Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netipsec/ipsec.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netipsec/ipsec.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.61 retrieving revision 1.62 diff -u -p -r1.61 -r1.62 --- src/sys/netipsec/ipsec.c 2013/12/24 13:57:06 1.61 +++ src/sys/netipsec/ipsec.c 2013/12/24 15:48:53 1.62 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.61 2013/12/24 13:57:06 degroote Exp $ */ +/* $NetBSD: ipsec.c,v 1.62 2013/12/24 15:48:53 christos Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.61 2013/12/24 13:57:06 degroote Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.62 2013/12/24 15:48:53 christos Exp $"); /* * IPsec controller part. @@ -268,7 +268,7 @@ ipsec_checkpcbcache(struct mbuf *m, stru } #ifdef DIAGNOSTIC if (pcbsp == NULL) { - printf("ipsec_checkpcbcache: NULL pcbsp\n"); + printf("%s: NULL pcbsp\n", __func__); /* XXX panic? */ return NULL; } @@ -320,9 +320,9 @@ ipsec_checkpcbcache(struct mbuf *m, stru pcbsp->sp_cache[dir].cachesp->lastused = time_second; pcbsp->sp_cache[dir].cachesp->refcnt++; KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP ipsec_checkpcbcache cause refcnt++:%d SP:%p\n", - pcbsp->sp_cache[dir].cachesp->refcnt, - pcbsp->sp_cache[dir].cachesp)); + printf("DP %s cause refcnt++:%d SP:%p\n", __func__, + pcbsp->sp_cache[dir].cachesp->refcnt, + pcbsp->sp_cache[dir].cachesp)); return pcbsp->sp_cache[dir].cachesp; } @@ -354,9 +354,9 @@ ipsec_fillpcbcache(struct inpcbpolicy *p if (pcbsp->sp_cache[dir].cachesp) { pcbsp->sp_cache[dir].cachesp->refcnt++; KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP ipsec_fillpcbcache cause refcnt++:%d SP:%p\n", - pcbsp->sp_cache[dir].cachesp->refcnt, - pcbsp->sp_cache[dir].cachesp)); + printf("DP %s cause refcnt++:%d SP:%p\n", __func__, + pcbsp->sp_cache[dir].cachesp->refcnt, + pcbsp->sp_cache[dir].cachesp)); /* * If the PCB is connected, we can remember a hint to @@ -435,7 +435,7 @@ key_allocsp_default(int af, const char * struct secpolicy *sp; KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsp_default from %s:%u\n", where, tag)); + printf("DP %s from %s:%u\n", __func__, where, tag)); switch(af) { case AF_INET: @@ -448,22 +448,21 @@ key_allocsp_default(int af, const char * #endif default: KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("key_allocsp_default : unexpected protocol family %u\n", - af)); + printf("%s: unexpected protocol family %u\n", __func__, + af)); return NULL; } if (sp->policy != IPSEC_POLICY_DISCARD && sp->policy != IPSEC_POLICY_NONE) { ipseclog((LOG_INFO, "fixed system default policy: %d->%d\n", - sp->policy, IPSEC_POLICY_NONE)); + sp->policy, IPSEC_POLICY_NONE)); sp->policy = IPSEC_POLICY_NONE; } sp->refcnt++; - KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsp_default returns SP:%p (%u)\n", - sp, sp->refcnt)); + KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s returns SP:%p (%u)\n", + __func__, sp, sp->refcnt)); return sp; } #define KEY_ALLOCSP_DEFAULT(af) \ @@ -486,14 +485,14 @@ ipsec_getpolicy(const struct tdb_ident * { struct secpolicy *sp; - IPSEC_ASSERT(tdbi != NULL, ("ipsec_getpolicy: null tdbi")); + IPSEC_ASSERT(tdbi != NULL, ("%s: null tdbi", __func__)); IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec_getpolicy: invalid direction %u", dir)); + ("%s: invalid direction %u", __func__, dir)); sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir); if (sp == NULL) /*XXX????*/ sp = KEY_ALLOCSP_DEFAULT(tdbi->dst.sa.sa_family); - IPSEC_ASSERT(sp != NULL, ("ipsec_getpolicy: null SP")); + IPSEC_ASSERT(sp != NULL, ("%s: null SP", __func__)); return sp; } @@ -517,19 +516,18 @@ ipsec_getpolicybysock(struct mbuf *m, u_ struct secpolicy *sp; int af; - IPSEC_ASSERT(m != NULL, ("ipsec_getpolicybysock: null mbuf")); - IPSEC_ASSERT(inp != NULL, ("ipsec_getpolicybysock: null inpcb")); - IPSEC_ASSERT(error != NULL, ("ipsec_getpolicybysock: null error")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); + IPSEC_ASSERT(inp != NULL, ("%s: null inpcb", __func__)); + IPSEC_ASSERT(error != NULL, ("%s: null error", __func__)); IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec_getpolicybysock: invalid direction %u", dir)); + ("%s: invalid direction %u", __func__, dir)); - IPSEC_ASSERT(PCB_SOCKET(inp) != NULL, - ("ipsec_getppolicybysock: null socket\n")); + IPSEC_ASSERT(PCB_SOCKET(inp) != NULL, ("%s: null socket", __func__)); /* XXX FIXME inpcb/in6pcb vs socket*/ af = PCB_FAMILY(inp); IPSEC_ASSERT(af == AF_INET || af == AF_INET6, - ("ipsec_getpolicybysock: unexpected protocol family %u", af)); + ("%s: unexpected protocol family %u", __func__, af)); #ifdef __NetBSD__ IPSEC_ASSERT(inp->inph_sp != NULL, ("null PCB policy cache")); @@ -568,7 +566,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ if (*error) return NULL; - IPSEC_ASSERT(pcbsp != NULL, ("ipsec_getpolicybysock: null pcbsp")); + IPSEC_ASSERT(pcbsp != NULL, ("%s: null pcbsp", __func__)); switch (dir) { case IPSEC_DIR_INBOUND: currsp = pcbsp->sp_in; @@ -577,7 +575,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ currsp = pcbsp->sp_out; break; } - IPSEC_ASSERT(currsp != NULL, ("ipsec_getpolicybysock: null currsp")); + IPSEC_ASSERT(currsp != NULL, ("%s: null currsp", __func__)); if (pcbsp->priv) { /* when privilieged socket */ switch (currsp->policy) { @@ -595,8 +593,8 @@ ipsec_getpolicybysock(struct mbuf *m, u_ break; default: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Invalid policy for PCB %d\n", currsp->policy)); + ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n", + __func__, currsp->policy)); *error = EINVAL; return NULL; } @@ -605,9 +603,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_ if (sp == NULL) { /* no SP found */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Illegal policy for non-priviliged defined %d\n", - currsp->policy)); + ipseclog((LOG_ERR, "%s: Illegal policy for " + "non-priviliged defined %d\n", __func__, + currsp->policy)); *error = EINVAL; return NULL; @@ -621,20 +619,19 @@ ipsec_getpolicybysock(struct mbuf *m, u_ break; default: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Invalid policy for PCB %d\n", currsp->policy)); + ipseclog((LOG_ERR, "%s: Invalid policy for " + "PCB %d\n", __func__, currsp->policy)); *error = EINVAL; return NULL; } } } IPSEC_ASSERT(sp != NULL, - ("ipsec_getpolicybysock: null SP (priv %u policy %u", - pcbsp->priv, currsp->policy)); + ("%s: null SP (priv %u policy %u", __func__, pcbsp->priv, + currsp->policy)); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP ipsec_getpolicybysock (priv %u policy %u) allocates " - "SP:%p (refcnt %u)\n", pcbsp->priv, currsp->policy, - sp, sp->refcnt)); + printf("DP %s (priv %u policy %u) allocates SP:%p (refcnt %u)\n", + __func__, pcbsp->priv, currsp->policy, sp, sp->refcnt)); #ifdef __NetBSD__ ipsec_fillpcbcache(pcbsp, m, sp, dir); #endif /* __NetBSD__ */ @@ -657,18 +654,18 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ struct secpolicyindex spidx; struct secpolicy *sp; - IPSEC_ASSERT(m != NULL, ("ipsec_getpolicybyaddr: null mbuf")); - IPSEC_ASSERT(error != NULL, ("ipsec_getpolicybyaddr: null error")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); + IPSEC_ASSERT(error != NULL, ("%s: null error", __func__)); IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec4_getpolicybaddr: invalid direction %u", dir)); + ("%s: invalid direction %u", __func__, dir)); sp = NULL; /* Make an index to look for a policy. */ *error = ipsec_setspidx(m, &spidx, (flag & IP_FORWARDING) ? 0 : 1); if (*error != 0) { - DPRINTF(("ipsec_getpolicybyaddr: setpidx failed," - " dir %u flag %u\n", dir, flag)); + DPRINTF(("%s: setpidx failed, dir %u flag %u\n", __func__, + dir, flag)); memset(&spidx, 0, sizeof (spidx)); return NULL; } @@ -681,7 +678,7 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ if (sp == NULL) /* no SP found, use system default */ sp = KEY_ALLOCSP_DEFAULT(spidx.dst.sa.sa_family); - IPSEC_ASSERT(sp != NULL, ("ipsec_getpolicybyaddr: null SP")); + IPSEC_ASSERT(sp != NULL, ("%s: null SP", __func__)); return sp; } @@ -701,16 +698,16 @@ ipsec4_checkpolicy(struct mbuf *m, u_int sp = ipsec_getpolicybysock(m, dir, IN4PCB_TO_PCB(inp), error); if (sp == NULL) { IPSEC_ASSERT(*error != 0, - ("ipsec4_checkpolicy: getpolicy failed w/o error")); + ("%s: getpolicy failed w/o error", __func__)); IPSEC_STATINC(IPSEC_STAT_OUT_INVAL); return NULL; } - IPSEC_ASSERT(*error == 0, - ("ipsec4_checkpolicy: sp w/ error set to %u", *error)); + IPSEC_ASSERT(*error == 0, ("%s: sp w/ error set to %u", __func__, + *error)); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: - printf("ipsec4_checkpolicy: invalid policy %u\n", sp->policy); + printf("%s: invalid policy %u\n", __func__, sp->policy); /* fall thru... */ case IPSEC_POLICY_DISCARD: IPSEC_STATINC(IPSEC_STAT_OUT_POLVIO); @@ -950,17 +947,17 @@ ipsec6_checkpolicy(struct mbuf *m, u_int } else sp = ipsec_getpolicybysock(m, dir, IN6PCB_TO_PCB(in6p), error); if (sp == NULL) { - IPSEC_ASSERT(*error != 0, - ("ipsec6_checkpolicy: getpolicy failed w/o error")); + IPSEC_ASSERT(*error != 0, ("%s: getpolicy failed w/o error", + __func__)); IPSEC_STATINC(IPSEC_STAT_OUT_INVAL); return NULL; } - IPSEC_ASSERT(*error == 0, - ("ipsec6_checkpolicy: sp w/ error set to %u", *error)); + IPSEC_ASSERT(*error == 0, ("%s: sp w/ error set to %u", __func__, + *error)); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: - printf("ipsec6_checkpolicy: invalid policy %u\n", sp->policy); + printf("%s: invalid policy %u\n", __func__, sp->policy); /* fall thru... */ case IPSEC_POLICY_DISCARD: IPSEC_STATINC(IPSEC_STAT_OUT_POLVIO); @@ -990,10 +987,10 @@ ipsec4_setspidx_inpcb(struct mbuf *m, st { int error; - IPSEC_ASSERT(pcb != NULL, ("ipsec4_setspidx_inpcb: null pcb")); - IPSEC_ASSERT(pcb->inp_sp != NULL, ("ipsec4_setspidx_inpcb: null inp_sp")); + IPSEC_ASSERT(pcb != NULL, ("%s: null pcb", __func__)); + IPSEC_ASSERT(pcb->inp_sp != NULL, ("%s: null inp_sp", __func__)); IPSEC_ASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL, - ("ipsec4_setspidx_inpcb: null sp_in || sp_out")); + ("%s: null sp_in || sp_out", __func__)); error = ipsec_setspidx(m, &pcb->inp_sp->sp_in->spidx, 1); if (error == 0) { @@ -1016,10 +1013,11 @@ ipsec6_setspidx_in6pcb(struct mbuf *m, s struct secpolicyindex *spidx; int error; - IPSEC_ASSERT(pcb != NULL, ("ipsec6_setspidx_in6pcb: null pcb")); - IPSEC_ASSERT(pcb->in6p_sp != NULL, ("ipsec6_setspidx_in6pcb: null inp_sp")); - IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, - ("ipsec6_setspidx_in6pcb: null sp_in || sp_out")); + IPSEC_ASSERT(pcb != NULL, ("%s: null pcb", __func__)); + IPSEC_ASSERT(pcb->in6p_sp != NULL, ("%s: null inp_sp", __func__)); + IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && + pcb->in6p_sp->sp_in != NULL, ("%s: null sp_in || sp_out", + __func__)); memset(&pcb->in6p_sp->sp_in->spidx, 0, sizeof(*spidx)); memset(&pcb->in6p_sp->sp_out->spidx, 0, sizeof(*spidx)); @@ -1060,7 +1058,7 @@ ipsec_setspidx(struct mbuf *m, struct se int len; int error; - IPSEC_ASSERT(m != NULL, ("ipsec_setspidx: null mbuf")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); /* * validate m->m_pkthdr.len. we see incorrect length if we @@ -1071,19 +1069,16 @@ ipsec_setspidx(struct mbuf *m, struct se for (n = m; n; n = n->m_next) len += n->m_len; if (m->m_pkthdr.len != len) { - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "total of m_len(%d) != pkthdr.len(%d), " - "ignored.\n", - len, m->m_pkthdr.len)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: total of m_len(%d) " + "!= pkthdr.len(%d), ignored.\n", __func__, len, + m->m_pkthdr.len)); return EINVAL; } if (m->m_pkthdr.len < sizeof(struct ip)) { - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "pkthdr.len(%d) < sizeof(struct ip), ignored.\n", - m->m_pkthdr.len)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: pkthdr.len(%d) < " + "sizeof(struct ip), ignored.\n", __func__, + m->m_pkthdr.len)); return EINVAL; } @@ -1104,10 +1099,9 @@ ipsec_setspidx(struct mbuf *m, struct se #ifdef INET6 case 6: if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) { - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "pkthdr.len(%d) < sizeof(struct ip6_hdr), " - "ignored.\n", m->m_pkthdr.len)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: " + "pkthdr.len(%d) < sizeof(struct ip6_hdr), " + "ignored.\n", __func__, m->m_pkthdr.len)); return EINVAL; } error = ipsec6_setspidx_ipaddr(m, spidx); @@ -1117,9 +1111,8 @@ ipsec_setspidx(struct mbuf *m, struct se return 0; #endif default: - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "unknown IP version %u, ignored.\n", v)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: unknown IP version " + "%u, ignored.\n", __func__, v)); return EINVAL; } } @@ -1131,9 +1124,9 @@ ipsec4_get_ulp(struct mbuf *m, struct se int off; /* sanity check */ - IPSEC_ASSERT(m != NULL, ("ipsec4_get_ulp: null mbuf")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip), - ("ipsec4_get_ulp: packet too short")); + ("%s: packet too short", __func__)); /* NB: ip_input() flips it into host endian XXX need more checking */ if (m->m_len >= sizeof(struct ip)) { @@ -1254,10 +1247,10 @@ ipsec6_get_ulp(struct mbuf *m, struct se /* sanity check */ if (m == NULL) - panic("ipsec6_get_ulp: NULL pointer was passed"); + panic("%s: NULL pointer was passed", __func__); - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec6_get_ulp:\n"); kdebug_mbuf(m)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__); + kdebug_mbuf(m)); /* set default */ spidx->ul_proto = IPSEC_ULPROTO_ANY; @@ -1362,11 +1355,11 @@ ipsec_init_policy(struct socket *so, str /* sanity check. */ if (so == NULL || policy == NULL) - panic("ipsec_init_policy: NULL pointer was passed"); + panic("%s: NULL pointer was passed", __func__); new = malloc(sizeof(*new), M_SECA, M_NOWAIT|M_ZERO); if (new == NULL) { - ipseclog((LOG_DEBUG, "ipsec_init_policy: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } @@ -1497,9 +1490,8 @@ ipsec_set_policy( return EINVAL; xpl = (const struct sadb_x_policy *)request; - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_set_policy: passed policy\n"); - kdebug_sadb_x_policy((const struct sadb_ext *)xpl)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: passed policy\n", __func__); + kdebug_sadb_x_policy((const struct sadb_ext *)xpl)); /* check policy type */ /* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */ @@ -1524,9 +1516,8 @@ ipsec_set_policy( /* clear old SP and set new SP */ KEY_FREESP(policy); *policy = newsp; - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_set_policy: new policy\n"); - kdebug_secpolicy(newsp)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: new policy\n", __func__); + kdebug_secpolicy(newsp)); return 0; } @@ -1541,14 +1532,13 @@ ipsec_get_policy(struct secpolicy *polic *mp = key_sp2msg(policy); if (!*mp) { - ipseclog((LOG_DEBUG, "ipsec_get_policy: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } (*mp)->m_type = MT_DATA; - KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_get_policy:\n"); - kdebug_mbuf(*mp)); + KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__); + kdebug_mbuf(*mp)); return 0; } @@ -1567,8 +1557,7 @@ ipsec4_set_policy(struct inpcb *inp, int return EINVAL; xpl = (const struct sadb_x_policy *)request; - IPSEC_ASSERT(inp->inp_sp != NULL, - ("ipsec4_set_policy(): null inp->in_sp")); + IPSEC_ASSERT(inp->inp_sp != NULL, ("%s: null inp->in_sp", __func__)); /* select direction */ switch (xpl->sadb_x_policy_dir) { @@ -1579,8 +1568,8 @@ ipsec4_set_policy(struct inpcb *inp, int policy = &inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n", - xpl->sadb_x_policy_dir)); + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, + xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1597,7 +1586,7 @@ ipsec4_get_policy(struct inpcb *inp, con /* sanity check. */ if (inp == NULL || request == NULL || mp == NULL) return EINVAL; - IPSEC_ASSERT(inp->inp_sp != NULL, ("ipsec4_get_policy: null inp_sp")); + IPSEC_ASSERT(inp->inp_sp != NULL, ("%s: null inp_sp", __func__)); if (len < sizeof(*xpl)) return EINVAL; xpl = (const struct sadb_x_policy *)request; @@ -1611,8 +1600,8 @@ ipsec4_get_policy(struct inpcb *inp, con policy = inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_get_policy: invalid direction=%u\n", - xpl->sadb_x_policy_dir)); + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, + xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1623,7 +1612,7 @@ ipsec4_get_policy(struct inpcb *inp, con int ipsec4_delete_pcbpolicy(struct inpcb *inp) { - IPSEC_ASSERT(inp != NULL, ("ipsec4_delete_pcbpolicy: null inp")); + IPSEC_ASSERT(inp != NULL, ("%s: null inp", __func__)); if (inp->inp_sp == NULL) return 0; @@ -1668,8 +1657,8 @@ ipsec6_set_policy(struct in6pcb *in6p, i policy = &in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", - xpl->sadb_x_policy_dir)); + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, + xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1686,7 +1675,7 @@ ipsec6_get_policy(struct in6pcb *in6p, c /* sanity check. */ if (in6p == NULL || request == NULL || mp == NULL) return EINVAL; - IPSEC_ASSERT(in6p->in6p_sp != NULL, ("ipsec6_get_policy: null in6p_sp")); + IPSEC_ASSERT(in6p->in6p_sp != NULL, ("%s: null in6p_sp", __func__)); if (len < sizeof(*xpl)) return EINVAL; xpl = (const struct sadb_x_policy *)request; @@ -1700,8 +1689,8 @@ ipsec6_get_policy(struct in6pcb *in6p, c policy = in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", - xpl->sadb_x_policy_dir)); + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, + xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1711,7 +1700,7 @@ ipsec6_get_policy(struct in6pcb *in6p, c int ipsec6_delete_pcbpolicy(struct in6pcb *in6p) { - IPSEC_ASSERT(in6p != NULL, ("ipsec6_delete_pcbpolicy: null in6p")); + IPSEC_ASSERT(in6p != NULL, ("%s: null in6p", __func__)); if (in6p->in6p_sp == NULL) return 0; @@ -1744,24 +1733,21 @@ ipsec_get_reqlevel(const struct ipsecreq u_int esp_trans_deflev, esp_net_deflev; u_int ah_trans_deflev, ah_net_deflev; - IPSEC_ASSERT(isr != NULL && isr->sp != NULL, - ("ipsec_get_reqlevel: null argument")); - IPSEC_ASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family, - ("ipsec_get_reqlevel: af family mismatch, src %u, dst %u", - isr->sp->spidx.src.sa.sa_family, - isr->sp->spidx.dst.sa.sa_family)); + IPSEC_ASSERT(isr != NULL && isr->sp != NULL, ("%s: null argument", + __func__)); + IPSEC_ASSERT(isr->sp->spidx.src.sa.sa_family == + isr->sp->spidx.dst.sa.sa_family, + ("%s: af family mismatch, src %u, dst %u", __func__, + isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family)); /* XXX note that we have ipseclog() expanded here - code sync issue */ -#define IPSEC_CHECK_DEFAULT(lev) \ - (((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \ - && (lev) != IPSEC_LEVEL_UNIQUE) \ - ? (ipsec_debug \ - ? log(LOG_INFO, "fixed system default level " #lev ":%d->%d\n",\ - (lev), IPSEC_LEVEL_REQUIRE) \ - : 0), \ - (lev) = IPSEC_LEVEL_REQUIRE, \ - (lev) \ - : (lev)) +#define IPSEC_CHECK_DEFAULT(lev) \ + (((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \ + && (lev) != IPSEC_LEVEL_UNIQUE) ? \ + (ipsec_debug ? log(LOG_INFO, "fixed system default level " #lev \ + ":%d->%d\n", (lev), IPSEC_LEVEL_REQUIRE) : 0), \ + (lev) = IPSEC_LEVEL_REQUIRE, (lev) \ + : (lev)) /* set default level */ switch (((struct sockaddr *)&isr->sp->spidx.src)->sa_family) { @@ -1782,8 +1768,8 @@ ipsec_get_reqlevel(const struct ipsecreq break; #endif /* INET6 */ default: - panic("key_get_reqlevel: unknown af %u", - isr->sp->spidx.src.sa.sa_family); + panic("%s: unknown af %u", __func__, + isr->sp->spidx.src.sa.sa_family); } #undef IPSEC_CHECK_DEFAULT @@ -1812,8 +1798,8 @@ ipsec_get_reqlevel(const struct ipsecreq level = IPSEC_LEVEL_USE; break; default: - panic("ipsec_get_reqlevel: Illegal protocol defined %u", - isr->saidx.proto); + panic("%s: Illegal protocol defined %u", __func__, + isr->saidx.proto); } break; @@ -1826,8 +1812,7 @@ ipsec_get_reqlevel(const struct ipsecreq break; default: - panic("ipsec_get_reqlevel: Illegal IPsec level %u", - isr->level); + panic("%s: Illegal IPsec level %u", __func__, isr->level); } return level; @@ -1849,9 +1834,8 @@ ipsec_in_reject(const struct secpolicy * struct ipsecrequest *isr; int need_auth; - KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec_in_reject: using SP\n"); - kdebug_secpolicy(sp)); + KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__); + kdebug_secpolicy(sp)); /* check policy */ switch (sp->policy) { @@ -1863,7 +1847,7 @@ ipsec_in_reject(const struct secpolicy * } IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("ipsec_in_reject: invalid policy %u", sp->policy)); + ("%s: invalid policy %u", __func__, sp->policy)); /* XXX should compare policy against ipsec header history */ @@ -1875,8 +1859,8 @@ ipsec_in_reject(const struct secpolicy * case IPPROTO_ESP: if ((m->m_flags & M_DECRYPTED) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: ESP m_flags:%x\n", - m->m_flags)); + printf("%s: ESP m_flags:%x\n", __func__, + m->m_flags)); return 1; } @@ -1885,8 +1869,8 @@ ipsec_in_reject(const struct secpolicy * isr->sav->tdb_authalgxform != NULL && (m->m_flags & M_AUTHIPDGM) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: ESP/AH m_flags:%x\n", - m->m_flags)); + printf("%s: ESP/AH m_flags:%x\n", __func__, + m->m_flags)); return 1; } break; @@ -1894,8 +1878,8 @@ ipsec_in_reject(const struct secpolicy * need_auth = 1; if ((m->m_flags & M_AUTHIPHDR) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: AH m_flags:%x\n", - m->m_flags)); + printf("%s: AH m_flags:%x\n", __func__, + m->m_flags)); return 1; } break; @@ -1924,7 +1908,7 @@ ipsec4_in_reject(struct mbuf *m, struct int error; int result; - IPSEC_ASSERT(m != NULL, ("ipsec4_in_reject_so: null mbuf")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -2000,9 +1984,8 @@ ipsec_hdrsiz(const struct secpolicy *sp) const struct ipsecrequest *isr; size_t siz; - KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec_hdrsiz: using SP\n"); - kdebug_secpolicy(sp)); + KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__); + kdebug_secpolicy(sp)); switch (sp->policy) { case IPSEC_POLICY_DISCARD: @@ -2012,7 +1995,7 @@ ipsec_hdrsiz(const struct secpolicy *sp) } IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("ipsec_hdrsiz: invalid policy %u", sp->policy)); + ("%s: invalid policy %u", __func__, sp->policy)); siz = 0; for (isr = sp->req; isr != NULL; isr = isr->next) { @@ -2041,9 +2024,10 @@ ipsec_hdrsiz(const struct secpolicy *sp) break; #endif default: - ipseclog((LOG_ERR, "ipsec_hdrsiz: " - "unknown AF %d in IPsec tunnel SA\n", - ((const struct sockaddr *)&isr->saidx.dst)->sa_family)); + ipseclog((LOG_ERR, "%s: unknown AF %d in " + "IPsec tunnel SA\n", __func__, + ((const struct sockaddr *)&isr->saidx.dst) + ->sa_family)); break; } } @@ -2061,9 +2045,9 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, int error; size_t size; - IPSEC_ASSERT(m != NULL, ("ipsec4_hdrsiz: null mbuf")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); IPSEC_ASSERT(inp == NULL || inp->inp_socket != NULL, - ("ipsec4_hdrsize: socket w/o inpcb")); + ("%s: socket w/o inpcb", __func__)); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -2077,9 +2061,8 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, if (sp != NULL) { size = ipsec_hdrsiz(sp); - KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec4_hdrsiz: size:%lu.\n", - (unsigned long)size)); + KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: size:%lu.\n", + __func__, (unsigned long)size)); KEY_FREESP(&sp); } else { @@ -2099,9 +2082,9 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, int error; size_t size; - IPSEC_ASSERT(m != NULL, ("ipsec6_hdrsiz: null mbuf")); + IPSEC_ASSERT(m != NULL, ("%s: null mbuf", __func__)); IPSEC_ASSERT(in6p == NULL || in6p->in6p_socket != NULL, - ("ipsec6_hdrsize: socket w/o inpcb")); + ("%s: socket w/o inpcb", __func__)); /* get SP for this packet */ /* XXX Is it right to call with IP_FORWARDING. */ @@ -2116,7 +2099,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, return 0; size = ipsec_hdrsiz(sp); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec6_hdrsiz: size:%lu.\n", (unsigned long)size)); + printf("%s: size:%zu.\n", __func__, size)); KEY_FREESP(&sp); return size; @@ -2142,10 +2125,10 @@ ipsec_chkreplay(u_int32_t seq, const str u_int32_t wsizeb; /* constant: bits of window size */ int frlast; /* constant: last frame */ - IPSEC_SPLASSERT_SOFTNET("ipsec_chkreplay"); + IPSEC_SPLASSERT_SOFTNET(__func__); - IPSEC_ASSERT(sav != NULL, ("ipsec_chkreplay: Null SA")); - IPSEC_ASSERT(sav->replay != NULL, ("ipsec_chkreplay: Null replay state")); + IPSEC_ASSERT(sav != NULL, ("%s: Null SA", __func__)); + IPSEC_ASSERT(sav->replay != NULL, ("%s: Null replay state", __func__)); replay = sav->replay; @@ -2200,10 +2183,10 @@ ipsec_updatereplay(u_int32_t seq, const u_int32_t wsizeb; /* constant: bits of window size */ int frlast; /* constant: last frame */ - IPSEC_SPLASSERT_SOFTNET("ipsec_updatereplay"); + IPSEC_SPLASSERT_SOFTNET(__func__); - IPSEC_ASSERT(sav != NULL, ("ipsec_updatereplay: Null SA")); - IPSEC_ASSERT(sav->replay != NULL, ("ipsec_updatereplay: Null replay state")); + IPSEC_ASSERT(sav != NULL, ("%s: Null SA", __func__)); + IPSEC_ASSERT(sav->replay != NULL, ("%s: Null replay state", __func__)); replay = sav->replay; @@ -2275,7 +2258,7 @@ ok: return 1; ipseclog((LOG_WARNING, "replay counter made %d cycle. %s\n", - replay->overflow, ipsec_logsastr(sav))); + replay->overflow, ipsec_logsastr(sav))); } replay->count++; @@ -2350,7 +2333,7 @@ ipsec_logsastr(const struct secasvar *sa const struct secasindex *saidx = &sav->sah->saidx; IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, - ("ipsec_logsastr: address family mismatch")); + ("%s: address family mismatch", __func__)); p = buf; snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi)); @@ -2471,7 +2454,7 @@ xform_init(struct secasvar *sav, int xft if (xsp->xf_type == xftype) return (*xsp->xf_init)(sav, xsp); - DPRINTF(("xform_init: no match for xform type %d\n", xftype)); + DPRINTF(("%s: no match for xform type %d\n", __func__, xftype)); return EINVAL; }