summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/netinet/ip_ah_new.c87
-rw-r--r--sys/netinet/ip_ah_old.c69
-rw-r--r--sys/netinet/ip_esp_new.c139
-rw-r--r--sys/netinet/ip_esp_old.c126
4 files changed, 121 insertions, 300 deletions
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index 736e288f62e..ed8a442d0ce 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_new.c,v 1.17 1998/05/18 21:10:33 provos Exp $ */
+/* $OpenBSD: ip_ah_new.c,v 1.18 1998/06/03 09:50:18 provos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -71,6 +71,12 @@
#include <netinet/ip_ah.h>
#include <sys/syslog.h>
+#ifdef ENCDEBUG
+#define DPRINTF(x) if (encdebug) printf x
+#else
+#define DPRINTF(x)
+#endif
+
extern void encap_sendnotify(int, struct tdb *, void *);
struct ah_hash ah_new_hash[] = {
@@ -105,10 +111,7 @@ struct ah_hash ah_new_hash[] = {
int
ah_new_attach()
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_attach(): setting up\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_attach(): setting up\n"));
return 0;
}
@@ -131,10 +134,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
{
if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_init(): m_pullup failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_init(): m_pullup failed\n"));
return ENOBUFS;
}
}
@@ -160,11 +160,8 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
log(LOG_WARNING, "ah_new_init(): unsupported authentication algorithm %d specified\n", txd.amx_hash_algorithm);
return EINVAL;
}
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_init(): initalized TDB with hash algorithm %d: %s\n",
- txd.amx_hash_algorithm, ah_new_hash[i].name);
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_init(): initalized TDB with hash algorithm %d: %s\n",
+ txd.amx_hash_algorithm, ah_new_hash[i].name));
thash = &ah_new_hash[i];
blocklen = HMAC_BLOCK_LEN;
@@ -180,10 +177,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
M_XDATA, M_WAITOK);
if (tdbp->tdb_xdata == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_init(): MALLOC failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_init(): MALLOC failed\n"));
return ENOBUFS;
}
@@ -192,10 +186,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
M_TEMP, M_WAITOK);
if (buffer == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_init(): MALLOC failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_init(): MALLOC failed\n"));
free(tdbp->tdb_xdata, M_XDATA);
return ENOBUFS;
}
@@ -254,10 +245,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
int
ah_new_zeroize(struct tdb *tdbp)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_zeroize(): freeing memory\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_zeroize(): freeing memory\n"));
if (tdbp->tdb_xdata)
{
FREE(tdbp->tdb_xdata, M_XDATA);
@@ -299,10 +287,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
if ((m = m_pullup(m, ohlen)) == NULL)
{
ahstat.ahs_hdrops++;
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_input(): (possibly too short) packet dropped\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_input(): (possibly too short) packet dropped\n"));
return NULL;
}
}
@@ -315,10 +300,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
if ((m = m_pullup(m, ohlen - sizeof (struct ip) +
(ip->ip_hl << 2))) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_input(): m_pullup() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_input(): m_pullup() failed\n"));
ahstat.ahs_hdrops++;
return NULL;
}
@@ -332,10 +314,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
if (ah->ah_hl * sizeof(u_int32_t) != AH_HMAC_HASHLEN + AH_HMAC_RPLENGTH)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_input(): bad authenticator length for packet from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_input(): bad authenticator length for packet from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi)));
ahstat.ahs_badauthl++;
m_freem(m);
return NULL;
@@ -573,11 +552,8 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m = m_pullup(m, sizeof(struct ip));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -589,11 +565,8 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
if ((m = m_pullup(m, ip->ip_hl << 2)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_output(): m_pullup() failed, SA &x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_output(): m_pullup() failed, SA &x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
ahstat.ahs_hdrops++;
return NULL;
}
@@ -605,11 +578,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m_copydata(m, sizeof(struct ip), (ip->ip_hl << 2) - sizeof(struct ip),
(caddr_t) opts);
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_output(): using hash algorithm %s\n",
- xd->amx_hash->name);
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_output(): using hash algorithm %s\n", xd->amx_hash->name));
ilen = ntohs(ip->ip_len);
@@ -646,7 +615,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
aho.ah_rpl = htonl(xd->amx_rpl++);
- bcopy(&(xd->amx_ictx), &ctx, xd->amx_hash->ctxsize);
+ bcopy((caddr_t)&(xd->amx_ictx), (caddr_t)&ctx, xd->amx_hash->ctxsize);
xd->amx_hash->Update(&ctx, (unsigned char *) &ipo, sizeof(struct ip));
/* Options */
@@ -721,20 +690,14 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
M_PREPEND(m, ohlen, M_DONTWAIT);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
m = m_pullup(m, ohlen + (ipo.ip_hl << 2));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_new_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_new_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c
index c93f46a6a2d..2b4bd0d3fb1 100644
--- a/sys/netinet/ip_ah_old.c
+++ b/sys/netinet/ip_ah_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_old.c,v 1.14 1998/05/18 21:10:34 provos Exp $ */
+/* $OpenBSD: ip_ah_old.c,v 1.15 1998/06/03 09:50:19 provos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -70,6 +70,12 @@
#include <netinet/ip_ah.h>
#include <sys/syslog.h>
+#ifdef ENCDEBUG
+#define DPRINTF(x) if (encdebug) printf x
+#else
+#define DPRINTF(x)
+#endif
+
extern void encap_sendnotify(int, struct tdb *, void *);
struct ah_hash ah_old_hash[] = {
@@ -96,10 +102,7 @@ struct ah_hash ah_old_hash[] = {
int
ah_old_attach()
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_attach(): setting up\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_attach(): setting up\n"));
return 0;
}
@@ -121,10 +124,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
{
if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_init(): m_pullup failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_init(): m_pullup failed\n"));
return ENOBUFS;
}
}
@@ -152,11 +152,8 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
m_freem(m);
return EINVAL;
}
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_init(): initalized TDB with hash algorithm %d: %s\n",
- xenc.amx_hash_algorithm, ah_old_hash[i].name);
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_init(): initalized TDB with hash algorithm %d: %s\n",
+ xenc.amx_hash_algorithm, ah_old_hash[i].name));
thash = &ah_old_hash[i];
if (xenc.amx_keylen + EMT_SETSPI_FLEN + AH_OLD_XENCAP_LEN != em->em_msglen)
@@ -171,10 +168,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
xenc.amx_keylen, M_XDATA, M_WAITOK);
if (tdbp->tdb_xdata == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_init(): MALLOC() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_init(): MALLOC() failed\n"));
return ENOBUFS;
}
@@ -211,10 +205,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
int
ah_old_zeroize(struct tdb *tdbp)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_zeroize(): freeing memory\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_zeroize(): freeing memory\n"));
if (tdbp->tdb_xdata)
{
FREE(tdbp->tdb_xdata, M_XDATA);
@@ -255,10 +246,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
{
if ((m = m_pullup(m, ohlen)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_input(): m_pullup() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_input(): m_pullup() failed\n"));
ahstat.ahs_hdrops++;
return NULL;
}
@@ -271,10 +259,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
if ((m = m_pullup(m, ohlen - sizeof (struct ip) +
(ip->ip_hl << 2))) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_input(): m_pullup() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_input(): m_pullup() failed\n"));
ahstat.ahs_hdrops++;
return NULL;
}
@@ -472,11 +457,8 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m = m_pullup(m, sizeof(struct ip));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -488,11 +470,8 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
if ((m = m_pullup(m, ip->ip_hl << 2)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_output(): m_pullup() failed, SA &x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_output(): m_pullup() failed, SA &x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
ahstat.ahs_hdrops++;
return NULL;
}
@@ -606,20 +585,14 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
M_PREPEND(m, ohlen, M_DONTWAIT);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
m = m_pullup(m, ohlen + (ipo.ip_hl << 2));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("ah_old_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("ah_old_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index 2b775a1bdd2..81012c8e1e1 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_new.c,v 1.20 1998/05/24 22:56:29 provos Exp $ */
+/* $OpenBSD: ip_esp_new.c,v 1.21 1998/06/03 09:50:21 provos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -71,6 +71,12 @@
#include <netinet/ip_ah.h>
#include <sys/syslog.h>
+#ifdef ENCDEBUG
+#define DPRINTF(x) if (encdebug) printf x
+#else
+#define DPRINTF(x)
+#endif
+
extern void encap_sendnotify(int, struct tdb *, void *);
extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
@@ -206,10 +212,7 @@ cast5_decrypt(void *pxd, u_int8_t *blk)
int
esp_new_attach()
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_attach(): setting up\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_attach(): setting up\n"));
return 0;
}
@@ -235,10 +238,7 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
{
if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): m_pullup failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_init(): m_pullup failed\n"));
return ENOBUFS;
}
}
@@ -266,11 +266,8 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
}
txform = &esp_new_xform[i];
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): initialized TDB with enc algorithm %d: %s\n",
- txd.edx_enc_algorithm, esp_new_xform[i].name);
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_init(): initialized TDB with enc algorithm %d: %s\n",
+ txd.edx_enc_algorithm, esp_new_xform[i].name));
/* Check whether the authentication algorithm is supported */
if (txd.edx_flags & ESP_NEW_FLAG_AUTH)
@@ -286,11 +283,8 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
return EINVAL;
}
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): initialized TDB with hash algorithm %d: %s\n",
- txd.edx_hash_algorithm, esp_new_hash[i].name);
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_init(): initialized TDB with hash algorithm %d: %s\n",
+ txd.edx_hash_algorithm, esp_new_hash[i].name));
blocklen = HMAC_BLOCK_LEN;
thash = &esp_new_hash[i];
}
@@ -329,10 +323,7 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
M_XDATA, M_WAITOK);
if (tdbp->tdb_xdata == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): MALLOC() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_init(): MALLOC() failed\n"));
return ENOBUFS;
}
@@ -389,21 +380,15 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
/* Pass name of auth algorithm for kernfs */
tdbp->tdb_authname = xd->edx_hash->name;
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): using %d bytes of authentication key\n",
- txd.edx_authkeylen);
-#endif
+ DPRINTF(("esp_new_init(): using %d bytes of authentication key\n",
+ txd.edx_authkeylen));
MALLOC(buffer, caddr_t,
txd.edx_authkeylen < blocklen ? blocklen : txd.edx_authkeylen,
M_TEMP, M_WAITOK);
if (buffer == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_init(): MALLOC() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_init(): MALLOC() failed\n"));
free(tdbp->tdb_xdata, M_XDATA);
return ENOBUFS;
}
@@ -451,10 +436,7 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
int
esp_new_zeroize(struct tdb *tdbp)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_zeroize(): freeing memory\n");
-#endif ENCDEBUG
+ DPRINTF(("esp_new_zeroize(): freeing memory\n"));
if (tdbp->tdb_xdata)
{
FREE(tdbp->tdb_xdata, M_XDATA);
@@ -497,10 +479,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
{
if ((m = m_pullup(m, sizeof(struct ip))) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): (possibly too short) packet dropped\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): (possibly too short) packet dropped\n"));
espstat.esps_hdrops++;
return NULL;
}
@@ -514,10 +493,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
{
if ((m = m_pullup(m, ohlen + blks)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): m_pullup() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): m_pullup() failed\n"));
espstat.esps_hdrops++;
return NULL;
}
@@ -563,10 +539,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
if ((plen & (blks - 1)) || (plen <= 0))
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return NULL;
@@ -695,11 +668,8 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
{
if ((mi = m_pullup(mi, blks - rest)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
espstat.esps_hdrops++;
return NULL;
}
@@ -773,10 +743,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
{
if (blk[6] + 2 + alen > m->m_pkthdr.len - (ip->ip_hl << 2) - 2 * sizeof(u_int32_t) - xd->edx_ivlen)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return NULL;
@@ -795,10 +762,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
{
if (blk[6] + 1 + alen > m->m_pkthdr.len - (ip->ip_hl << 2) - 2 * sizeof(u_int32_t) - xd->edx_ivlen)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return NULL;
@@ -829,10 +793,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
m = m_pullup(m, (ipo.ip_hl << 2));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return NULL;
}
}
@@ -931,11 +892,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if (xd->edx_flags & ESP_NEW_FLAG_AUTH)
{
alen = AH_HMAC_HASHLEN;
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): using hash algorithm: %s\n",
- xd->edx_hash->name);
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_output(): using hash algorithm: %s\n", xd->edx_hash->name));
}
else
alen = 0;
@@ -945,11 +902,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m = m_pullup(m, sizeof (struct ip)); /* Get IP header in one mbuf */
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -977,11 +931,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m = m_pullup(m, iphlen + 8);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_input(): m_pullup() failed for SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_input(): m_pullup() failed for SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -1005,11 +956,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
pad = (u_char *) m_pad(m, padding + alen);
if (pad == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): m_pad() failed for SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_output(): m_pad() failed for SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -1075,11 +1023,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
if ((mi = m_pullup(mi, blks - rest)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
}
@@ -1150,22 +1095,16 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
M_PREPEND(m, ohlen, M_DONTWAIT);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): M_PREPEND failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_output(): M_PREPEND failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
m = m_pullup(m, iphlen + ohlen);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_new_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_new_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c
index 43fe771e4b1..ad9f3af08a9 100644
--- a/sys/netinet/ip_esp_old.c
+++ b/sys/netinet/ip_esp_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_old.c,v 1.17 1998/05/18 21:10:45 provos Exp $ */
+/* $OpenBSD: ip_esp_old.c,v 1.18 1998/06/03 09:50:22 provos Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -71,6 +71,12 @@
#include <dev/rndvar.h>
#include <sys/syslog.h>
+#ifdef ENCDEBUG
+#define DPRINTF(x) if (encdebug) printf x
+#else
+#define DPRINTF(x)
+#endif
+
extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
extern void des_set_key(caddr_t, caddr_t);
@@ -132,10 +138,7 @@ des3_decrypt(void *pxd, u_int8_t *blk)
int
esp_old_attach()
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_attach(): setting up\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_attach(): setting up\n"));
return 0;
}
@@ -159,10 +162,7 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
{
if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_init(): m_pullup failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_init(): m_pullup failed\n"));
return ENOBUFS;
}
}
@@ -190,11 +190,8 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
}
txform = &esp_old_xform[i];
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_init(): initialized TDB with enc algorithm %d: %s\n",
- xenc.edx_enc_algorithm, esp_old_xform[i].name);
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_init(): initialized TDB with enc algorithm %d: %s\n",
+ xenc.edx_enc_algorithm, esp_old_xform[i].name));
if (xenc.edx_ivlen + xenc.edx_keylen + EMT_SETSPI_FLEN +
ESP_OLD_XENCAP_LEN != em->em_msglen)
@@ -229,10 +226,7 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
M_XDATA, M_WAITOK);
if (tdbp->tdb_xdata == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_init(): MALLOC() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_init(): MALLOC() failed\n"));
return ENOBUFS;
}
@@ -281,10 +275,7 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m)
int
esp_old_zeroize(struct tdb *tdbp)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_zeroize(): freeing memory\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_zeroize(): freeing memory\n"));
if (tdbp->tdb_xdata)
{
FREE(tdbp->tdb_xdata, M_XDATA);
@@ -315,10 +306,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
{
if ((m = m_pullup(m, sizeof(struct ip))) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_input(): m_pullup() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_input(): m_pullup() failed\n"));
espstat.esps_hdrops++;
return NULL;
}
@@ -332,10 +320,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
{
if ((m = m_pullup(m, ohlen + blks)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_input(): m_pullup() failed\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_input(): m_pullup() failed\n"));
espstat.esps_hdrops++;
return NULL;
}
@@ -352,10 +337,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
xd->edx_ivlen;
if ((plen & (blks - 1)) || (plen <= 0))
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return NULL;
@@ -429,11 +411,8 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
{
if ((mi = m_pullup(mi, blks - rest)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_input(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_input(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
espstat.esps_hdrops++;
return NULL;
}
@@ -507,10 +486,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
if (blk[6] + 2 > m->m_pkthdr.len - (ip->ip_hl << 2) - sizeof(u_int32_t) -
xd->edx_ivlen)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)));
espstat.esps_badilen++;
m_freem(m);
return NULL;
@@ -524,10 +500,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
m = m_pullup(m, (ipo.ip_hl << 2));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return NULL;
}
}
@@ -611,11 +584,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m = m_pullup(m, sizeof(struct ip));
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_output(): m_pullup() failed for SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_output(): m_pullup() failed for SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -631,11 +601,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
m = m_pullup(m, iphlen);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_output(): m_pullup() failed for SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_output(): m_pullup() failed for SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -658,11 +625,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
pad = (u_char *) m_pad(m, padding);
if (pad == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_output(): m_pad() failed for SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_output(): m_pad() failed for SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -720,11 +684,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
{
if ((mi = m_pullup(mi, blks - rest)) == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
}
@@ -776,22 +737,16 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
M_PREPEND(m, ohlen, M_DONTWAIT);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_output(): M_PREPEND failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_output(): M_PREPEND failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
m = m_pullup(m, iphlen + ohlen);
if (m == NULL)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("esp_old_output(): m_pullup() failed, SA %x/%08x\n",
- tdb->tdb_dst, ntohl(tdb->tdb_spi));
-#endif /* ENCDEBUG */
+ DPRINTF(("esp_old_output(): m_pullup() failed, SA %x/%08x\n",
+ tdb->tdb_dst, ntohl(tdb->tdb_spi)));
return ENOBUFS;
}
@@ -886,10 +841,7 @@ m_pad(struct mbuf *m, int n)
if (n <= 0) /* no stupid arguments */
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("m_pad(): pad length invalid (%d)\n", n);
-#endif /* ENCDEBUG */
+ DPRINTF(("m_pad(): pad length invalid (%d)\n", n));
return NULL;
}
@@ -906,11 +858,8 @@ m_pad(struct mbuf *m, int n)
if (m0->m_len != len)
{
-#ifdef ENCDEBUG
- if (encdebug)
- printf("m_pad(): length mismatch (should be %d instead of %d)\n",
- m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len);
-#endif /* ENCDEBUG */
+ DPRINTF(("m_pad(): length mismatch (should be %d instead of %d)\n",
+ m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len));
m_freem(m);
return NULL;
}
@@ -926,10 +875,7 @@ m_pad(struct mbuf *m, int n)
if (m1 == 0)
{
m_freem(m0);
-#ifdef ENCDEBUG
- if (encdebug)
- printf("m_pad(): cannot append\n");
-#endif /* ENCDEBUG */
+ DPRINTF(("m_pad(): cannot append\n"));
return NULL;
}