diff options
| author | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-11 16:54:15 -0500 |
|---|---|---|
| committer | Luiz Otavio O Souza <luiz@netgate.com> | 2016-05-11 17:02:18 -0500 |
| commit | a1d2523e7f503ed719420848cc61de12bdf8ab4f (patch) | |
| tree | 0a3031e69b710b8b9a4b5d45e6811777c4f45ee4 /sys/netipsec/key_debug.c | |
| parent | 7ff0706b79fc0d3f97d53c00e0cbd6e90a9c4204 (diff) | |
| download | FreeBSD-src-a1d2523e7f503ed719420848cc61de12bdf8ab4f.zip FreeBSD-src-a1d2523e7f503ed719420848cc61de12bdf8ab4f.tar.gz | |
MFC r298535, r298536 and r298549:
Handle non-compressed packets for IPComp in tunnel mode.
RFC3173 says that the IP datagram MUST be sent in the original
non-compressed form, when the total size of a compressed payload
and the IPComp header is not smaller than the size of the original
payload. In tunnel mode for small packets IPComp will send
encapsulated IP datagrams without IPComp header.
Add ip_encap handler for IPPROTO_IPV4 and IPPROTO_IPV6 to handle
these datagrams. The handler does lookup for SA related to IPComp
protocol and given from mbuf source and destination addresses as
tunnel endpoints. It decapsulates packets only when corresponding SA
is found.
Reported by: gnn
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D6062
r298536:
Use ipsec_address() function to print IP addresses.
r298549:
Fix build for NOINET and NOINET6 kernels.
Use own protosw structures for both address families.
Check proto in encapcheck function and use -1 as proto argument in
encap_attach_func(), both address families can have IPPROTO_IPV4
and IPPROTO_IPV6 protocols.
Reported by: bz
TAG: IPSEC-HEAD
Diffstat (limited to 'sys/netipsec/key_debug.c')
| -rw-r--r-- | sys/netipsec/key_debug.c | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/sys/netipsec/key_debug.c b/sys/netipsec/key_debug.c index ceb9453..03eeeb0 100644 --- a/sys/netipsec/key_debug.c +++ b/sys/netipsec/key_debug.c @@ -506,6 +506,8 @@ kdebug_secpolicy(struct secpolicy *sp) void kdebug_secpolicyindex(struct secpolicyindex *spidx) { + char buf[INET6_ADDRSTRLEN]; + /* sanity check */ if (spidx == NULL) panic("%s: NULL pointer was passed.\n", __func__); @@ -513,19 +515,15 @@ kdebug_secpolicyindex(struct secpolicyindex *spidx) printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n", spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto); - ipsec_hexdump((caddr_t)&spidx->src, - ((struct sockaddr *)&spidx->src)->sa_len); - printf("\n"); - ipsec_hexdump((caddr_t)&spidx->dst, - ((struct sockaddr *)&spidx->dst)->sa_len); - printf("}\n"); - - return; + printf("%s -> ", ipsec_address(&spidx->src, buf, sizeof(buf))); + printf("%s }\n", ipsec_address(&spidx->dst, buf, sizeof(buf))); } void kdebug_secasindex(struct secasindex *saidx) { + char buf[INET6_ADDRSTRLEN]; + /* sanity check */ if (saidx == NULL) panic("%s: NULL pointer was passed.\n", __func__); @@ -533,14 +531,8 @@ kdebug_secasindex(struct secasindex *saidx) printf("secasindex{ mode=%u proto=%u\n", saidx->mode, saidx->proto); - ipsec_hexdump((caddr_t)&saidx->src, - ((struct sockaddr *)&saidx->src)->sa_len); - printf("\n"); - ipsec_hexdump((caddr_t)&saidx->dst, - ((struct sockaddr *)&saidx->dst)->sa_len); - printf("\n"); - - return; + printf("%s -> ", ipsec_address(&saidx->src, buf, sizeof(buf))); + printf("%s }\n", ipsec_address(&saidx->dst, buf, sizeof(buf))); } static void |
