diff options
-rw-r--r-- | sys/netinet/ip_ah_new.c | 87 | ||||
-rw-r--r-- | sys/netinet/ip_ah_old.c | 69 | ||||
-rw-r--r-- | sys/netinet/ip_esp_new.c | 139 | ||||
-rw-r--r-- | sys/netinet/ip_esp_old.c | 126 |
4 files changed, 121 insertions, 300 deletions
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c index 736e288f62e..ed8a442d0ce 100644 --- a/sys/netinet/ip_ah_new.c +++ b/sys/netinet/ip_ah_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_new.c,v 1.17 1998/05/18 21:10:33 provos Exp $ */ +/* $OpenBSD: ip_ah_new.c,v 1.18 1998/06/03 09:50:18 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -71,6 +71,12 @@ #include <netinet/ip_ah.h> #include <sys/syslog.h> +#ifdef ENCDEBUG +#define DPRINTF(x) if (encdebug) printf x +#else +#define DPRINTF(x) +#endif + extern void encap_sendnotify(int, struct tdb *, void *); struct ah_hash ah_new_hash[] = { @@ -105,10 +111,7 @@ struct ah_hash ah_new_hash[] = { int ah_new_attach() { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_attach(): setting up\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_attach(): setting up\n")); return 0; } @@ -131,10 +134,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) { if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_init(): m_pullup failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_init(): m_pullup failed\n")); return ENOBUFS; } } @@ -160,11 +160,8 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) log(LOG_WARNING, "ah_new_init(): unsupported authentication algorithm %d specified\n", txd.amx_hash_algorithm); return EINVAL; } -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_init(): initalized TDB with hash algorithm %d: %s\n", - txd.amx_hash_algorithm, ah_new_hash[i].name); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_init(): initalized TDB with hash algorithm %d: %s\n", + txd.amx_hash_algorithm, ah_new_hash[i].name)); thash = &ah_new_hash[i]; blocklen = HMAC_BLOCK_LEN; @@ -180,10 +177,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) M_XDATA, M_WAITOK); if (tdbp->tdb_xdata == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_init(): MALLOC failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_init(): MALLOC failed\n")); return ENOBUFS; } @@ -192,10 +186,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) M_TEMP, M_WAITOK); if (buffer == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_init(): MALLOC failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_init(): MALLOC failed\n")); free(tdbp->tdb_xdata, M_XDATA); return ENOBUFS; } @@ -254,10 +245,7 @@ ah_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) int ah_new_zeroize(struct tdb *tdbp) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_zeroize(): freeing memory\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_zeroize(): freeing memory\n")); if (tdbp->tdb_xdata) { FREE(tdbp->tdb_xdata, M_XDATA); @@ -299,10 +287,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb) if ((m = m_pullup(m, ohlen)) == NULL) { ahstat.ahs_hdrops++; -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_input(): (possibly too short) packet dropped\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_input(): (possibly too short) packet dropped\n")); return NULL; } } @@ -315,10 +300,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb) if ((m = m_pullup(m, ohlen - sizeof (struct ip) + (ip->ip_hl << 2))) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_input(): m_pullup() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_input(): m_pullup() failed\n")); ahstat.ahs_hdrops++; return NULL; } @@ -332,10 +314,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb) if (ah->ah_hl * sizeof(u_int32_t) != AH_HMAC_HASHLEN + AH_HMAC_RPLENGTH) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_input(): bad authenticator length for packet from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_input(): bad authenticator length for packet from %x to %x, spi %08x\n", ip->ip_src, ip->ip_dst, ntohl(ah->ah_spi))); ahstat.ahs_badauthl++; m_freem(m); return NULL; @@ -573,11 +552,8 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m = m_pullup(m, sizeof(struct ip)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -589,11 +565,8 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, { if ((m = m_pullup(m, ip->ip_hl << 2)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_output(): m_pullup() failed, SA &x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_output(): m_pullup() failed, SA &x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); ahstat.ahs_hdrops++; return NULL; } @@ -605,11 +578,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m_copydata(m, sizeof(struct ip), (ip->ip_hl << 2) - sizeof(struct ip), (caddr_t) opts); -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_output(): using hash algorithm %s\n", - xd->amx_hash->name); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_output(): using hash algorithm %s\n", xd->amx_hash->name)); ilen = ntohs(ip->ip_len); @@ -646,7 +615,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, aho.ah_rpl = htonl(xd->amx_rpl++); - bcopy(&(xd->amx_ictx), &ctx, xd->amx_hash->ctxsize); + bcopy((caddr_t)&(xd->amx_ictx), (caddr_t)&ctx, xd->amx_hash->ctxsize); xd->amx_hash->Update(&ctx, (unsigned char *) &ipo, sizeof(struct ip)); /* Options */ @@ -721,20 +690,14 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, M_PREPEND(m, ohlen, M_DONTWAIT); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } m = m_pullup(m, ohlen + (ipo.ip_hl << 2)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_new_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_new_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c index c93f46a6a2d..2b4bd0d3fb1 100644 --- a/sys/netinet/ip_ah_old.c +++ b/sys/netinet/ip_ah_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_old.c,v 1.14 1998/05/18 21:10:34 provos Exp $ */ +/* $OpenBSD: ip_ah_old.c,v 1.15 1998/06/03 09:50:19 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -70,6 +70,12 @@ #include <netinet/ip_ah.h> #include <sys/syslog.h> +#ifdef ENCDEBUG +#define DPRINTF(x) if (encdebug) printf x +#else +#define DPRINTF(x) +#endif + extern void encap_sendnotify(int, struct tdb *, void *); struct ah_hash ah_old_hash[] = { @@ -96,10 +102,7 @@ struct ah_hash ah_old_hash[] = { int ah_old_attach() { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_attach(): setting up\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_attach(): setting up\n")); return 0; } @@ -121,10 +124,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) { if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_init(): m_pullup failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_init(): m_pullup failed\n")); return ENOBUFS; } } @@ -152,11 +152,8 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) m_freem(m); return EINVAL; } -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_init(): initalized TDB with hash algorithm %d: %s\n", - xenc.amx_hash_algorithm, ah_old_hash[i].name); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_init(): initalized TDB with hash algorithm %d: %s\n", + xenc.amx_hash_algorithm, ah_old_hash[i].name)); thash = &ah_old_hash[i]; if (xenc.amx_keylen + EMT_SETSPI_FLEN + AH_OLD_XENCAP_LEN != em->em_msglen) @@ -171,10 +168,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) xenc.amx_keylen, M_XDATA, M_WAITOK); if (tdbp->tdb_xdata == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_init(): MALLOC() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_init(): MALLOC() failed\n")); return ENOBUFS; } @@ -211,10 +205,7 @@ ah_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) int ah_old_zeroize(struct tdb *tdbp) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_zeroize(): freeing memory\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_zeroize(): freeing memory\n")); if (tdbp->tdb_xdata) { FREE(tdbp->tdb_xdata, M_XDATA); @@ -255,10 +246,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb) { if ((m = m_pullup(m, ohlen)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_input(): m_pullup() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_input(): m_pullup() failed\n")); ahstat.ahs_hdrops++; return NULL; } @@ -271,10 +259,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb) if ((m = m_pullup(m, ohlen - sizeof (struct ip) + (ip->ip_hl << 2))) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_input(): m_pullup() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_input(): m_pullup() failed\n")); ahstat.ahs_hdrops++; return NULL; } @@ -472,11 +457,8 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m = m_pullup(m, sizeof(struct ip)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -488,11 +470,8 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, { if ((m = m_pullup(m, ip->ip_hl << 2)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_output(): m_pullup() failed, SA &x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_output(): m_pullup() failed, SA &x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); ahstat.ahs_hdrops++; return NULL; } @@ -606,20 +585,14 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, M_PREPEND(m, ohlen, M_DONTWAIT); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_output(): M_PREPEND() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } m = m_pullup(m, ohlen + (ipo.ip_hl << 2)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("ah_old_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("ah_old_output(): m_pullup() failed for packet from %x to %x, spi %08x\n", ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index 2b775a1bdd2..81012c8e1e1 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.20 1998/05/24 22:56:29 provos Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.21 1998/06/03 09:50:21 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -71,6 +71,12 @@ #include <netinet/ip_ah.h> #include <sys/syslog.h> +#ifdef ENCDEBUG +#define DPRINTF(x) if (encdebug) printf x +#else +#define DPRINTF(x) +#endif + extern void encap_sendnotify(int, struct tdb *, void *); extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int); extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int); @@ -206,10 +212,7 @@ cast5_decrypt(void *pxd, u_int8_t *blk) int esp_new_attach() { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_attach(): setting up\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_attach(): setting up\n")); return 0; } @@ -235,10 +238,7 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) { if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_init(): m_pullup failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_init(): m_pullup failed\n")); return ENOBUFS; } } @@ -266,11 +266,8 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) } txform = &esp_new_xform[i]; -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_init(): initialized TDB with enc algorithm %d: %s\n", - txd.edx_enc_algorithm, esp_new_xform[i].name); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_init(): initialized TDB with enc algorithm %d: %s\n", + txd.edx_enc_algorithm, esp_new_xform[i].name)); /* Check whether the authentication algorithm is supported */ if (txd.edx_flags & ESP_NEW_FLAG_AUTH) @@ -286,11 +283,8 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) return EINVAL; } -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_init(): initialized TDB with hash algorithm %d: %s\n", - txd.edx_hash_algorithm, esp_new_hash[i].name); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_init(): initialized TDB with hash algorithm %d: %s\n", + txd.edx_hash_algorithm, esp_new_hash[i].name)); blocklen = HMAC_BLOCK_LEN; thash = &esp_new_hash[i]; } @@ -329,10 +323,7 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) M_XDATA, M_WAITOK); if (tdbp->tdb_xdata == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_init(): MALLOC() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_init(): MALLOC() failed\n")); return ENOBUFS; } @@ -389,21 +380,15 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) /* Pass name of auth algorithm for kernfs */ tdbp->tdb_authname = xd->edx_hash->name; -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_init(): using %d bytes of authentication key\n", - txd.edx_authkeylen); -#endif + DPRINTF(("esp_new_init(): using %d bytes of authentication key\n", + txd.edx_authkeylen)); MALLOC(buffer, caddr_t, txd.edx_authkeylen < blocklen ? blocklen : txd.edx_authkeylen, M_TEMP, M_WAITOK); if (buffer == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_init(): MALLOC() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_init(): MALLOC() failed\n")); free(tdbp->tdb_xdata, M_XDATA); return ENOBUFS; } @@ -451,10 +436,7 @@ esp_new_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) int esp_new_zeroize(struct tdb *tdbp) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_zeroize(): freeing memory\n"); -#endif ENCDEBUG + DPRINTF(("esp_new_zeroize(): freeing memory\n")); if (tdbp->tdb_xdata) { FREE(tdbp->tdb_xdata, M_XDATA); @@ -497,10 +479,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): (possibly too short) packet dropped\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): (possibly too short) packet dropped\n")); espstat.esps_hdrops++; return NULL; } @@ -514,10 +493,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { if ((m = m_pullup(m, ohlen + blks)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): m_pullup() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): m_pullup() failed\n")); espstat.esps_hdrops++; return NULL; } @@ -563,10 +539,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) if ((plen & (blks - 1)) || (plen <= 0)) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi))); espstat.esps_badilen++; m_freem(m); return NULL; @@ -695,11 +668,8 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { if ((mi = m_pullup(mi, blks - rest)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); espstat.esps_hdrops++; return NULL; } @@ -773,10 +743,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { if (blk[6] + 2 + alen > m->m_pkthdr.len - (ip->ip_hl << 2) - 2 * sizeof(u_int32_t) - xd->edx_ivlen) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi))); espstat.esps_badilen++; m_freem(m); return NULL; @@ -795,10 +762,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { if (blk[6] + 1 + alen > m->m_pkthdr.len - (ip->ip_hl << 2) - 2 * sizeof(u_int32_t) - xd->edx_ivlen) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi))); espstat.esps_badilen++; m_freem(m); return NULL; @@ -829,10 +793,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) m = m_pullup(m, (ipo.ip_hl << 2)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi))); return NULL; } } @@ -931,11 +892,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if (xd->edx_flags & ESP_NEW_FLAG_AUTH) { alen = AH_HMAC_HASHLEN; -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_output(): using hash algorithm: %s\n", - xd->edx_hash->name); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_output(): using hash algorithm: %s\n", xd->edx_hash->name)); } else alen = 0; @@ -945,11 +902,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m = m_pullup(m, sizeof (struct ip)); /* Get IP header in one mbuf */ if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -977,11 +931,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m = m_pullup(m, iphlen + 8); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_input(): m_pullup() failed for SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_input(): m_pullup() failed for SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -1005,11 +956,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, pad = (u_char *) m_pad(m, padding + alen); if (pad == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_output(): m_pad() failed for SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_output(): m_pad() failed for SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -1075,11 +1023,8 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, { if ((mi = m_pullup(mi, blks - rest)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } } @@ -1150,22 +1095,16 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, M_PREPEND(m, ohlen, M_DONTWAIT); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_output(): M_PREPEND failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_output(): M_PREPEND failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } m = m_pullup(m, iphlen + ohlen); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_new_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_new_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c index 43fe771e4b1..ad9f3af08a9 100644 --- a/sys/netinet/ip_esp_old.c +++ b/sys/netinet/ip_esp_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_old.c,v 1.17 1998/05/18 21:10:45 provos Exp $ */ +/* $OpenBSD: ip_esp_old.c,v 1.18 1998/06/03 09:50:22 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -71,6 +71,12 @@ #include <dev/rndvar.h> #include <sys/syslog.h> +#ifdef ENCDEBUG +#define DPRINTF(x) if (encdebug) printf x +#else +#define DPRINTF(x) +#endif + extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int); extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int); extern void des_set_key(caddr_t, caddr_t); @@ -132,10 +138,7 @@ des3_decrypt(void *pxd, u_int8_t *blk) int esp_old_attach() { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_attach(): setting up\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_attach(): setting up\n")); return 0; } @@ -159,10 +162,7 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) { if ((m = m_pullup(m, ENCAP_MSG_FIXED_LEN)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_init(): m_pullup failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_init(): m_pullup failed\n")); return ENOBUFS; } } @@ -190,11 +190,8 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) } txform = &esp_old_xform[i]; -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_init(): initialized TDB with enc algorithm %d: %s\n", - xenc.edx_enc_algorithm, esp_old_xform[i].name); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_init(): initialized TDB with enc algorithm %d: %s\n", + xenc.edx_enc_algorithm, esp_old_xform[i].name)); if (xenc.edx_ivlen + xenc.edx_keylen + EMT_SETSPI_FLEN + ESP_OLD_XENCAP_LEN != em->em_msglen) @@ -229,10 +226,7 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) M_XDATA, M_WAITOK); if (tdbp->tdb_xdata == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_init(): MALLOC() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_init(): MALLOC() failed\n")); return ENOBUFS; } @@ -281,10 +275,7 @@ esp_old_init(struct tdb *tdbp, struct xformsw *xsp, struct mbuf *m) int esp_old_zeroize(struct tdb *tdbp) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_zeroize(): freeing memory\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_zeroize(): freeing memory\n")); if (tdbp->tdb_xdata) { FREE(tdbp->tdb_xdata, M_XDATA); @@ -315,10 +306,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) { if ((m = m_pullup(m, sizeof(struct ip))) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_input(): m_pullup() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_input(): m_pullup() failed\n")); espstat.esps_hdrops++; return NULL; } @@ -332,10 +320,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) { if ((m = m_pullup(m, ohlen + blks)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_input(): m_pullup() failed\n"); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_input(): m_pullup() failed\n")); espstat.esps_hdrops++; return NULL; } @@ -352,10 +337,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) xd->edx_ivlen; if ((plen & (blks - 1)) || (plen <= 0)) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_input(): payload not a multiple of %d octets for packet from %x to %x, spi %08x\n", blks, ipo.ip_src, ipo.ip_dst, ntohl(tdb->tdb_spi))); espstat.esps_badilen++; m_freem(m); return NULL; @@ -429,11 +411,8 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) { if ((mi = m_pullup(mi, blks - rest)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_input(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_input(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); espstat.esps_hdrops++; return NULL; } @@ -507,10 +486,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) if (blk[6] + 2 > m->m_pkthdr.len - (ip->ip_hl << 2) - sizeof(u_int32_t) - xd->edx_ivlen) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_input(): invalid padding length %d for packet from %x to %x, SA %x/%08x\n", blk[6], ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi))); espstat.esps_badilen++; m_freem(m); return NULL; @@ -524,10 +500,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) m = m_pullup(m, (ipo.ip_hl << 2)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_input(): m_pullup() failed for packet from %x to %x, SA %x/%08x\n", ipo.ip_src, ipo.ip_dst, tdb->tdb_dst, ntohl(tdb->tdb_spi))); return NULL; } } @@ -611,11 +584,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m = m_pullup(m, sizeof(struct ip)); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_output(): m_pullup() failed for SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_output(): m_pullup() failed for SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -631,11 +601,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, m = m_pullup(m, iphlen); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_output(): m_pullup() failed for SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_output(): m_pullup() failed for SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -658,11 +625,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, pad = (u_char *) m_pad(m, padding); if (pad == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_output(): m_pad() failed for SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_output(): m_pad() failed for SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -720,11 +684,8 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, { if ((mi = m_pullup(mi, blks - rest)) == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } } @@ -776,22 +737,16 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, M_PREPEND(m, ohlen, M_DONTWAIT); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_output(): M_PREPEND failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_output(): M_PREPEND failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } m = m_pullup(m, iphlen + ohlen); if (m == NULL) { -#ifdef ENCDEBUG - if (encdebug) - printf("esp_old_output(): m_pullup() failed, SA %x/%08x\n", - tdb->tdb_dst, ntohl(tdb->tdb_spi)); -#endif /* ENCDEBUG */ + DPRINTF(("esp_old_output(): m_pullup() failed, SA %x/%08x\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi))); return ENOBUFS; } @@ -886,10 +841,7 @@ m_pad(struct mbuf *m, int n) if (n <= 0) /* no stupid arguments */ { -#ifdef ENCDEBUG - if (encdebug) - printf("m_pad(): pad length invalid (%d)\n", n); -#endif /* ENCDEBUG */ + DPRINTF(("m_pad(): pad length invalid (%d)\n", n)); return NULL; } @@ -906,11 +858,8 @@ m_pad(struct mbuf *m, int n) if (m0->m_len != len) { -#ifdef ENCDEBUG - if (encdebug) - printf("m_pad(): length mismatch (should be %d instead of %d)\n", - m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len); -#endif /* ENCDEBUG */ + DPRINTF(("m_pad(): length mismatch (should be %d instead of %d)\n", + m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len)); m_freem(m); return NULL; } @@ -926,10 +875,7 @@ m_pad(struct mbuf *m, int n) if (m1 == 0) { m_freem(m0); -#ifdef ENCDEBUG - if (encdebug) - printf("m_pad(): cannot append\n"); -#endif /* ENCDEBUG */ + DPRINTF(("m_pad(): cannot append\n")); return NULL; } |