diff options
| author | itojun <itojun@FreeBSD.org> | 1998-02-27 10:02:49 +0000 |
|---|---|---|
| committer | itojun <itojun@FreeBSD.org> | 1998-02-27 10:02:49 +0000 |
| commit | 74e335fcf267f7e61d607cd06a428f6046b70006 (patch) | |
| tree | 693f15d89b842a20863f4d1ed8fc8c0e0c0f9443 | |
| parent | 68d701fa4292eab00ec75bf375116d55009499b5 (diff) | |
| download | FreeBSD-src-74e335fcf267f7e61d607cd06a428f6046b70006.zip FreeBSD-src-74e335fcf267f7e61d607cd06a428f6046b70006.tar.gz | |
make sys/netkey/key{,_debug}.c compile. I believe it works but not tested.
I'll polish the code later on.
| -rw-r--r-- | sys/conf/NOTES | 6 | ||||
| -rw-r--r-- | sys/conf/files | 1 | ||||
| -rw-r--r-- | sys/conf/options | 6 | ||||
| -rw-r--r-- | sys/i386/conf/LINT | 6 | ||||
| -rw-r--r-- | sys/i386/conf/NOTES | 6 | ||||
| -rw-r--r-- | sys/netkey/key.c | 170 | ||||
| -rw-r--r-- | sys/netkey/key.h | 68 | ||||
| -rw-r--r-- | sys/netkey/key_debug.c | 226 | ||||
| -rw-r--r-- | sys/netkey/key_debug.h | 56 |
9 files changed, 370 insertions, 175 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 2ebb364..357fdf4 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.411 1998/02/21 10:11:41 eivind Exp $ +# $Id: LINT,v 1.412 1998/02/24 22:24:46 phk Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -1401,8 +1401,8 @@ options "I586_PMC_GUPROF=0x70000" options "IBCS2" # broken: #options IPFILTER -# broken: -#options KEY +options KEY +options KEY_DEBUG options LOCKF_DEBUG options LOUTB options KBD_MAXRETRY=4 diff --git a/sys/conf/files b/sys/conf/files index c9ac6e5..096a8a2 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -340,6 +340,7 @@ netipx/spx_usrreq.c optional ipx #netiso/tuba_table.c optional iso tuba #netiso/tuba_usrreq.c optional iso tuba netkey/key.c optional key +netkey/key_debug.c optional key_debug netnatm/natm.c optional natm netnatm/natm_pcb.c optional natm netnatm/natm_proto.c optional natm diff --git a/sys/conf/options b/sys/conf/options index 507d9f4..9034850 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -1,4 +1,4 @@ -# $Id: options,v 1.61 1998/02/16 23:57:33 eivind Exp $ +# $Id: options,v 1.62 1998/02/23 07:42:43 dyson Exp $ # Format: # Option name filename @@ -180,3 +180,7 @@ SIMPLELOCK_DEBUG opt_global.h VM_KMEM_SIZE opt_vm.h VM_KMEM_SIZE_SCALE opt_vm.h VM_KMEM_SIZE_MAX opt_vm.h + +# sys/netkey +KEY +KEY_DEBUG opt_key.h diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT index 2ebb364..357fdf4 100644 --- a/sys/i386/conf/LINT +++ b/sys/i386/conf/LINT @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.411 1998/02/21 10:11:41 eivind Exp $ +# $Id: LINT,v 1.412 1998/02/24 22:24:46 phk Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -1401,8 +1401,8 @@ options "I586_PMC_GUPROF=0x70000" options "IBCS2" # broken: #options IPFILTER -# broken: -#options KEY +options KEY +options KEY_DEBUG options LOCKF_DEBUG options LOUTB options KBD_MAXRETRY=4 diff --git a/sys/i386/conf/NOTES b/sys/i386/conf/NOTES index 2ebb364..357fdf4 100644 --- a/sys/i386/conf/NOTES +++ b/sys/i386/conf/NOTES @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.411 1998/02/21 10:11:41 eivind Exp $ +# $Id: LINT,v 1.412 1998/02/24 22:24:46 phk Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -1401,8 +1401,8 @@ options "I586_PMC_GUPROF=0x70000" options "IBCS2" # broken: #options IPFILTER -# broken: -#options KEY +options KEY +options KEY_DEBUG options LOCKF_DEBUG options LOUTB options KBD_MAXRETRY=4 diff --git a/sys/netkey/key.c b/sys/netkey/key.c index f132148..ea7706d 100644 --- a/sys/netkey/key.c +++ b/sys/netkey/key.c @@ -1,3 +1,6 @@ +/* + * modified by Jun-ichiro itojun Itoh <itojun@itojun.org>, 1997 + */ /*---------------------------------------------------------------------- key.c : Key Management Engine for BSD @@ -72,6 +75,10 @@ Research Laboratory (NRL). ----------------------------------------------------------------------*/ +#include "opt_key.h" + +#ifdef KEY + #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> @@ -188,18 +195,21 @@ key_secassoc2msghdr(struct key_secassoc *secassoc, return(-1); km->type = secassoc->type; + km->vers = secassoc->vers; km->state = secassoc->state; km->label = secassoc->label; km->spi = secassoc->spi; km->keylen = secassoc->keylen; + km->ekeylen = secassoc->ekeylen; km->ivlen = secassoc->ivlen; km->algorithm = secassoc->algorithm; km->lifetype = secassoc->lifetype; km->lifetime1 = secassoc->lifetime1; km->lifetime2 = secassoc->lifetime2; + km->antireplay = secassoc->antireplay; /* - * Stuff src/dst/from/key/iv in buffer after + * Stuff src/dst/from/key/iv/ekey in buffer after * the message header. */ cp = (char *)(km + 1); @@ -251,6 +261,14 @@ key_secassoc2msghdr(struct key_secassoc *secassoc, ADVANCE(cp, secassoc->ivlen); } + DPRINTF(IDL_FINISHED, ("sa2msghdr: 6\n")); + keyinfo->ekey = cp; + keyinfo->ekeylen = secassoc->ekeylen; + if (secassoc->ekeylen) { + bcopy((char *)(secassoc->ekey), cp, secassoc->ekeylen); + ADVANCE(cp, secassoc->ekeylen); + } + DDO(IDL_FINISHED,printf("msgbuf(len=%d):\n",(char *)cp - (char *)km)); DDO(IDL_FINISHED,dump_buf((char *)km, (char *)cp - (char *)km)); DPRINTF(IDL_FINISHED, ("sa2msghdr: 6\n")); @@ -275,15 +293,18 @@ key_msghdr2secassoc(struct key_secassoc *secassoc, secassoc->len = sizeof(*secassoc); secassoc->type = km->type; + secassoc->vers = km->vers; secassoc->state = km->state; secassoc->label = km->label; secassoc->spi = km->spi; secassoc->keylen = km->keylen; + secassoc->ekeylen = km->ekeylen; secassoc->ivlen = km->ivlen; secassoc->algorithm = km->algorithm; secassoc->lifetype = km->lifetype; secassoc->lifetime1 = km->lifetime1; secassoc->lifetime2 = km->lifetime2; + secassoc->antireplay = km->antireplay; if (keyinfo->src) { KMALLOC(secassoc->src, SOCKADDR *, keyinfo->src->sa_len); @@ -342,6 +363,21 @@ key_msghdr2secassoc(struct key_secassoc *secassoc, bcopy((char *)keyinfo->key, (char *)secassoc->key, secassoc->keylen); } else secassoc->key = NULL; + + if (secassoc->ekeylen) { + KMALLOC(secassoc->ekey, caddr_t, secassoc->ekeylen); + if (secassoc->ekey == 0) { + DPRINTF(IDL_ERROR,("msghdr2secassoc: can't allocate mem for ekey\n")); + if (secassoc->iv) + KFREE(secassoc->iv); + if (secassoc->key) + KFREE(secassoc->key); + return(-1); + } + bcopy((char *)keyinfo->ekey, (char *)secassoc->ekey, secassoc->ekeylen); + } else + secassoc->ekey = NULL; + return(0); } @@ -364,8 +400,8 @@ addrpart_equal(SOCKADDR *sa1, SOCKADDR *sa2) ((struct sockaddr_in *)sa2)->sin_addr.s_addr); #ifdef INET6 case AF_INET6: - return (IN6_ADDR_EQUAL(((struct sockaddr_in6 *)sa1)->sin6_addr, - ((struct sockaddr_in6 *)sa2)->sin6_addr)); + return (IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)sa1)->sin6_addr, + &((struct sockaddr_in6 *)sa2)->sin6_addr)); #endif /* INET6 */ } return(0); @@ -467,7 +503,7 @@ key_createkey(char *buf, u_int type, SOCKADDR *src, SOCKADDR *dst, (char *)&(((struct sockaddr_in *)(a))->sin_addr) #define ADDRSIZE(a) \ - ((a)->sa_family == AF_INET6) ? sizeof(struct in_addr6) : \ + ((a)->sa_family == AF_INET6) ? sizeof(struct in6_addr) : \ sizeof(struct in_addr) #else /* INET6 */ #define ADDRPART(a) (char *)&(((struct sockaddr_in *)(a))->sin_addr) @@ -533,7 +569,7 @@ key_sosearch(u_int type, SOCKADDR *src, SOCKADDR *dst, struct socket *so) * flag = 1 purge all entries * flag = 0 delete entries with socket pointer matching socket ----------------------------------------------------------------------*/ -static void +void key_sodelete(struct socket *socket, int flag) { struct key_so2spinode *prevnp, *np; @@ -739,6 +775,13 @@ key_add(struct key_secassoc *secassoc) #endif /* 0 */ /* + * initialization for anti-replay services. + */ + secassoc->sequence = 0; + secassoc->replayright = 0; + secassoc->replaywindow = 0; + + /* * Check if secassoc with same spi exists before adding */ bzero((char *)&buf, sizeof(buf)); @@ -856,14 +899,16 @@ key_dump(struct socket *so) struct key_msgdata keyinfo; struct key_msghdr *km; struct key_tblnode *keynode; + int kmlen; /* * Routine to dump the key table to a routing socket * Use for debugging only! */ - KMALLOC(km, struct key_msghdr *, sizeof(struct key_msghdr) + - 3 * MAX_SOCKADDR_SZ + MAX_KEY_SZ + MAX_IV_SZ); + kmlen = sizeof(struct key_msghdr) + 3 * MAX_SOCKADDR_SZ + MAX_KEY_SZ + + MAX_IV_SZ; + KMALLOC(km, struct key_msghdr *, kmlen); if (!km) return(ENOBUFS); @@ -886,7 +931,16 @@ key_dump(struct socket *so) ROUNDUP(keynode->secassoc->dst->sa_len) + ROUNDUP(keynode->secassoc->from->sa_len) + ROUNDUP(keynode->secassoc->keylen) + - ROUNDUP(keynode->secassoc->ivlen)); + ROUNDUP(keynode->secassoc->ivlen) + + ROUNDUP(keynode->secassoc->ekeylen)); + + if (kmlen < len) { + KFREE(km); + kmlen = len; + KMALLOC(km, struct key_msghdr *, kmlen); + if (!km) + return(ENOBUFS); + } if (key_secassoc2msghdr(keynode->secassoc, km, &keyinfo) != 0) panic("key_dump"); @@ -999,6 +1053,8 @@ key_delete(struct key_secassoc *secassoc) KFREE(keynode->secassoc->iv); if (keynode->secassoc->key) KFREE(keynode->secassoc->key); + if (keynode->secassoc->ekey) + KFREE(keynode->secassoc->ekey); KFREE(keynode->secassoc); if (keynode->solist) KFREE(keynode->solist); @@ -1019,15 +1075,25 @@ key_flush(void) { struct key_tblnode *keynode; int i; +#if 1 + int timo; +#endif /* * This is slow, but simple. */ DPRINTF(IDL_FINISHED,("Flushing key table...")); for (i = 0; i < KEYTBLSIZE; i++) { - while ((keynode = keytable[i].next)) + timo = 0; + while ((keynode = keytable[i].next)) { if (key_delete(keynode->secassoc) != 0) panic("key_flush"); + timo++; + if (10000 < timo) { +printf("key_flush: timo exceeds limit; terminate the loop to prevent hangup\n"); + break; + } + } } DPRINTF(IDL_FINISHED,("done\n")); } @@ -1040,8 +1106,8 @@ key_flush(void) * entry with that same spi value remains in the table). ----------------------------------------------------------------------*/ int -key_getspi(u_int type, SOCKADDR *src, SOCKADDR *dst, u_int32_t lowval, - u_int32_t highval, u_int32_t *spi) +key_getspi(u_int type, u_int vers, SOCKADDR *src, SOCKADDR *dst, + u_int32_t lowval, u_int32_t highval, u_int32_t *spi) { struct key_secassoc *secassoc; struct key_tblnode *keynode, *prevkeynode; @@ -1095,6 +1161,7 @@ key_getspi(u_int type, SOCKADDR *src, SOCKADDR *dst, u_int32_t lowval, DPRINTF(IDL_FINISHED,("getspi: indx=%d\n",indx)); secassoc->len = sizeof(struct key_secassoc); secassoc->type = type; + secassoc->vers = vers; secassoc->spi = val; secassoc->state |= K_LARVAL; if (my_addr(secassoc->dst)) @@ -1205,6 +1272,8 @@ key_update(struct key_secassoc *secassoc) KFREE(keynode->secassoc->key); if (keynode->secassoc->iv) KFREE(keynode->secassoc->iv); + if (keynode->secassoc->ekey) + KFREE(keynode->secassoc->ekey); /* * We now copy the secassoc over. We don't need to copy @@ -1439,10 +1508,12 @@ key_acquire(u_int type, SOCKADDR *src, SOCKADDR *dst) if (success) { if (!ap) { DPRINTF(IDL_EVENT,("Adding new entry in acquirelist\n")); - KMALLOC(ap, struct key_acquirelist *, sizeof(struct key_acquirelist)); + KMALLOC(ap, struct key_acquirelist *, + sizeof(struct key_acquirelist) + dst->sa_len); if (ap == 0) return(success ? 0 : -1); bzero((char *)ap, sizeof(struct key_acquirelist)); + ap->target = (struct sockaddr *)(ap + 1); bcopy((char *)dst, (char *)ap->target, dst->sa_len); ap->type = etype; ap->next = key_acquirelist->next; @@ -1752,8 +1823,8 @@ key_xdata(struct key_msghdr *km, struct key_msgdata *kip, int parseflag) ADVANCE(cp, kip->dst->sa_len); if (parseflag == 1) { kip->from = 0; - kip->key = kip->iv = 0; - kip->keylen = kip->ivlen = 0; + kip->key = kip->iv = kip->ekey = 0; + kip->keylen = kip->ivlen = kip->ekeylen = 0; return(0); } @@ -1774,11 +1845,19 @@ key_xdata(struct key_msghdr *km, struct key_msgdata *kip, int parseflag) kip->key = 0; /* Grab iv */ - if ((kip->ivlen = km->ivlen)) + if ((kip->ivlen = km->ivlen)) { kip->iv = cp; - else + ADVANCE(cp, km->ivlen); + } else kip->iv = 0; + /* Grab ekey */ + if ((kip->ekeylen = km->ekeylen)) { + kip->ekey = cp; + ADVANCE(cp, km->ekeylen); + } else + kip->ekey = 0; + return (0); } @@ -1841,6 +1920,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily) KFREE(secassoc->key); if (secassoc->iv) KFREE(secassoc->iv); + if (secassoc->ekey) + KFREE(secassoc->ekey); KFREE(secassoc); if (keyerror == -2) { senderr(EEXIST); @@ -1868,6 +1949,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily) KFREE(secassoc->iv); if (secassoc->key) KFREE(secassoc->key); + if (secassoc->ekey) + KFREE(secassoc->ekey); KFREE(secassoc); senderr(ESRCH); } @@ -1875,6 +1958,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily) KFREE(secassoc->iv); if (secassoc->key) KFREE(secassoc->key); + if (secassoc->ekey) + KFREE(secassoc->ekey); KFREE(secassoc); break; case KEY_UPDATE: @@ -1897,6 +1982,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily) KFREE(secassoc->iv); if (secassoc->key) KFREE(secassoc->key); + if (secassoc->ekey) + KFREE(secassoc->ekey); KFREE(secassoc); senderr(keyerror); } @@ -1921,7 +2008,8 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily) DPRINTF(IDL_EVENT,("keyoutput: Found secassoc!\n")); newlen = sizeof(struct key_msghdr) + ROUNDUP(secassoc->src->sa_len) + ROUNDUP(secassoc->dst->sa_len) + ROUNDUP(secassoc->from->sa_len) + - ROUNDUP(secassoc->keylen) + ROUNDUP(secassoc->ivlen); + ROUNDUP(secassoc->keylen) + ROUNDUP(secassoc->ivlen) + + ROUNDUP(secassoc->ekeylen); DPRINTF(IDL_EVENT,("keyoutput: newlen=%d\n", newlen)); if (newlen > km->key_msglen) { struct key_msghdr *newkm; @@ -1953,7 +2041,7 @@ key_parse(struct key_msghdr **kmp, struct socket *so, int *dstfamily) if (key_xdata(km, &keyinfo, 1) < 0) goto parsefail; - if ((keyerror = key_getspi(km->type, keyinfo.src, keyinfo.dst, + if ((keyerror = key_getspi(km->type, km->vers, keyinfo.src, keyinfo.dst, km->lifetime1, km->lifetime2, &(km->spi))) != 0) { DPRINTF(IDL_CRITICAL,("keyoutput: getspi failed error=%d\n", keyerror)); @@ -2014,18 +2102,23 @@ key_sendup(s, km) struct key_msghdr *km; { struct mbuf *m; + + if (!km) + panic("km == NULL in key_sendup\n"); MGETHDR(m, M_WAIT, MT_DATA); m->m_len = m->m_pkthdr.len = 0; m->m_next = 0; m->m_nextpkt = 0; m->m_pkthdr.rcvif = 0; - m_copyback(m, 0, km->key_msglen, (caddr_t)km); + if (km) + m_copyback(m, 0, km->key_msglen, (caddr_t)km); if (sbappendaddr(&(s->so_rcv), &key_addr, m, NULL)) { sorwakeup(s); return 1; - } else - m_freem(m); + } else { + if (m) m_freem(m); + } return(0); } @@ -2076,15 +2169,15 @@ my_addr(sa) switch(sa->sa_family) { #ifdef INET6 case AF_INET6: - for (i6a = in6_ifaddr; i6a; i6a = i6a->i6a_next) { - if (IN6_ADDR_EQUAL(((struct sockaddr_in6 *)sa)->sin6_addr, - i6a->i6a_addr.sin6_addr)) + for (i6a = in6_ifaddr; i6a; i6a = i6a->ia_next) { /*XXX*/ + if (IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)sa)->sin6_addr, + &i6a->ia_addr.sin6_addr)) return(1); } break; #endif /* INET6 */ case AF_INET: - for (ia = in_ifaddr; ia; ia = ia->ia_next) { + for (ia = in_ifaddrhead.tqh_first; ia; ia = ia->ia_link.tqe_next) { if (((struct sockaddr_in *)sa)->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) return(1); @@ -2139,7 +2232,8 @@ key_output(struct mbuf *m, struct socket *so) km->key_errno = error = key_parse(&km, so, &dstfamily); DPRINTF(IDL_MAJOR_EVENT, ("Back from key_parse\n")); flush: - key_sendup(so, km); + if (km) + key_sendup(so, km); #if 0 { struct rawcb *rp = 0; @@ -2209,6 +2303,7 @@ key_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, } s = splnet(); error = raw_usrreq(so, req, m, nam, control); + if (!so) return error; rp = sotorawcb(so); if (req == PRU_ATTACH && rp) { @@ -2225,7 +2320,19 @@ key_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, keyso_cb.ip6_count++; #endif /* INET6 */ keyso_cb.any_count++; +#if 0 /*itojun*/ rp->rcb_faddr = &key_addr; +#else + { + struct mbuf *m; + MGET(m, M_DONTWAIT, MT_DATA); + if (m) { + rp->rcb_faddr = mtod(m, struct sockaddr *); + bcopy(&key_addr, rp->rcb_faddr, sizeof(SOCKADDR)); + } else + rp->rcb_faddr = NULL; + } +#endif soisconnected(so); /* Key socket, like routing socket, must be connected. */ @@ -2262,12 +2369,17 @@ struct protosw keysw[] = { { SOCK_RAW, &keydomain, 0, PR_ATOMIC|PR_ADDR, raw_input, key_output, raw_ctlinput, 0, key_usrreq, - key_cbinit -} + key_cbinit, 0, 0, 0, + 0, +}, }; struct domain keydomain = { PF_KEY, "key", key_init, 0, 0, keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] }; -DOMAIN_SET(key) +#ifdef __FreeBSD__ +DOMAIN_SET(key); +#endif + +#endif /*KEY*/ diff --git a/sys/netkey/key.h b/sys/netkey/key.h index 920f9c4..5eb9bba 100644 --- a/sys/netkey/key.h +++ b/sys/netkey/key.h @@ -137,20 +137,28 @@ Research Laboratory (NRL). struct key_secassoc { u_int8_t len; /* Length of the data (for radix) */ u_int8_t type; /* Type of association */ + u_int8_t vers; /* Version of association (AH/ESP) */ u_int8_t state; /* State of the association */ u_int8_t label; /* Sensitivity label (unused) */ u_int32_t spi; /* SPI */ u_int8_t keylen; /* Key length */ + u_int8_t ekeylen;/* Extra key length */ u_int8_t ivlen; /* Initialization vector length */ u_int8_t algorithm; /* Algorithm switch index */ u_int8_t lifetype; /* Type of lifetime */ caddr_t iv; /* Initialization vector */ caddr_t key; /* Key */ + caddr_t ekey; /* Extra key */ u_int32_t lifetime1; /* Lifetime value 1 */ u_int32_t lifetime2; /* Lifetime value 2 */ struct sockaddr *src; /* Source host address */ struct sockaddr *dst; /* Destination host address */ struct sockaddr *from; /* Originator of association */ + + int antireplay; /*anti replay flag*/ + u_int32_t sequence; /*send: sequence number*/ + u_int32_t replayright; /*receive: replay window, right*/ + u_int64_t replaywindow; /*receive: replay window*/ }; /* @@ -168,16 +176,20 @@ struct key_msghdr { int key_seq;/* message sequence number */ int key_errno; /* error code */ u_int8_t type; /* type of security association */ + u_int8_t vers; /* version of security association (AH/ESP) */ u_int8_t state; /* state of security association */ u_int8_t label; /* sensitivity level */ u_int8_t pad; /* padding for allignment */ u_int32_t spi; /* spi value */ u_int8_t keylen; /* key length */ + u_int8_t ekeylen;/* extra key length */ u_int8_t ivlen; /* iv length */ u_int8_t algorithm; /* algorithm identifier */ u_int8_t lifetype; /* type of lifetime */ u_int32_t lifetime1; /* lifetime value 1 */ u_int32_t lifetime2; /* lifetime value 2 */ + + int antireplay; /* anti replay flag */ }; struct key_msgdata { @@ -186,8 +198,10 @@ struct key_msgdata { struct sockaddr *from; /* originator of security association */ caddr_t iv; /* initialization vector */ caddr_t key; /* key */ + caddr_t ekey; /* extra key */ int ivlen; /* key length */ int keylen; /* iv length */ + int ekeylen; /* extra key length */ }; struct policy_msghdr { @@ -248,37 +262,39 @@ struct key_acquirelist { }; struct keyso_cb { - int ip4_count; /* IPv4 */ + int ip4_count; #ifdef INET6 - int ip6_count; /* IPv6 */ -#endif /* INET6 */ - int any_count; /* Sum of above counters */ + int ip6_count; +#endif /*INET6*/ + int any_count; /* Sum of above counters */ }; #ifdef KERNEL -int key_inittables __P((void)); -int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *, - struct key_msgdata *)); -int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *, - struct key_msgdata *)); -int key_add __P((struct key_secassoc *)); -int key_delete __P((struct key_secassoc *)); -int key_get __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t, - struct key_secassoc **)); -void key_flush __P((void)); -int key_dump __P((struct socket *)); -int key_getspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t, - u_int32_t, u_int32_t *)); -int key_update __P((struct key_secassoc *)); -int key_register __P((struct socket *, u_int)); -void key_unregister __P((struct socket *, u_int, int)); -int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *)); -int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *, u_int32_t, - struct key_tblnode **)); -int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *, +extern int key_secassoc2msghdr __P((struct key_secassoc *, struct key_msghdr *, + struct key_msgdata *)); +extern int key_msghdr2secassoc __P((struct key_secassoc *, struct key_msghdr *, + struct key_msgdata *)); +extern int key_inittables __P((void)); +extern void key_sodelete __P((struct socket *, int)); +extern int key_add __P((struct key_secassoc *)); +extern int key_delete __P((struct key_secassoc *)); +extern int key_get __P((u_int, struct sockaddr *, struct sockaddr *, + u_int32_t, struct key_secassoc **)); +extern void key_flush __P((void)); +extern int key_dump __P((struct socket *)); +extern int key_getspi __P((u_int, u_int, struct sockaddr *, struct sockaddr *, + u_int32_t, u_int32_t, u_int32_t *)); +extern int key_update __P((struct key_secassoc *)); +extern int key_register __P((struct socket *, u_int)); +extern void key_unregister __P((struct socket *, u_int, int)); +extern int key_acquire __P((u_int, struct sockaddr *, struct sockaddr *)); +extern int getassocbyspi __P((u_int, struct sockaddr *, struct sockaddr *, + u_int32_t, struct key_tblnode **)); +extern int getassocbysocket __P((u_int, struct sockaddr *, struct sockaddr *, struct socket *, u_int, struct key_tblnode **)); -void key_free __P((struct key_tblnode *)); -int key_parse __P((struct key_msghdr ** km, struct socket * so, int *)); +extern void key_free __P((struct key_tblnode *)); +extern int key_parse __P((struct key_msghdr ** km, struct socket * so, + int *)); #endif /* KERNEL */ #endif /* _netkey_key_h */ diff --git a/sys/netkey/key_debug.c b/sys/netkey/key_debug.c index c928c84..8819e09 100644 --- a/sys/netkey/key_debug.c +++ b/sys/netkey/key_debug.c @@ -1,4 +1,7 @@ /* + * modified by Jun-ichiro itojun Itoh <itojun@itojun.org>, 1997 + */ +/* * in6_debug.c -- Insipired by Craig Metz's Net/2 in6_debug.c, but * not quite as heavyweight (initially, anyway). * @@ -68,17 +71,25 @@ Research Laboratory (NRL). #define INET6_DEBUG_C -#include <netkey/osdep_44bsd.h> +#include "opt_key.h" + +#ifdef KEY +#ifdef KEY_DEBUG /*wraps the whole code*/ + +/*#include <netkey/osdep_44bsd.h>*/ #include <sys/types.h> #include <sys/param.h> #include <sys/socket.h> #include <sys/mbuf.h> +#include <sys/systm.h> #include <net/if.h> #include <net/if_dl.h> #include <net/route.h> +#include <netinet/in.h> + #include <netinet/in_systm.h> #include <netinet/ip.h> #include <netinet/in_pcb.h> @@ -86,9 +97,10 @@ Research Laboratory (NRL). #ifdef INET6 #include <netinet6/in6.h> #include <netinet6/in6_var.h> -#include <netinet6/ipv6.h> -#include <netinet6/ipv6_var.h> -#include <netinet6/ipv6_icmp.h> +#include <netinet6/ip6.h> +#include <netinet6/ip6_var.h> +#include <netinet6/icmp6.h> +#include <netinet6/in6_pcb.h> #else /* INET6 */ #if 0 #include "in6_types.h" @@ -100,6 +112,7 @@ Research Laboratory (NRL). #ifdef KEY_DEBUG #include <netkey/key.h> +#include <netkey/key_debug.h> #endif /* KEY_DEBUG */ #ifdef IPSEC_DEBUG #include <netsec/ipsec.h> @@ -109,11 +122,6 @@ Research Laboratory (NRL). #include <netinet6/in6_debug.h> #endif -#ifndef DEFARGS -#define DEFARGS(arglist, args) arglist args; -#define AND ; -#endif /* DEFARGS */ - /* * Globals */ @@ -126,7 +134,7 @@ unsigned int in6_debug_level = IDL_FINISHED + 1; /* 0 is no debugging */ * Functions and macros. */ -void in6_debug_init DEFARGS((), void) +void in6_debug_init() { /* For now, nothing. */ } @@ -141,14 +149,14 @@ void in6_debug_init DEFARGS((), void) /*---------------------------------------------------------------------- * Dump an IPv6 address. Don't compress 0's out because of debugging. ----------------------------------------------------------------------*/ -void dump_in_addr6 DEFARGS((in_addr6), - struct in_addr6 *in_addr6) +void dump_in6_addr(in6_addr) + struct in6_addr *in6_addr; { - u_short *shorts = (u_short *)in_addr6; + u_short *shorts = (u_short *)in6_addr; int i = 0; - if (!in_addr6) { - printf("Dereference a NULL in_addr6? I don't think so.\n"); + if (!in6_addr) { + printf("Dereference a NULL in6_addr? I don't think so.\n"); return; } @@ -162,8 +170,8 @@ void dump_in_addr6 DEFARGS((in_addr6), /*---------------------------------------------------------------------- * Dump and IPv4 address in x.x.x.x form. ----------------------------------------------------------------------*/ -void dump_in_addr DEFARGS((in_addr), - struct in_addr *in_addr) +void dump_in_addr(in_addr) + struct in_addr *in_addr; { u_char *chars = (u_char *)in_addr; int i = 0; @@ -182,8 +190,8 @@ void dump_in_addr DEFARGS((in_addr), /*---------------------------------------------------------------------- * Dump an IPv6 socket address. ----------------------------------------------------------------------*/ -void dump_sockaddr_in6 DEFARGS((sin6), - struct sockaddr_in6 *sin6) +void dump_sockaddr_in6(sin6) + struct sockaddr_in6 *sin6; { if (!sin6) { printf("Dereference a NULL sockaddr_in6? I don't think so.\n"); @@ -195,15 +203,15 @@ void dump_sockaddr_in6 DEFARGS((sin6), htons(sin6->sin6_port)); printf("sin6_flowinfo = 0x%x\n",sin6->sin6_flowinfo); printf("sin6_addr = "); - dump_in_addr6(&sin6->sin6_addr); + dump_in6_addr(&sin6->sin6_addr); } #endif /* INET6 */ /*---------------------------------------------------------------------- * Dump an IPv4 socket address. ----------------------------------------------------------------------*/ -void dump_sockaddr_in DEFARGS((sin), - struct sockaddr_in *sin) +void dump_sockaddr_in(sin) + struct sockaddr_in *sin; { int i; @@ -230,8 +238,8 @@ void dump_sockaddr_in DEFARGS((sin), * Dump a generic socket address. Use if no family-specific routine is * available. ----------------------------------------------------------------------*/ -void dump_sockaddr DEFARGS((sa), -SOCKADDR *sa) +void dump_sockaddr(sa) + struct sockaddr *sa; { if (!sa) { printf("Dereference a NULL sockaddr? I don't think so.\n"); @@ -257,8 +265,8 @@ SOCKADDR *sa) * Dump a link-layer socket address. (Not that there are user-level link * layer sockets, but there are plenty of link-layer addresses in the kernel.) ----------------------------------------------------------------------*/ -void dump_sockaddr_dl DEFARGS((sdl), - struct sockaddr_dl *sdl) +void dump_sockaddr_dl(sdl) + struct sockaddr_dl *sdl; { char buf[256]; @@ -299,8 +307,8 @@ void dump_sockaddr_dl DEFARGS((sdl), /*---------------------------------------------------------------------- * Dump a socket address, calling a family-specific routine if available. ----------------------------------------------------------------------*/ -void dump_smart_sockaddr DEFARGS((sa), -SOCKADDR *sa) +void dump_smart_sockaddr(sa) + struct sockaddr *sa; { DPRINTF(IDL_MAJOR_EVENT, ("Entering dump_smart_sockaddr\n")); if (!sa) { @@ -331,30 +339,30 @@ SOCKADDR *sa) /*---------------------------------------------------------------------- * Dump an IPv6 header. ----------------------------------------------------------------------*/ -void dump_ipv6 DEFARGS((ipv6), - struct ipv6 *ipv6) +void dump_ipv6(ip6) + struct ip6 *ip6; { - if (!ipv6) { - printf("Dereference a NULL ipv6? I don't think so.\n"); + if (!ip6) { + printf("Dereference a NULL ip6? I don't think so.\n"); return; } - printf("Vers & flow label (conv to host order) 0x%x\n", - htonl(ipv6->ipv6_versfl)); + printf("Vers = %d, pri = 0x%x, flow label = 0x%x\n", + ip6->ip6_v, ip6->ip6_pri, htonl(ip6->ip6_flbl)); printf("Length (conv) = %d, nexthdr = %d, hoplimit = %d.\n", - htons(ipv6->ipv6_length),ipv6->ipv6_nexthdr,ipv6->ipv6_hoplimit); + htons(ip6->ip6_len),ip6->ip6_nh,ip6->ip6_hlim); printf("Src: "); - dump_in_addr6(&ipv6->ipv6_src); + dump_in6_addr(&ip6->ip6_src); printf("Dst: "); - dump_in_addr6(&ipv6->ipv6_dst); + dump_in6_addr(&ip6->ip6_dst); } /*---------------------------------------------------------------------- * Dump an ICMPv6 header. This function is not very smart beyond the * type, code, and checksum. ----------------------------------------------------------------------*/ -dump_ipv6_icmp DEFARGS((icp), - struct ipv6_icmp *icp) +void dump_ipv6_icmp(icp) + struct icmp6 *icp; { int i; @@ -363,12 +371,9 @@ dump_ipv6_icmp DEFARGS((icp), return; } - printf("type %d, code %d, cksum (conv) = 0x%x\n",icp->icmp_type, - icp->icmp_code,htons(icp->icmp_cksum)); - printf("First four bytes: 0x%x",htonl(icp->icmp_unused)); - printf("Next four bytes: 0x"); - for (i=0;i<4;i++) - printf("%x",icp->icmp_echodata[i]); + printf("type %d, code %d, cksum (conv) = 0x%x\n",icp->icmp6_type, + icp->icmp6_code,htons(icp->icmp6_cksum)); + printf("First four bytes: 0x%x",htonl(icp->icmp6_flags)); printf("\n"); } #endif /* INET6 */ @@ -376,8 +381,8 @@ dump_ipv6_icmp DEFARGS((icp), /*---------------------------------------------------------------------- * Dump only the header fields of a single mbuf. ----------------------------------------------------------------------*/ -void dump_mbuf_hdr DEFARGS((m), - struct mbuf *m) +void dump_mbuf_hdr(m) + struct mbuf *m; { if (!m) { printf("Dereference a NULL mbuf? I don't think so.\n"); @@ -399,8 +404,8 @@ void dump_mbuf_hdr DEFARGS((m), /*---------------------------------------------------------------------- * Dump the entire contents of a single mbuf. ----------------------------------------------------------------------*/ -void dump_mbuf DEFARGS((m), - struct mbuf *m) +void dump_mbuf(m) + struct mbuf *m; { int i; @@ -415,8 +420,8 @@ void dump_mbuf DEFARGS((m), * Dump the contents of an mbuf chain. (WARNING: Lots of text may * result. ----------------------------------------------------------------------*/ -void dump_mchain DEFARGS((m), - struct mbuf *m) +void dump_mchain(m) + struct mbuf *m; { struct mbuf *walker; int i; @@ -429,8 +434,8 @@ void dump_mchain DEFARGS((m), /*---------------------------------------------------------------------- * Dump an mbuf chain's data in a format similar to tcpdump(8). ----------------------------------------------------------------------*/ -void dump_tcpdump DEFARGS((m), - struct mbuf *m) +void dump_tcpdump(m) + struct mbuf *m; { struct mbuf *walker; int i, j, count; @@ -441,18 +446,18 @@ void dump_tcpdump DEFARGS((m), printf("\n\t\t\t"); if (!(count % 2)) printf(" "); - printf("%02x", (u_int8)(m->m_data[j])); + printf("%02x", (u_int8_t)(m->m_data[j])); } } } -#ifdef INET6 +#if 0 /*---------------------------------------------------------------------- * Dump an IPv6 header index table, which is terminated by an entry with * a NULL mbuf pointer. ----------------------------------------------------------------------*/ -void dump_ihitab DEFARGS((ihi), - struct in6_hdrindex *ihi) +void dump_ihitab(ihi) + struct in6_hdrindex *ihi; { int i=0; @@ -474,8 +479,8 @@ void dump_ihitab DEFARGS((ihi), /*---------------------------------------------------------------------- * Dump an interface address. ----------------------------------------------------------------------*/ -void dump_ifa DEFARGS((ifa), - struct ifaddr *ifa) +void dump_ifa(ifa) + struct ifaddr *ifa; { if (ifa == NULL) { @@ -492,8 +497,8 @@ void dump_ifa DEFARGS((ifa), /*---------------------------------------------------------------------- * Dump an interface structure. ----------------------------------------------------------------------*/ -void dump_ifp DEFARGS((ifp), - struct ifnet *ifp) +void dump_ifp(ifp) + struct ifnet *ifp; { if (!ifp) { printf("Dereference a NULL ifnet/ifp? I don't think so.\n"); @@ -508,8 +513,8 @@ void dump_ifp DEFARGS((ifp), /*---------------------------------------------------------------------- * Dump a route structure (sockaddr/rtentry pair). ----------------------------------------------------------------------*/ -void dump_route DEFARGS((ro), - struct route *ro) +void dump_route(ro) + struct route *ro; { if (!ro) { printf("Dereference a NULL route? I don't think so.\n"); @@ -523,8 +528,8 @@ void dump_route DEFARGS((ro), /*---------------------------------------------------------------------- * Dump a routing entry. ----------------------------------------------------------------------*/ -void dump_rtentry DEFARGS((rt), - struct rtentry *rt) +void dump_rtentry(rt) + struct rtentry *rt; { if (!rt) { printf("Dereference a NULL rtentry? I don't think so.\n"); @@ -546,36 +551,27 @@ void dump_rtentry DEFARGS((rt), } /*---------------------------------------------------------------------- - * Dump an Internet (v4/v6) protocol control block. + * Dump an Internet v4 protocol control block. ----------------------------------------------------------------------*/ -void dump_inpcb DEFARGS((inp), - struct inpcb *inp) +void dump_inpcb(inp) + struct inpcb *inp; { if (!inp) { printf("Dereference a NULL inpcb? I don't think so.\n"); return; } - printf("inp_next = 0x%x, inp_prev = 0x%x, inp_head = 0x%x.\n",inp->inp_next, - inp->inp_prev, inp->inp_head); +#if 0 + printf("inp_next = 0x%x, inp_prev = 0x%x, inp_head = 0x%x.\n", + inp->inp_next, inp->inp_prev, inp->inp_head); +#endif printf("inp_socket = 0x%x, inp_ppcb\n",inp->inp_socket,inp->inp_ppcb); -#ifdef INET6 - printf("faddr, faddr6:\n"); - dump_in_addr(&inp->inp_faddr); dump_in_addr6(&inp->inp_faddr6); - printf("laddr, laddr6:\n"); - dump_in_addr(&inp->inp_laddr); dump_in_addr6(&inp->inp_laddr6); -#else /* INET6 */ printf("faddr:\n"); dump_in_addr(&inp->inp_faddr); printf("laddr:\n"); dump_in_addr(&inp->inp_laddr); -#endif /* INET6 */ printf("inp_route: "); dump_route(&inp->inp_route); -#ifdef INET6 - printf("inp_ipv6:"); - dump_ipv6(&inp->inp_ipv6); -#endif /* INET6 */ printf("inp_ip:"); printf("<Coming soon.>\n"); printf("inp_options = 0x%x, inp_moptions{6,} = 0x%x,\n",inp->inp_options, @@ -586,10 +582,41 @@ void dump_inpcb DEFARGS((inp), #ifdef INET6 /*---------------------------------------------------------------------- + * Dump an Internet v6 protocol control block. + ----------------------------------------------------------------------*/ +void dump_in6pcb(in6p) + struct in6pcb *in6p; +{ + if (!in6p) { + printf("Dereference a NULL in6pcb? I don't think so.\n"); + return; + } + + printf("in6p_next = 0x%x, in6p_prev = 0x%x, in6p_head = 0x%x.\n", + in6p->in6p_next, in6p->in6p_prev, in6p->in6p_head); + printf("in6p_socket = 0x%x, in6p_ppcb\n", + in6p->in6p_socket, in6p->in6p_ppcb); + printf("faddr:\n"); + dump_in6_addr(&in6p->in6p_faddr); + printf("laddr:\n"); + dump_in6_addr(&in6p->in6p_laddr); + printf("in6p_route: "); + dump_route(&in6p->in6p_route); + printf("in6p_ip6:"); + dump_ipv6(&in6p->in6p_ip6); + printf("in6p_options = 0x%x, in6p_moptions{6,} = 0x%x,\n", + in6p->in6p_options, in6p->in6p_moptions); + printf("in6p_flags = 0x%x, in6p_fport = %d, in6p_lport = %d.\n", + (unsigned)in6p->in6p_flags, in6p->in6p_fport, in6p->in6p_lport); +} +#endif /*INET6*/ + +#if 0 +/*---------------------------------------------------------------------- * Dump an IPv6 discovery queue structure. ----------------------------------------------------------------------*/ -void dump_discq DEFARGS((dq), - struct discq *dq) +void dump_discq(dq) + struct discq *dq; { if (!dq) { printf("Dereference a NULL discq? I don't think so.\n"); @@ -607,15 +634,15 @@ void dump_discq DEFARGS((dq), /*---------------------------------------------------------------------- * Dump a data buffer ----------------------------------------------------------------------*/ -void dump_buf DEFARGS((buf, len), - char *buf AND - int len) +void dump_buf(buf, len) + char *buf; + int len; { int i; printf("buf=0x%x len=%d:\n", (unsigned int)buf, len); for (i = 0; i < len; i++) { - printf("0x%x ", (u_int8)*(buf+i)); + printf("0x%x ", (u_int8_t)*(buf+i)); } printf("\n"); } @@ -624,8 +651,8 @@ void dump_buf DEFARGS((buf, len), /*---------------------------------------------------------------------- * Dump a key_tblnode structrue ----------------------------------------------------------------------*/ -void dump_keytblnode DEFARGS((ktblnode), - struct key_tblnode *ktblnode) +void dump_keytblnode(ktblnode) + struct key_tblnode *ktblnode; { if (!ktblnode) { printf("NULL key table node pointer!\n"); @@ -639,10 +666,10 @@ void dump_keytblnode DEFARGS((ktblnode), /*---------------------------------------------------------------------- * Dump an ipsec_assoc structure ----------------------------------------------------------------------*/ -void dump_secassoc DEFARGS((seca), -struct key_secassoc *seca) +void dump_secassoc(seca) + struct key_secassoc *seca; { - u_int8 *p; + u_int8_t *p; int i; if (seca) { @@ -656,11 +683,11 @@ struct key_secassoc *seca) printf("secassoc_algorithm=%u ", seca->algorithm); printf("secassoc_lifetype=%u\n", seca->lifetype); printf("secassoc_iv=0x%x:\n", (unsigned int)seca->iv); - p = (u_int8 *)(seca->iv); + p = (u_int8_t *)(seca->iv); for (i = 0 ; i < seca->ivlen; i++) printf("0x%x ", *(p + i)); printf("secassoc_key=0x%x:\n", (unsigned int)seca->key); - p = (u_int8 *)(seca->key); + p = (u_int8_t *)(seca->key); for (i = 0 ; i < seca->keylen; i++) printf("0x%x ", *(p + i)); printf("secassoc_lifetime1=%u ", (unsigned int)seca->lifetime1); @@ -676,8 +703,8 @@ struct key_secassoc *seca) /*---------------------------------------------------------------------- * Dump a key_msghdr structure ----------------------------------------------------------------------*/ -void dump_keymsghdr DEFARGS((km), - struct key_msghdr *km) +void dump_keymsghdr(km) + struct key_msghdr *km; { if (km) { printf("key_msglen=%d\n", km->key_msglen); @@ -704,8 +731,8 @@ void dump_keymsghdr DEFARGS((km), /*---------------------------------------------------------------------- * Dump a key_msgdata structure ----------------------------------------------------------------------*/ -void dump_keymsginfo DEFARGS((kp), - struct key_msgdata *kp) +void dump_keymsginfo(kp) + struct key_msgdata *kp; { int i; @@ -728,3 +755,6 @@ void dump_keymsginfo DEFARGS((kp), } else printf("key_msgdata point is NULL!\n"); } + +#endif /*KEY_DEBUG*/ +#endif /*KEY*/ diff --git a/sys/netkey/key_debug.h b/sys/netkey/key_debug.h index 05f1bc8..6327dcc 100644 --- a/sys/netkey/key_debug.h +++ b/sys/netkey/key_debug.h @@ -1,4 +1,7 @@ /* + * modified by Jun-ichiro itojun Itoh <itojun@itojun.org>, 1997 + */ +/* * in6_debug.h -- Insipired by Craig Metz's Net/2 in6_debug.h, but * not quite as heavyweight (initially, anyway). * @@ -66,6 +69,8 @@ Research Laboratory (NRL). ----------------------------------------------------------------------*/ +#ifdef KERNEL + /* IDL_* is IPv6 Debug Level */ #define IDL_ALL 0xFFFFFFFE /* Report all messages. */ @@ -87,7 +92,7 @@ Research Laboratory (NRL). * cause a few compilers to complain. */ -#ifdef INET6_DEBUG +#ifdef KEY_DEBUG /* * DPRINTF() is a general printf statement. The "arg" is literally what @@ -127,25 +132,52 @@ Research Laboratory (NRL). */ #define DP(lev, var, fmt) DPRINTF(IDL_ ## lev, (#var " = %" #fmt "\n", var)) -#ifndef SOCKADDR -#define SOCKADDR struct sockaddr -#endif /* SOCKADDR */ +struct inpcb; -void dump_buf __P((char *, int)); -void dump_sockaddr __P((SOCKADDR *)); -void dump_smart_sockaddr __P((SOCKADDR *)); -void dump_keytblnode __P((struct key_tblnode *)); -void dump_secassoc __P((struct key_secassoc *)); -void dump_keymsghdr __P((struct key_msghdr *)); +extern void in6_debug_init __P((void)); +#ifdef INET6 +extern void dump_in6_addr __P((struct in6_addr *)); +#endif +extern void dump_in_addr __P((struct in_addr *)); +#ifdef INET6 +extern void dump_sockaddr_in6 __P((struct sockaddr_in6 *)); +#endif +extern void dump_sockaddr_in __P((struct sockaddr_in *)); +extern void dump_sockaddr __P((struct sockaddr *)); +extern void dump_sockaddr_dl __P((struct sockaddr_dl *)); +extern void dump_smart_sockaddr __P((struct sockaddr *)); +#ifdef INET6 +extern void dump_ipv6 __P((struct ip6 *)); +extern void dump_ipv6_icmp __P((struct icmp6 *)); +#endif /*INET6*/ +extern void dump_mbuf_hdr __P((struct mbuf *)); +extern void dump_mbuf __P((struct mbuf *)); +extern void dump_mchain __P((struct mbuf *)); +extern void dump_tcpdump __P((struct mbuf *)); +extern void dump_ifa __P((struct ifaddr *)); +extern void dump_ifp __P((struct ifnet *)); +extern void dump_route __P((struct route *)); +extern void dump_rtentry __P((struct rtentry *)); +extern void dump_inpcb __P((struct inpcb *)); +#ifdef INET6 +extern void dump_in6pcb __P((struct in6pcb *)); +#endif +extern void dump_buf __P((char *, int)); +extern void dump_keytblnode __P((struct key_tblnode *)); +extern void dump_secassoc __P((struct key_secassoc *)); +extern void dump_keymsghdr __P((struct key_msghdr *)); +extern void dump_keymsginfo __P((struct key_msgdata *)); -#else /* ! INET6_DEBUG */ +#else /* ! KEY_DEBUG */ #define DPRINTF(lev,arg) #define DDO(lev, stmt) #define DP(x, y, z) -#endif /* INET6_DEBUG */ +#endif /* KEY_DEBUG */ #ifndef INET6_DEBUG_C extern unsigned int in6_debug_level; #endif + +#endif /*KERNEL*/ |
