diff options
Diffstat (limited to 'sys/netinet/ip_ah.c')
-rw-r--r-- | sys/netinet/ip_ah.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 1684b65e86a..8cf20865e54 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.11 1997/09/28 22:57:43 deraadt Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.12 1997/10/02 02:31:02 deraadt Exp $ */ /* * The author of this code is John Ioannidis, ji@tla.org, @@ -110,7 +110,8 @@ ah_input(register struct mbuf *m, int iphlen) tdbp = gettdb(ahp->ah_spi, ipo->ip_dst, IPPROTO_AH); if (tdbp == NULL) { - log(LOG_ERR, "ah_input(): could not find SA for AH packet from %x to %x, spi %08x\n", ipo->ip_src, ipo->ip_dst, ntohl(ahp->ah_spi)); + if (encdebug) + log(LOG_ERR, "ah_input(): could not find SA for AH packet from %x to %x, spi %08x\n", ipo->ip_src, ipo->ip_dst, ntohl(ahp->ah_spi)); m_freem(m); ahstat.ahs_notdb++; return; @@ -118,9 +119,8 @@ ah_input(register struct mbuf *m, int iphlen) if (tdbp->tdb_flags & TDBF_INVALID) { - log(LOG_ALERT, - "ah_input(): attempted to use invalid AH SA %08x, packet %x->%x\n", - ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst); + if (encdebug) + log(LOG_ALERT, "ah_input(): attempted to use invalid AH SA %08x, packet %x->%x\n", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst); m_freem(m); ahstat.ahs_invalid++; return; @@ -128,7 +128,8 @@ ah_input(register struct mbuf *m, int iphlen) if (tdbp->tdb_xform == NULL) { - log(LOG_ALERT, "ah_input(): attempted to use uninitialized AH SA %08x, packet from %x to %x\n", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst); + if (encdebug) + log(LOG_ALERT, "ah_input(): attempted to use uninitialized AH SA %08x, packet from %x to %x\n", ntohl(ahp->ah_spi), ipo->ip_src, ipo->ip_dst); m_freem(m); ahstat.ahs_noxform++; return; @@ -146,8 +147,9 @@ ah_input(register struct mbuf *m, int iphlen) exp = get_expiration(); if (exp == (struct expiration *) NULL) { - log(LOG_WARNING, - "ah_input(): out of memory for expiration timer\n"); + if (encdebug) + log(LOG_WARNING, + "ah_input(): out of memory for expiration timer\n"); ahstat.ahs_hdrops++; m_freem(m); return; @@ -167,8 +169,9 @@ ah_input(register struct mbuf *m, int iphlen) exp = get_expiration(); if (exp == (struct expiration *) NULL) { - log(LOG_WARNING, - "ah_input(): out of memory for expiration timer\n"); + if (encdebug) + log(LOG_WARNING, + "ah_input(): out of memory for expiration timer\n"); ahstat.ahs_hdrops++; m_freem(m); return; @@ -189,7 +192,8 @@ ah_input(register struct mbuf *m, int iphlen) m = (*(tdbp->tdb_xform->xf_input))(m, tdbp); if (m == NULL) { - log(LOG_ALERT, "ah_input(): authentication failed for AH packet from %x to %x, spi %08x\n", ipn.ip_src, ipn.ip_dst, ntohl(ahn.ah_spi)); + if (encdebug) + log(LOG_ALERT, "ah_input(): authentication failed for AH packet from %x to %x, spi %08x\n", ipn.ip_src, ipn.ip_dst, ntohl(ahn.ah_spi)); ahstat.ahs_badkcr++; return; } @@ -204,7 +208,8 @@ ah_input(register struct mbuf *m, int iphlen) if ((ipn.ip_src.s_addr != ipo->ip_src.s_addr) || (ipn.ip_dst.s_addr != ipo->ip_dst.s_addr)) { - log(LOG_ALERT, "ah_input(): AH-tunnel with different internal addresses %x/%x, SA %08x/%x\n", ipo->ip_src, ipo->ip_dst, tdbp->tdb_spi, tdbp->tdb_dst); + if (encdebug) + log(LOG_ALERT, "ah_input(): AH-tunnel with different internal addresses %x/%x, SA %08x/%x\n", ipo->ip_src, ipo->ip_dst, tdbp->tdb_spi, tdbp->tdb_dst); m_freem(m); ahstat.ahs_hdrops++; return; @@ -212,7 +217,8 @@ ah_input(register struct mbuf *m, int iphlen) } else /* So we're paranoid */ { - log(LOG_ALERT, "ah_input(): AH-tunnel used when expecting AH-transport, SA %08x/%x\n", tdbp->tdb_spi, tdbp->tdb_dst); + if (encdebug) + log(LOG_ALERT, "ah_input(): AH-tunnel used when expecting AH-transport, SA %08x/%x\n", tdbp->tdb_spi, tdbp->tdb_dst); m_freem(m); ahstat.ahs_hdrops++; return; |