policy: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); new = (struct inpcbpolicy *) malloc(sizeof(struct inpcbpolicy), M_IPSEC_INPCB, M_NOWAIT|M_ZERO); if (new == NULL) { - ipseclog((LOG_DEBUG, "ipsec_init_policy: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } - if (so->so_cred != 0 && so->so_cred->cr_uid == 0) - new->priv = 1; - else - new->priv = 0; + new->priv = IPSEC_IS_PRIVILEGED_SO(so); if ((new->sp_in = KEY_NEWSP()) == NULL) { ipsec_delpcbpolicy(new); @@ -1005,7 +991,7 @@ xpl = (struct sadb_x_policy *)request; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_set_policy: passed policy\n"); + printf("%s: passed policy\n", __func__); kdebug_sadb_x_policy((struct sadb_ext *)xpl)); /* check policy type */ @@ -1028,7 +1014,7 @@ KEY_FREESP(pcb_sp); *pcb_sp = newsp; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_set_policy: new policy\n"); + printf("%s: new policy\n", __func__); kdebug_secpolicy(newsp)); return 0; @@ -1046,14 +1032,13 @@ *mp = key_sp2msg(pcb_sp); if (!*mp) { - ipseclog((LOG_DEBUG, "ipsec_get_policy: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } (*mp)->m_type = MT_DATA; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_get_policy:\n"); - kdebug_mbuf(*mp)); + printf("%s:\n", __func__); kdebug_mbuf(*mp)); return 0; } @@ -1085,7 +1070,7 @@ pcb_sp = &inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1106,7 +1091,7 @@ /* sanity check. */ if (inp == NULL || request == NULL || mp == NULL) return EINVAL; - KASSERT(inp->inp_sp != NULL, ("ipsec4_get_policy: null inp_sp")); + IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp")); if (len < sizeof(*xpl)) return EINVAL; xpl = (struct sadb_x_policy *)request; @@ -1120,7 +1105,7 @@ pcb_sp = inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1133,7 +1118,7 @@ ipsec4_delete_pcbpolicy(inp) struct inpcb *inp; { - KASSERT(inp != NULL, ("ipsec4_delete_pcbpolicy: null inp")); + IPSEC_ASSERT(inp != NULL, ("null inp")); if (inp->inp_sp == NULL) return 0; @@ -1178,7 +1163,7 @@ pcb_sp = &in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1199,7 +1184,7 @@ /* sanity check. */ if (in6p == NULL || request == NULL || mp == NULL) return EINVAL; - KASSERT(in6p->in6p_sp != NULL, ("ipsec6_get_policy: null in6p_sp")); + IPSEC_ASSERT(in6p->in6p_sp != NULL, ("null in6p_sp")); if (len < sizeof(*xpl)) return EINVAL; xpl = (struct sadb_x_policy *)request; @@ -1213,7 +1198,7 @@ pcb_sp = in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1225,7 +1210,7 @@ ipsec6_delete_pcbpolicy(in6p) struct in6pcb *in6p; { - KASSERT(in6p != NULL, ("ipsec6_delete_pcbpolicy: null in6p")); + IPSEC_ASSERT(in6p != NULL, ("null in6p")); if (in6p->in6p_sp == NULL) return 0; @@ -1255,10 +1240,9 @@ u_int esp_trans_deflev, esp_net_deflev; u_int ah_trans_deflev, ah_net_deflev; - KASSERT(isr != NULL && isr->sp != NULL, - ("ipsec_get_reqlevel: null argument")); - KASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family, - ("ipsec_get_reqlevel: af family mismatch, src %u, dst %u", + IPSEC_ASSERT(isr != NULL && isr->sp != NULL, ("null argument")); + IPSEC_ASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family, + ("af family mismatch, src %u, dst %u", isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family)); @@ -1293,8 +1277,8 @@ break; #endif /* INET6 */ default: - panic("key_get_reqlevel: unknown af %u", - isr->sp->spidx.src.sa.sa_family); + panic("%s: unknown af %u", + __func__, isr->sp->spidx.src.sa.sa_family); } #undef IPSEC_CHECK_DEFAULT @@ -1322,8 +1306,7 @@ level = IPSEC_LEVEL_USE; break; default: - panic("ipsec_get_reqlevel: " - "Illegal protocol defined %u\n", + panic("%s: Illegal protocol defined %u\n", __func__, isr->saidx.proto); } break; @@ -1337,8 +1320,7 @@ break; default: - panic("ipsec_get_reqlevel: Illegal IPsec level %u\n", - isr->level); + panic("%s: Illegal IPsec level %u\n", __func__, isr->level); } return level; @@ -1361,8 +1343,7 @@ int need_auth; KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec_in_reject: using SP\n"); - kdebug_secpolicy(sp)); + printf("%s: using SP\n", __func__); kdebug_secpolicy(sp)); /* check policy */ switch (sp->policy) { @@ -1373,8 +1354,8 @@ return 0; } - KASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("ipsec_in_reject: invalid policy %u", sp->policy)); + IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, + ("invalid policy %u", sp->policy)); /* XXX should compare policy against ipsec header history */ @@ -1386,7 +1367,7 @@ case IPPROTO_ESP: if ((m->m_flags & M_DECRYPTED) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: ESP m_flags:%x\n", + printf("%s: ESP m_flags:%x\n", __func__, m->m_flags)); return 1; } @@ -1396,7 +1377,7 @@ isr->sav->tdb_authalgxform != NULL && (m->m_flags & M_AUTHIPDGM) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: ESP/AH m_flags:%x\n", + printf("%s: ESP/AH m_flags:%x\n", __func__, m->m_flags)); return 1; } @@ -1405,7 +1386,7 @@ need_auth = 1; if ((m->m_flags & M_AUTHIPHDR) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: AH m_flags:%x\n", + printf("%s: AH m_flags:%x\n", __func__, m->m_flags)); return 1; } @@ -1437,7 +1418,7 @@ int error; int result; - KASSERT(m != NULL, ("ipsec4_in_reject_so: null mbuf")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -1512,8 +1493,7 @@ size_t siz; KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec_hdrsiz: using SP\n"); - kdebug_secpolicy(sp)); + printf("%s: using SP\n", __func__); kdebug_secpolicy(sp)); switch (sp->policy) { case IPSEC_POLICY_DISCARD: @@ -1522,8 +1502,8 @@ return 0; } - KASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("ipsec_hdrsiz: invalid policy %u", sp->policy)); + IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, + ("invalid policy %u", sp->policy)); siz = 0; for (isr = sp->req; isr != NULL; isr = isr->next) { @@ -1552,8 +1532,8 @@ break; #endif default: - ipseclog((LOG_ERR, "ipsec_hdrsiz: " - "unknown AF %d in IPsec tunnel SA\n", + ipseclog((LOG_ERR, "%s: unknown AF %d in " + "IPsec tunnel SA\n", __func__, ((struct sockaddr *)&isr->saidx.dst)->sa_family)); break; } @@ -1575,7 +1555,7 @@ int error; size_t size; - KASSERT(m != NULL, ("ipsec4_hdrsiz: null mbuf")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -1589,7 +1569,7 @@ if (sp != NULL) { size = ipsec_hdrsiz(sp); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec4_hdrsiz: size:%lu.\n", + printf("%s: size:%lu.\n", __func__, (unsigned long)size)); KEY_FREESP(&sp); @@ -1613,9 +1593,9 @@ int error; size_t size; - KASSERT(m != NULL, ("ipsec6_hdrsiz: null mbuf")); - KASSERT(in6p == NULL || in6p->in6p_socket != NULL, - ("ipsec6_hdrsize: socket w/o inpcb")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(in6p == NULL || in6p->in6p_socket != NULL, + ("socket w/o inpcb")); /* get SP for this packet */ /* XXX Is it right to call with IP_FORWARDING. */ @@ -1628,7 +1608,7 @@ return 0; size = ipsec_hdrsiz(sp); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec6_hdrsiz: size:%lu.\n", (unsigned long)size)); + printf("%s: size:%lu.\n", __func__, (unsigned long)size)); KEY_FREESP(&sp); return size; @@ -1656,12 +1636,10 @@ u_int32_t wsizeb; /* constant: bits of window size */ int frlast; /* constant: last frame */ -#if 0 - SPLASSERT(net, "ipsec_chkreplay"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(sav != NULL, ("ipsec_chkreplay: Null SA")); - KASSERT(sav->replay != NULL, ("ipsec_chkreplay: Null replay state")); + IPSEC_ASSERT(sav != NULL, ("Null SA")); + IPSEC_ASSERT(sav->replay != NULL, ("Null replay state")); replay = sav->replay; @@ -1718,12 +1696,10 @@ u_int32_t wsizeb; /* constant: bits of window size */ int frlast; /* constant: last frame */ -#if 0 - SPLASSERT(net, "ipsec_updatereplay"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(sav != NULL, ("ipsec_updatereplay: Null SA")); - KASSERT(sav->replay != NULL, ("ipsec_updatereplay: Null replay state")); + IPSEC_ASSERT(sav != NULL, ("Null SA")); + IPSEC_ASSERT(sav->replay != NULL, ("Null replay state")); replay = sav->replay; @@ -1794,8 +1770,8 @@ if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) return 1; - ipseclog((LOG_WARNING, "replay counter made %d cycle. %s\n", - replay->overflow, ipsec_logsastr(sav))); + ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n", + __func__, replay->overflow, ipsec_logsastr(sav))); } replay->count++; @@ -1872,8 +1848,8 @@ char *p; struct secasindex *saidx = &sav->sah->saidx; - KASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, - ("ipsec_logsastr: address family mismatch")); + IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, + ("address family mismatch")); p = buf; snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi)); ==== //depot/projects/netperf/sys/netipsec/ipsec.h#4 (text+ko) ==== @@ -44,6 +44,7 @@ #include <net/pfkeyv2.h> #include <netipsec/keydb.h> +#include <netipsec/ipsec_osdep.h> #ifdef _KERNEL ==== //depot/projects/netperf/sys/netipsec/ipsec_input.c#5 (text+ko) ==== @@ -91,8 +91,6 @@ #include <machine/in_cksum.h> #include <machine/stdarg.h> -#include <net/net_osdep.h> - #define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \ (p) == IPPROTO_AH ? (y)++ : (z)++) @@ -113,7 +111,7 @@ IPSEC_ISTAT(sproto, espstat.esps_input, ahstat.ahs_input, ipcompstat.ipcomps_input); - KASSERT(m != NULL, ("ipsec_common_input: null packet")); + IPSEC_ASSERT(m != NULL, ("null packet")); if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || @@ -128,7 +126,7 @@ m_freem(m); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); - DPRINTF(("ipsec_common_input: packet too small\n")); + DPRINTF(("%s: packet too small\n", __func__)); return EINVAL; } @@ -170,8 +168,7 @@ break; #endif /* INET6 */ default: - DPRINTF(("ipsec_common_input: unsupported protocol " - "family %u\n", af)); + DPRINTF(("%s: unsupported protocol family %u\n", __func__, af)); m_freem(m); IPSEC_ISTAT(sproto, espstat.esps_nopf, ahstat.ahs_nopf, ipcompstat.ipcomps_nopf); @@ -181,9 +178,8 @@ /* NB: only pass dst since key_allocsa follows RFC2401 */ sav = KEY_ALLOCSA(&dst_address, sproto, spi); if (sav == NULL) { - DPRINTF(("ipsec_common_input: no key association found for" - " SA %s/%08lx/%u\n", - ipsec_address(&dst_address), + DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n", + __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); IPSEC_ISTAT(sproto, espstat.esps_notdb, ahstat.ahs_notdb, ipcompstat.ipcomps_notdb); @@ -192,9 +188,8 @@ } if (sav->tdb_xform == NULL) { - DPRINTF(("ipsec_common_input: attempted to use uninitialized" - " SA %s/%08lx/%u\n", - ipsec_address(&dst_address), + DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n", + __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); IPSEC_ISTAT(sproto, espstat.esps_noxform, ahstat.ahs_noxform, ipcompstat.ipcomps_noxform); @@ -266,25 +261,22 @@ struct secasindex *saidx; int error; -#if 0 - SPLASSERT(net, "ipsec4_common_input_cb"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(m != NULL, ("ipsec4_common_input_cb: null mbuf")); - KASSERT(sav != NULL, ("ipsec4_common_input_cb: null SA")); - KASSERT(sav->sah != NULL, ("ipsec4_common_input_cb: null SAH")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; - KASSERT(af == AF_INET, ("ipsec4_common_input_cb: unexpected af %u",af)); + IPSEC_ASSERT(af == AF_INET, ("unexpected af %u", af)); sproto = saidx->proto; - KASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || sproto == IPPROTO_IPCOMP, - ("ipsec4_common_input_cb: unexpected security protocol %u", - sproto)); + ("unexpected security protocol %u", sproto)); /* Sanity check */ if (m == NULL) { - DPRINTF(("ipsec4_common_input_cb: null mbuf")); + DPRINTF(("%s: null mbuf", __func__)); IPSEC_ISTAT(sproto, espstat.esps_badkcr, ahstat.ahs_badkcr, ipcompstat.ipcomps_badkcr); KEY_FREESAV(&sav); @@ -294,9 +286,8 @@ if (skip != 0) { /* Fix IPv4 header */ if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) { - DPRINTF(("ipsec4_common_input_cb: processing failed " - "for SA %s/%08lx\n", - ipsec_address(&sav->sah->saidx.dst), + DPRINTF(("%s: processing failed for SA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); @@ -343,9 +334,9 @@ (saidx->proxy.sa.sa_family != AF_INET && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec4_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, inet_ntoa4(ipn.ip_src), ipsp_address(saidx->proxy), ipsp_address(saidx->dst), @@ -387,9 +378,9 @@ (saidx->proxy.sa.sa_family != AF_INET6 && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec4_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, ip6_sprintf(&ip6n.ip6_src), ipsec_address(&saidx->proxy), ipsec_address(&saidx->dst), @@ -417,7 +408,7 @@ mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsec4_common_input_cb: failed to get tag\n")); + DPRINTF(("%s: failed to get tag\n", __func__)); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); error = ENOMEM; @@ -444,8 +435,8 @@ IPSEC_ISTAT(sproto, espstat.esps_qfull, ahstat.ahs_qfull, ipcompstat.ipcomps_qfull); - DPRINTF(("ipsec4_common_input_cb: queue full; " - "proto %u packet dropped\n", sproto)); + DPRINTF(("%s: queue full; proto %u packet dropped\n", + __func__, sproto)); return ENOBUFS; } return 0; @@ -465,7 +456,7 @@ struct ip6_ext ip6e; if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("ipsec6_common_input: bad offset %u\n", *offp)); + DPRINTF(("%s: bad offset %u\n", __func__, *offp)); return IPPROTO_DONE; } else if (*offp == sizeof(struct ip6_hdr)) { protoff = offsetof(struct ip6_hdr, ip6_nxt); @@ -482,13 +473,13 @@ l = (ip6e.ip6e_len + 2) << 2; else l = (ip6e.ip6e_len + 1) << 3; - KASSERT(l > 0, ("ah6_input: l went zero or negative")); + IPSEC_ASSERT(l > 0, ("l went zero or negative")); } while (protoff + l < *offp); /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("ipsec6_common_input: bad packet header chain, " - "protoff %u, l %u, off %u\n", protoff, l, *offp)); + DPRINTF(("%s: bad packet header chain, protoff %u, " + "l %u, off %u\n", __func__, protoff, l, *offp)); IPSEC_ISTAT(proto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); @@ -595,22 +586,20 @@ u_int8_t nxt8; int error, nest; - KASSERT(m != NULL, ("ipsec6_common_input_cb: null mbuf")); - KASSERT(sav != NULL, ("ipsec6_common_input_cb: null SA")); - KASSERT(sav->sah != NULL, ("ipsec6_common_input_cb: null SAH")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; - KASSERT(af == AF_INET6, - ("ipsec6_common_input_cb: unexpected af %u", af)); + IPSEC_ASSERT(af == AF_INET6, ("unexpected af %u", af)); sproto = saidx->proto; - KASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || sproto == IPPROTO_IPCOMP, - ("ipsec6_common_input_cb: unexpected security protocol %u", - sproto)); + ("unexpected security protocol %u", sproto)); /* Sanity check */ if (m == NULL) { - DPRINTF(("ipsec4_common_input_cb: null mbuf")); + DPRINTF(("%s: null mbuf", __func__)); IPSEC_ISTAT(sproto, espstat.esps_badkcr, ahstat.ahs_badkcr, ipcompstat.ipcomps_badkcr); error = EINVAL; @@ -621,8 +610,8 @@ if (m->m_len < sizeof(struct ip6_hdr) && (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { - DPRINTF(("ipsec_common_input_cb: processing failed " - "for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst), + DPRINTF(("%s: processing failed for SA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, @@ -663,9 +652,9 @@ (saidx->proxy.sa.sa_family != AF_INET && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, inet_ntoa4(ipn.ip_src), ipsec_address(&saidx->proxy), ipsec_address(&saidx->dst), @@ -707,9 +696,9 @@ (saidx->proxy.sa.sa_family != AF_INET6 && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, ip6_sprintf(&ip6n.ip6_src), ipsec_address(&saidx->proxy), ipsec_address(&saidx->dst), @@ -735,8 +724,7 @@ mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsec_common_input_cb: failed to " - "get tag\n")); + DPRINTF(("%s: failed to get tag\n", __func__)); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); error = ENOMEM; ==== //depot/projects/netperf/sys/netipsec/ipsec_mbuf.c#2 (text+ko) ==== @@ -60,7 +60,7 @@ struct mbuf *n, *mfirst, *mlast; int len, off; - KASSERT(m0 != NULL, ("m_clone: null mbuf")); + IPSEC_ASSERT(m0 != NULL, ("null mbuf")); mprev = NULL; for (m = m0; m != NULL; m = mprev->m_next) { @@ -105,8 +105,7 @@ * it anyway, we try to reduce the number of mbufs and * clusters so that future work is easier). */ - KASSERT(m->m_flags & M_EXT, - ("m_clone: m_flags 0x%x", m->m_flags)); + IPSEC_ASSERT(m->m_flags & M_EXT, ("m_flags 0x%x", m->m_flags)); /* NB: we only coalesce into a cluster or larger */ if (mprev != NULL && (mprev->m_flags & M_EXT) && m->m_len <= M_TRAILINGSPACE(mprev)) { @@ -208,8 +207,8 @@ struct mbuf *m; unsigned remain; - KASSERT(m0 != NULL, ("m_dmakespace: null mbuf")); - KASSERT(hlen < MHLEN, ("m_makespace: hlen too big: %u", hlen)); + IPSEC_ASSERT(m0 != NULL, ("null mbuf")); + IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen)); for (m = m0; m && skip > m->m_len; m = m->m_next) skip -= m->m_len; @@ -228,8 +227,7 @@ struct mbuf *n; /* XXX code doesn't handle clusters XXX */ - KASSERT(remain < MLEN, - ("m_makespace: remainder too big: %u", remain)); + IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain)); /* * Not enough space in m, split the contents * of m, inserting new mbufs as required. @@ -313,7 +311,7 @@ caddr_t retval; if (n <= 0) { /* No stupid arguments. */ - DPRINTF(("m_pad: pad length invalid (%d)\n", n)); + DPRINTF(("%s: pad length invalid (%d)\n", __func__, n)); m_freem(m); return NULL; } @@ -323,14 +321,14 @@ m0 = m; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309232122.h8NLMIZM065119>