diff options
| -rw-r--r-- | sys/netipsec/ipsec.c | 62 | ||||
| -rw-r--r-- | sys/netipsec/ipsec.h | 4 | ||||
| -rw-r--r-- | sys/netipsec/ipsec_input.c | 19 | ||||
| -rw-r--r-- | sys/netipsec/ipsec_output.c | 21 | ||||
| -rw-r--r-- | sys/netipsec/xform_ah.c | 40 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 59 | ||||
| -rw-r--r-- | sys/netipsec/xform_ipcomp.c | 32 |
7 files changed, 105 insertions, 132 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 8a79052677c6..abad3d2048ab 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -1488,6 +1488,7 @@ ipsec_chkreplay(u_int32_t seq, struct secasvar *sav) int ipsec_updatereplay(u_int32_t seq, struct secasvar *sav) { + char buf[128]; struct secreplay *replay; u_int32_t diff; int fr; @@ -1567,7 +1568,8 @@ ok: return (1); ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n", - __func__, replay->overflow, ipsec_logsastr(sav))); + __func__, replay->overflow, + ipsec_logsastr(sav, buf, sizeof(buf)))); } replay->count++; @@ -1598,67 +1600,37 @@ vshiftl(unsigned char *bitmap, int nbit, int wsize) } } -#ifdef INET -/* Return a printable string for the IPv4 address. */ -static char * -inet_ntoa4(struct in_addr ina) -{ - static char buf[4][4 * sizeof "123" + 4]; - unsigned char *ucp = (unsigned char *) &ina; - static int i = 3; - - /* XXX-BZ Returns static buffer. */ - i = (i + 1) % 4; - sprintf(buf[i], "%d.%d.%d.%d", ucp[0] & 0xff, ucp[1] & 0xff, - ucp[2] & 0xff, ucp[3] & 0xff); - return (buf[i]); -} -#endif - /* Return a printable string for the address. */ -char * -ipsec_address(union sockaddr_union* sa) +char* +ipsec_address(union sockaddr_union* sa, char *buf, socklen_t size) { -#ifdef INET6 - char ip6buf[INET6_ADDRSTRLEN]; -#endif switch (sa->sa.sa_family) { #ifdef INET case AF_INET: - return (inet_ntoa4(sa->sin.sin_addr)); + return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size)); #endif /* INET */ #ifdef INET6 case AF_INET6: - return (ip6_sprintf(ip6buf, &sa->sin6.sin6_addr)); + return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, buf, size)); #endif /* INET6 */ default: return ("(unknown address family)"); } } -const char * -ipsec_logsastr(struct secasvar *sav) +char * +ipsec_logsastr(struct secasvar *sav, char *buf, size_t size) { - static char buf[256]; - char *p; - struct secasindex *saidx = &sav->sah->saidx; - - IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, - ("address family mismatch")); - - p = buf; - snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi)); - while (p && *p) - p++; - /* NB: only use ipsec_address on one address at a time. */ - snprintf(p, sizeof (buf) - (p - buf), "src=%s ", - ipsec_address(&saidx->src)); - while (p && *p) - p++; - snprintf(p, sizeof (buf) - (p - buf), "dst=%s)", - ipsec_address(&saidx->dst)); + char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN]; + + IPSEC_ASSERT(sav->sah->saidx.src.sa.sa_family == + sav->sah->saidx.dst.sa.sa_family, ("address family mismatch")); + snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)", + (u_long)ntohl(sav->spi), + ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)), + ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf))); return (buf); } diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 226ef7037239..7f4c25ede16f 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -327,8 +327,8 @@ extern size_t ipsec_hdrsiz(struct mbuf *, u_int, struct inpcb *); extern size_t ipsec_hdrsiz_tcp(struct tcpcb *); union sockaddr_union; -extern char * ipsec_address(union sockaddr_union* sa); -extern const char *ipsec_logsastr(struct secasvar *); +extern char *ipsec_address(union sockaddr_union *, char *, socklen_t); +extern char *ipsec_logsastr(struct secasvar *, char *, size_t); extern void ipsec_dumpmbuf(struct mbuf *); diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 846fefa934fa..6c5278185bf0 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -121,6 +121,7 @@ static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int); static int ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) { + char buf[INET6_ADDRSTRLEN]; union sockaddr_union dst_address; struct secasvar *sav; u_int32_t spi; @@ -215,8 +216,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) sav = KEY_ALLOCSA(&dst_address, sproto, spi); if (sav == NULL) { DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n", - __func__, ipsec_address(&dst_address), - (u_long) ntohl(spi), sproto)); + __func__, ipsec_address(&dst_address, buf, sizeof(buf)), + (u_long) ntohl(spi), sproto)); IPSEC_ISTAT(sproto, notdb); m_freem(m); return ENOENT; @@ -224,8 +225,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) if (sav->tdb_xform == NULL) { DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n", - __func__, ipsec_address(&dst_address), - (u_long) ntohl(spi), sproto)); + __func__, ipsec_address(&dst_address, buf, sizeof(buf)), + (u_long) ntohl(spi), sproto)); IPSEC_ISTAT(sproto, noxform); KEY_FREESAV(&sav); m_freem(m); @@ -327,6 +328,7 @@ int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + char buf[INET6_ADDRSTRLEN]; int prot, af, sproto, isr_prot; struct ip *ip; struct m_tag *mtag; @@ -365,8 +367,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, */ if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) { DPRINTF(("%s: processing failed for SA %s/%08lx\n", - __func__, ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, + buf, sizeof(buf)), (u_long) ntohl(sav->spi))); IPSEC_ISTAT(sproto, hdrops); error = ENOBUFS; goto bad; @@ -622,6 +624,7 @@ int ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + char buf[INET6_ADDRSTRLEN]; int prot, af, sproto; struct ip6_hdr *ip6; struct m_tag *mtag; @@ -658,8 +661,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { DPRINTF(("%s: processing failed for SA %s/%08lx\n", - __func__, ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); IPSEC_ISTAT(sproto, hdrops); error = EACCES; diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 691e6845b199..583f4b0cffe5 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -529,6 +529,7 @@ ipsec_encap(struct mbuf **mp, struct secasindex *saidx) int ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr) { + char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN]; union sockaddr_union *dst; struct secasindex saidx; struct secasvar *sav; @@ -579,9 +580,10 @@ ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr) if (error != 0) { DPRINTF(("%s: encapsulation for SA %s->%s " "SPI 0x%08x failed with error %d\n", __func__, - ipsec_address(&sav->sah->saidx.src), - ipsec_address(&sav->sah->saidx.dst), - ntohl(sav->spi), error)); + ipsec_address(&sav->sah->saidx.src, sbuf, + sizeof(sbuf)), + ipsec_address(&sav->sah->saidx.dst, dbuf, + sizeof(dbuf)), ntohl(sav->spi), error)); goto bad; } } @@ -650,11 +652,9 @@ in6_sa_equal_addrwithscope(const struct sockaddr_in6 *sa, const struct in6_addr * IPsec output logic for IPv6. */ int -ipsec6_process_packet( - struct mbuf *m, - struct ipsecrequest *isr - ) +ipsec6_process_packet(struct mbuf *m, struct ipsecrequest *isr) { + char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN]; struct secasindex saidx; struct secasvar *sav; struct ip6_hdr *ip6; @@ -704,9 +704,10 @@ ipsec6_process_packet( if (error != 0) { DPRINTF(("%s: encapsulation for SA %s->%s " "SPI 0x%08x failed with error %d\n", __func__, - ipsec_address(&sav->sah->saidx.src), - ipsec_address(&sav->sah->saidx.dst), - ntohl(sav->spi), error)); + ipsec_address(&sav->sah->saidx.src, sbuf, + sizeof(sbuf)), + ipsec_address(&sav->sah->saidx.dst, dbuf, + sizeof(dbuf)), ntohl(sav->spi), error)); goto bad; } } diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 292dba2d66d0..cb257a5800d9 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -567,6 +567,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) static int ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + char buf[128]; struct auth_hash *ahx; struct tdb_crypto *tc; struct newah *ah; @@ -596,7 +597,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) { AHSTAT_INC(ahs_replay); DPRINTF(("%s: packet replay failure: %s\n", __func__, - ipsec_logsastr(sav))); + ipsec_logsastr(sav, buf, sizeof(buf)))); m_freem(m); return ENOBUFS; } @@ -607,10 +608,10 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) authsize = AUTHSIZE(sav); if (hl != authsize + rplen - sizeof (struct ah)) { DPRINTF(("%s: bad authenticator length %u (expecting %lu)" - " for packet in SA %s/%08lx\n", __func__, - hl, (u_long) (authsize + rplen - sizeof (struct ah)), - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + " for packet in SA %s/%08lx\n", __func__, hl, + (u_long) (authsize + rplen - sizeof (struct ah)), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_badauthl); m_freem(m); return EACCES; @@ -695,6 +696,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int ah_input_cb(struct cryptop *crp) { + char buf[INET6_ADDRSTRLEN]; int rplen, error, skip, protoff; unsigned char calc[AH_ALEN_MAX]; struct mbuf *m; @@ -764,7 +766,7 @@ ah_input_cb(struct cryptop *crp) if (bcmp(ptr + skip + rplen, calc, authsize)) { DPRINTF(("%s: authentication hash mismatch for packet " "in SA %s/%08lx\n", __func__, - ipsec_address(&saidx->dst), + ipsec_address(&saidx->dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_badauth); error = EACCES; @@ -803,8 +805,8 @@ ah_input_cb(struct cryptop *crp) error = m_striphdr(m, skip, rplen + authsize); if (error) { DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__, - ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); - + ipsec_address(&saidx->dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_hdrops); goto bad; } @@ -843,13 +845,10 @@ bad: * AH output routine, called by ipsec[46]_process_packet(). */ static int -ah_output( - struct mbuf *m, - struct ipsecrequest *isr, - struct mbuf **mp, - int skip, - int protoff) +ah_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, + int skip, int protoff) { + char buf[INET6_ADDRSTRLEN]; struct secasvar *sav; struct auth_hash *ahx; struct cryptodesc *crda; @@ -887,7 +886,7 @@ ah_output( DPRINTF(("%s: unknown/unsupported protocol family %u, " "SA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_nopf); error = EPFNOSUPPORT; @@ -897,7 +896,7 @@ ah_output( if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) { DPRINTF(("%s: packet in SA %s/%08lx got too big " "(len %u, max len %u)\n", __func__, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi), rplen + authsize + m->m_pkthdr.len, maxpacketsize)); AHSTAT_INC(ahs_toobig); @@ -911,7 +910,7 @@ ah_output( m = m_unshare(m, M_NOWAIT); if (m == NULL) { DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_hdrops); error = ENOBUFS; @@ -924,7 +923,7 @@ ah_output( DPRINTF(("%s: failed to inject %u byte AH header for SA " "%s/%08lx\n", __func__, rplen + authsize, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_hdrops); /*XXX differs from openbsd */ error = ENOBUFS; @@ -951,9 +950,8 @@ ah_output( if (sav->replay->count == ~0 && (sav->flags & SADB_X_EXT_CYCSEQ) == 0) { DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n", - __func__, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_wrap); error = EINVAL; goto bad; diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index cc959966fa4b..2fbdb816b878 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -268,6 +268,7 @@ esp_zeroize(struct secasvar *sav) static int esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { + char buf[128]; struct auth_hash *esph; struct enc_xform *espx; struct tdb_crypto *tc; @@ -326,9 +327,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if ((plen & (espx->blocksize - 1)) || (plen <= 0)) { DPRINTF(("%s: payload of %d octets not a multiple of %d octets," " SA %s/%08lx\n", __func__, - plen, espx->blocksize, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst, + buf, sizeof(buf)), (u_long) ntohl(sav->spi))); ESPSTAT_INC(esps_badilen); m_freem(m); return EINVAL; @@ -340,7 +340,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (esph != NULL && sav->replay != NULL && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) { DPRINTF(("%s: packet replay check for %s\n", __func__, - ipsec_logsastr(sav))); /*XXX*/ + ipsec_logsastr(sav, buf, sizeof(buf)))); /*XXX*/ ESPSTAT_INC(esps_replay); m_freem(m); return ENOBUFS; /*XXX*/ @@ -431,6 +431,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int esp_input_cb(struct cryptop *crp) { + char buf[128]; u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN]; int hlen, skip, protoff, error, alen; struct mbuf *m; @@ -507,7 +508,7 @@ esp_input_cb(struct cryptop *crp) if (bcmp(ptr, aalg, alen) != 0) { DPRINTF(("%s: authentication hash mismatch for " "packet in SA %s/%08lx\n", __func__, - ipsec_address(&saidx->dst), + ipsec_address(&saidx->dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); ESPSTAT_INC(esps_badauth); error = EACCES; @@ -537,7 +538,7 @@ esp_input_cb(struct cryptop *crp) sizeof (seq), (caddr_t) &seq); if (ipsec_updatereplay(ntohl(seq), sav)) { DPRINTF(("%s: packet replay check for %s\n", __func__, - ipsec_logsastr(sav))); + ipsec_logsastr(sav, buf, sizeof(buf)))); ESPSTAT_INC(esps_replay); error = ENOBUFS; goto bad; @@ -555,7 +556,7 @@ esp_input_cb(struct cryptop *crp) if (error) { ESPSTAT_INC(esps_hdrops); DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); goto bad; } @@ -567,10 +568,10 @@ esp_input_cb(struct cryptop *crp) if (lastthree[1] + 2 > m->m_pkthdr.len - skip) { ESPSTAT_INC(esps_badilen); DPRINTF(("%s: invalid padding length %d for %u byte packet " - "in SA %s/%08lx\n", __func__, - lastthree[1], m->m_pkthdr.len - skip, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + "in SA %s/%08lx\n", __func__, lastthree[1], + m->m_pkthdr.len - skip, + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); error = EINVAL; goto bad; } @@ -580,9 +581,9 @@ esp_input_cb(struct cryptop *crp) if (lastthree[1] != lastthree[0] && lastthree[1] != 0) { ESPSTAT_INC(esps_badenc); DPRINTF(("%s: decryption failed for packet in " - "SA %s/%08lx\n", __func__, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + "SA %s/%08lx\n", __func__, ipsec_address( + &sav->sah->saidx.dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); error = EINVAL; goto bad; } @@ -628,14 +629,10 @@ bad: * ESP output routine, called by ipsec[46]_process_packet(). */ static int -esp_output( - struct mbuf *m, - struct ipsecrequest *isr, - struct mbuf **mp, - int skip, - int protoff -) +esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, + int skip, int protoff) { + char buf[INET6_ADDRSTRLEN]; struct enc_xform *espx; struct auth_hash *esph; int hlen, rlen, padding, blks, alen, i, roff; @@ -703,8 +700,8 @@ esp_output( default: DPRINTF(("%s: unknown/unsupported protocol " "family %d, SA %s/%08lx\n", __func__, - saidx->dst.sa.sa_family, ipsec_address(&saidx->dst), - (u_long) ntohl(sav->spi))); + saidx->dst.sa.sa_family, ipsec_address(&saidx->dst, + buf, sizeof(buf)), (u_long) ntohl(sav->spi))); ESPSTAT_INC(esps_nopf); error = EPFNOSUPPORT; goto bad; @@ -712,7 +709,8 @@ esp_output( if (skip + hlen + rlen + padding + alen > maxpacketsize) { DPRINTF(("%s: packet in SA %s/%08lx got too big " "(len %u, max len %u)\n", __func__, - ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi), + ipsec_address(&saidx->dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi), skip + hlen + rlen + padding + alen, maxpacketsize)); ESPSTAT_INC(esps_toobig); error = EMSGSIZE; @@ -725,7 +723,8 @@ esp_output( m = m_unshare(m, M_NOWAIT); if (m == NULL) { DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__, - ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); + ipsec_address(&saidx->dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); ESPSTAT_INC(esps_hdrops); error = ENOBUFS; goto bad; @@ -735,8 +734,8 @@ esp_output( mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { DPRINTF(("%s: %u byte ESP hdr inject failed for SA %s/%08lx\n", - __func__, hlen, ipsec_address(&saidx->dst), - (u_long) ntohl(sav->spi))); + __func__, hlen, ipsec_address(&saidx->dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); ESPSTAT_INC(esps_hdrops); /* XXX diffs from openbsd */ error = ENOBUFS; goto bad; @@ -765,7 +764,8 @@ esp_output( pad = (u_char *) m_pad(m, padding + alen); if (pad == NULL) { DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__, - ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); + ipsec_address(&saidx->dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); m = NULL; /* NB: free'd by m_pad */ error = ENOBUFS; goto bad; @@ -876,6 +876,7 @@ bad: static int esp_output_cb(struct cryptop *crp) { + char buf[INET6_ADDRSTRLEN]; struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; @@ -893,7 +894,7 @@ esp_output_cb(struct cryptop *crp) if (sav != isr->sav) { ESPSTAT_INC(esps_notdb); DPRINTF(("%s: SA gone during crypto (SA %s/%08lx proto %u)\n", - __func__, ipsec_address(&tc->tc_dst), + __func__, ipsec_address(&tc->tc_dst, buf, sizeof(buf)), (u_long) ntohl(tc->tc_spi), tc->tc_proto)); error = ENOBUFS; /*XXX*/ goto bad; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index e7035cb63c06..5f3afd93832a 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -224,6 +224,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int ipcomp_input_cb(struct cryptop *crp) { + char buf[INET6_ADDRSTRLEN]; struct cryptodesc *crd; struct tdb_crypto *tc; int skip, protoff; @@ -298,8 +299,8 @@ ipcomp_input_cb(struct cryptop *crp) if (error) { IPCOMPSTAT_INC(ipcomps_hdrops); DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); goto bad; } @@ -340,14 +341,10 @@ bad: * IPComp output routine, called by ipsec[46]_process_packet() */ static int -ipcomp_output( - struct mbuf *m, - struct ipsecrequest *isr, - struct mbuf **mp, - int skip, - int protoff -) +ipcomp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, + int skip, int protoff) { + char buf[INET6_ADDRSTRLEN]; struct secasvar *sav; struct comp_algo *ipcompx; int error, ralen, maxpacketsize; @@ -391,7 +388,7 @@ ipcomp_output( DPRINTF(("%s: unknown/unsupported protocol family %d, " "IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); error = EPFNOSUPPORT; goto bad; @@ -400,7 +397,7 @@ ipcomp_output( IPCOMPSTAT_INC(ipcomps_toobig); DPRINTF(("%s: packet in IPCA %s/%08lx got too big " "(len %u, max len %u)\n", __func__, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi), ralen + skip + IPCOMP_HLENGTH, maxpacketsize)); error = EMSGSIZE; @@ -414,8 +411,8 @@ ipcomp_output( if (m == NULL) { IPCOMPSTAT_INC(ipcomps_hdrops); DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n", - __func__, ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); error = ENOBUFS; goto bad; } @@ -482,6 +479,7 @@ bad: static int ipcomp_output_cb(struct cryptop *crp) { + char buf[INET6_ADDRSTRLEN]; struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; @@ -539,8 +537,8 @@ ipcomp_output_cb(struct cryptop *crp) if (mo == NULL) { IPCOMPSTAT_INC(ipcomps_wrap); DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n", - __func__, ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); error = ENOBUFS; goto bad; } @@ -586,8 +584,8 @@ ipcomp_output_cb(struct cryptop *crp) DPRINTF(("%s: unknown/unsupported protocol " "family %d, IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); error = EPFNOSUPPORT; goto bad; } |