summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ah.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_ah.c')
-rw-r--r--sys/netinet/ip_ah.c32
1 files changed, 19 insertions, 13 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index 1684b65e86a..8cf20865e54 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.11 1997/09/28 22:57:43 deraadt Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.12 1997/10/02 02:31:02 deraadt Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
@@ -110,7 +110,8 @@ ah_input(register struct mbuf *m, int iphlen)
tdbp = gettdb(ahp->ah_spi, ipo->ip_dst, IPPROTO_AH);
if (tdbp == NULL)
{
- log(LOG_ERR, "ah_input(): could not find SA for AH packet from %x to %x, spi %08x\n", ipo->ip_src, ipo->ip_dst, ntohl(ahp->ah_spi));
+ if (encdebug)
+ log(LOG_ERR, "ah_input(): could not find SA for AH packet from %x to %x, spi %08x\n", ipo->ip_src, ipo->ip_dst, ntohl(ahp->ah_spi));
m_freem(m);
ahstat.ahs_notdb++;
return;
@@ -118,9 +119,8 @@ ah_input(register struct mbuf *m, int iphlen)
if (tdbp->tdb_flags & TDBF_INVALID)
{
- log(LOG_ALERT,
- "ah_input(): attempted to use invalid AH SA %08x, packet %x->%x\n",
- ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst);
+ if (encdebug)
+ log(LOG_ALERT, "ah_input(): attempted to use invalid AH SA %08x, packet %x->%x\n", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst);
m_freem(m);
ahstat.ahs_invalid++;
return;
@@ -128,7 +128,8 @@ ah_input(register struct mbuf *m, int iphlen)
if (tdbp->tdb_xform == NULL)
{
- log(LOG_ALERT, "ah_input(): attempted to use uninitialized AH SA %08x, packet from %x to %x\n", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst);
+ if (encdebug)
+ log(LOG_ALERT, "ah_input(): attempted to use uninitialized AH SA %08x, packet from %x to %x\n", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst);
m_freem(m);
ahstat.ahs_noxform++;
return;
@@ -146,8 +147,9 @@ ah_input(register struct mbuf *m, int iphlen)
exp = get_expiration();
if (exp == (struct expiration *) NULL)
{
- log(LOG_WARNING,
- "ah_input(): out of memory for expiration timer\n");
+ if (encdebug)
+ log(LOG_WARNING,
+ "ah_input(): out of memory for expiration timer\n");
ahstat.ahs_hdrops++;
m_freem(m);
return;
@@ -167,8 +169,9 @@ ah_input(register struct mbuf *m, int iphlen)
exp = get_expiration();
if (exp == (struct expiration *) NULL)
{
- log(LOG_WARNING,
- "ah_input(): out of memory for expiration timer\n");
+ if (encdebug)
+ log(LOG_WARNING,
+ "ah_input(): out of memory for expiration timer\n");
ahstat.ahs_hdrops++;
m_freem(m);
return;
@@ -189,7 +192,8 @@ ah_input(register struct mbuf *m, int iphlen)
m = (*(tdbp->tdb_xform->xf_input))(m, tdbp);
if (m == NULL)
{
- log(LOG_ALERT, "ah_input(): authentication failed for AH packet from %x to %x, spi %08x\n", ipn.ip_src, ipn.ip_dst, ntohl(ahn.ah_spi));
+ if (encdebug)
+ log(LOG_ALERT, "ah_input(): authentication failed for AH packet from %x to %x, spi %08x\n", ipn.ip_src, ipn.ip_dst, ntohl(ahn.ah_spi));
ahstat.ahs_badkcr++;
return;
}
@@ -204,7 +208,8 @@ ah_input(register struct mbuf *m, int iphlen)
if ((ipn.ip_src.s_addr != ipo->ip_src.s_addr) ||
(ipn.ip_dst.s_addr != ipo->ip_dst.s_addr))
{
- log(LOG_ALERT, "ah_input(): AH-tunnel with different internal addresses %x/%x, SA %08x/%x\n", ipo->ip_src, ipo->ip_dst, tdbp->tdb_spi, tdbp->tdb_dst);
+ if (encdebug)
+ log(LOG_ALERT, "ah_input(): AH-tunnel with different internal addresses %x/%x, SA %08x/%x\n", ipo->ip_src, ipo->ip_dst, tdbp->tdb_spi, tdbp->tdb_dst);
m_freem(m);
ahstat.ahs_hdrops++;
return;
@@ -212,7 +217,8 @@ ah_input(register struct mbuf *m, int iphlen)
}
else /* So we're paranoid */
{
- log(LOG_ALERT, "ah_input(): AH-tunnel used when expecting AH-transport, SA %08x/%x\n", tdbp->tdb_spi, tdbp->tdb_dst);
+ if (encdebug)
+ log(LOG_ALERT, "ah_input(): AH-tunnel used when expecting AH-transport, SA %08x/%x\n", tdbp->tdb_spi, tdbp->tdb_dst);
m_freem(m);
ahstat.ahs_hdrops++;
return;