From 0a6c1d4242d4d23328bf77b152fe0864e2db7f35 Mon Sep 17 00:00:00 2001 From: sam Date: Mon, 29 Sep 2003 22:57:43 +0000 Subject: MFp4: portability work, general cleanup, locking fixes change 38496 o add ipsec_osdep.h that holds os-specific definitions for portability o s/KASSERT/IPSEC_ASSERT/ for portability o s/SPLASSERT/IPSEC_SPLASSERT/ for portability o remove function names from ASSERT strings since line#+file pinpints the location o use __func__ uniformly to reduce string storage o convert some random #ifdef DIAGNOSTIC code to assertions o remove some debuggging assertions no longer needed change 38498 o replace numerous bogus panic's with equally bogus assertions that at least go away on a production system change 38502 + 38530 o change explicit mtx operations to #defines to simplify future changes to a different lock type change 38531 o hookup ipv4 ctlinput paths to a noop routine; we should be handling path mtu changes at least o correct potential null pointer deref in ipsec4_common_input_cb chnage 38685 o fix locking for bundled SA's and for when key exchange is required change 38770 o eliminate recursion on the SAHTREE lock change 38804 o cleanup some types: long -> time_t o remove refrence to dead #define change 38805 o correct some types: long -> time_t o add scan generation # to secpolicy to deal with locking issues change 38806 o use LIST_FOREACH_SAFE instead of handrolled code o change key_flush_spd to drop the sptree lock before purging an entry to avoid lock recursion and to avoid holding the lock over a long-running operation o misc cleanups of tangled and twisty code There is still much to do here but for now things look to be working again. Supported by: FreeBSD Foundation --- sys/netipsec/ipsec.c | 234 ++++----- sys/netipsec/ipsec.h | 32 +- sys/netipsec/ipsec_input.c | 281 ++++++----- sys/netipsec/ipsec_mbuf.c | 30 +- sys/netipsec/ipsec_output.c | 90 ++-- sys/netipsec/key.c | 1136 ++++++++++++++++++++++--------------------- sys/netipsec/key_debug.c | 53 +- sys/netipsec/keydb.h | 13 +- sys/netipsec/keysock.c | 8 +- sys/netipsec/xform_ah.c | 152 +++--- sys/netipsec/xform_esp.c | 141 +++--- sys/netipsec/xform_ipcomp.c | 78 ++- sys/netipsec/xform_ipip.c | 37 +- 13 files changed, 1149 insertions(+), 1136 deletions(-) (limited to 'sys') diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 8bead8e..c250e60 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -92,8 +92,6 @@ #include -#include - #ifdef IPSEC_DEBUG int ipsec_debug = 1; #else @@ -249,14 +247,14 @@ ipsec_getpolicy(struct tdb_ident *tdbi, u_int dir) { struct secpolicy *sp; - KASSERT(tdbi != NULL, ("ipsec_getpolicy: null tdbi")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec_getpolicy: invalid direction %u", dir)); + IPSEC_ASSERT(tdbi != NULL, ("null tdbi")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); sp = KEY_ALLOCSP2(tdbi->spi, &tdbi->dst, tdbi->proto, dir); if (sp == NULL) /*XXX????*/ sp = KEY_ALLOCSP_DEFAULT(); - KASSERT(sp != NULL, ("ipsec_getpolicy: null SP")); + IPSEC_ASSERT(sp != NULL, ("null SP")); return sp; } @@ -283,11 +281,11 @@ ipsec_getpolicybysock(m, dir, inp, error) struct secpolicy *currsp = NULL; /* policy on socket */ struct secpolicy *sp; - KASSERT(m != NULL, ("ipsec_getpolicybysock: null mbuf")); - KASSERT(inp != NULL, ("ipsec_getpolicybysock: null inpcb")); - KASSERT(error != NULL, ("ipsec_getpolicybysock: null error")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec_getpolicybysock: invalid direction %u", dir)); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(inp != NULL, ("null inpcb")); + IPSEC_ASSERT(error != NULL, ("null error")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); /* set spidx in pcb */ if (inp->inp_vflag & INP_IPV6PROTO) { @@ -304,7 +302,7 @@ ipsec_getpolicybysock(m, dir, inp, error) if (*error) return NULL; - KASSERT(pcbsp != NULL, ("ipsec_getpolicybysock: null pcbsp")); + IPSEC_ASSERT(pcbsp != NULL, ("null pcbsp")); switch (dir) { case IPSEC_DIR_INBOUND: currsp = pcbsp->sp_in; @@ -313,7 +311,7 @@ ipsec_getpolicybysock(m, dir, inp, error) currsp = pcbsp->sp_out; break; } - KASSERT(currsp != NULL, ("ipsec_getpolicybysock: null currsp")); + IPSEC_ASSERT(currsp != NULL, ("null currsp")); if (pcbsp->priv) { /* when privilieged socket */ switch (currsp->policy) { @@ -331,8 +329,8 @@ ipsec_getpolicybysock(m, dir, inp, error) break; default: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Invalid policy for PCB %d\n", currsp->policy)); + ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n", + __func__, currsp->policy)); *error = EINVAL; return NULL; } @@ -341,9 +339,9 @@ ipsec_getpolicybysock(m, dir, inp, error) if (sp == NULL) { /* no SP found */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Illegal policy for non-priviliged defined %d\n", - currsp->policy)); + ipseclog((LOG_ERR, "%s: Illegal policy for " + "non-priviliged defined %d\n", + __func__, currsp->policy)); *error = EINVAL; return NULL; @@ -357,20 +355,18 @@ ipsec_getpolicybysock(m, dir, inp, error) break; default: - ipseclog((LOG_ERR, "ipsec_getpolicybysock: " - "Invalid policy for PCB %d\n", currsp->policy)); + ipseclog((LOG_ERR, "%s: Invalid policy for " + "PCB %d\n", __func__, currsp->policy)); *error = EINVAL; return NULL; } } } - KASSERT(sp != NULL, - ("ipsec_getpolicybysock: null SP (priv %u policy %u", - pcbsp->priv, currsp->policy)); + IPSEC_ASSERT(sp != NULL, + ("null SP (priv %u policy %u", pcbsp->priv, currsp->policy)); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP ipsec_getpolicybysock (priv %u policy %u) allocates " - "SP:%p (refcnt %u)\n", pcbsp->priv, currsp->policy, - sp, sp->refcnt)); + printf("DP %s (priv %u policy %u) allocate SP:%p (refcnt %u)\n", + __func__, pcbsp->priv, currsp->policy, sp, sp->refcnt)); return sp; } @@ -394,10 +390,10 @@ ipsec_getpolicybyaddr(m, dir, flag, error) struct secpolicyindex spidx; struct secpolicy *sp; - KASSERT(m != NULL, ("ipsec_getpolicybyaddr: null mbuf")); - KASSERT(error != NULL, ("ipsec_getpolicybyaddr: null error")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("ipsec4_getpolicybaddr: invalid direction %u", dir)); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(error != NULL, ("null error")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); sp = NULL; if (key_havesp(dir)) { @@ -405,8 +401,8 @@ ipsec_getpolicybyaddr(m, dir, flag, error) *error = ipsec_setspidx(m, &spidx, (flag & IP_FORWARDING) ? 0 : 1); if (*error != 0) { - DPRINTF(("ipsec_getpolicybyaddr: setpidx failed," - " dir %u flag %u\n", dir, flag)); + DPRINTF(("%s: setpidx failed, dir %u flag %u\n", + __func__, dir, flag)); bzero(&spidx, sizeof (spidx)); return NULL; } @@ -416,7 +412,7 @@ ipsec_getpolicybyaddr(m, dir, flag, error) } if (sp == NULL) /* no SP found, use system default */ sp = KEY_ALLOCSP_DEFAULT(); - KASSERT(sp != NULL, ("ipsec_getpolicybyaddr: null SP")); + IPSEC_ASSERT(sp != NULL, ("null SP")); return sp; } @@ -435,17 +431,15 @@ ipsec4_checkpolicy(m, dir, flag, error, inp) else sp = ipsec_getpolicybysock(m, dir, inp, error); if (sp == NULL) { - KASSERT(*error != 0, - ("ipsec4_checkpolicy: getpolicy failed w/o error")); + IPSEC_ASSERT(*error != 0, ("getpolicy failed w/o error")); newipsecstat.ips_out_inval++; return NULL; } - KASSERT(*error == 0, - ("ipsec4_checkpolicy: sp w/ error set to %u", *error)); + IPSEC_ASSERT(*error == 0, ("sp w/ error set to %u", *error)); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: - printf("ipsec4_checkpolicy: invalid policy %u\n", sp->policy); + printf("%s: invalid policy %u\n", __func__, sp->policy); /* fall thru... */ case IPSEC_POLICY_DISCARD: newipsecstat.ips_out_polvio++; @@ -475,10 +469,10 @@ ipsec4_setspidx_inpcb(m, pcb) { int error; - KASSERT(pcb != NULL, ("ipsec4_setspidx_inpcb: null pcb")); - KASSERT(pcb->inp_sp != NULL, ("ipsec4_setspidx_inpcb: null inp_sp")); - KASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL, - ("ipsec4_setspidx_inpcb: null sp_in || sp_out")); + IPSEC_ASSERT(pcb != NULL, ("null pcb")); + IPSEC_ASSERT(pcb->inp_sp != NULL, ("null inp_sp")); + IPSEC_ASSERT(pcb->inp_sp->sp_out != NULL && pcb->inp_sp->sp_in != NULL, + ("null sp_in || sp_out")); error = ipsec_setspidx(m, &pcb->inp_sp->sp_in->spidx, 1); if (error == 0) { @@ -503,10 +497,10 @@ ipsec6_setspidx_in6pcb(m, pcb) struct secpolicyindex *spidx; int error; - KASSERT(pcb != NULL, ("ipsec6_setspidx_in6pcb: null pcb")); - KASSERT(pcb->in6p_sp != NULL, ("ipsec6_setspidx_in6pcb: null inp_sp")); - KASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, - ("ipsec6_setspidx_in6pcb: null sp_in || sp_out")); + IPSEC_ASSERT(pcb != NULL, ("null pcb")); + IPSEC_ASSERT(pcb->in6p_sp != NULL, ("null inp_sp")); + IPSEC_ASSERT(pcb->in6p_sp->sp_out != NULL && pcb->in6p_sp->sp_in != NULL, + ("null sp_in || sp_out")); bzero(&pcb->in6p_sp->sp_in->spidx, sizeof(*spidx)); bzero(&pcb->in6p_sp->sp_out->spidx, sizeof(*spidx)); @@ -550,7 +544,7 @@ ipsec_setspidx(m, spidx, needport) int len; int error; - KASSERT(m != NULL, ("ipsec_setspidx: null mbuf")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); /* * validate m->m_pkthdr.len. we see incorrect length if we @@ -562,18 +556,15 @@ ipsec_setspidx(m, spidx, needport) len += n->m_len; if (m->m_pkthdr.len != len) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "total of m_len(%d) != pkthdr.len(%d), " - "ignored.\n", - len, m->m_pkthdr.len)); + printf("%s: pkthdr len(%d) mismatch (%d), ignored.\n", + __func__, len, m->m_pkthdr.len)); return EINVAL; } if (m->m_pkthdr.len < sizeof(struct ip)) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "pkthdr.len(%d) < sizeof(struct ip), ignored.\n", - m->m_pkthdr.len)); + printf("%s: pkthdr len(%d) too small (v4), ignored.\n", + __func__, m->m_pkthdr.len)); return EINVAL; } @@ -599,9 +590,8 @@ ipsec_setspidx(m, spidx, needport) case 6: if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "pkthdr.len(%d) < sizeof(struct ip6_hdr), " - "ignored.\n", m->m_pkthdr.len)); + printf("%s: pkthdr len(%d) too small (v6), " + "ignored\n", __func__, m->m_pkthdr.len)); return EINVAL; } error = ipsec6_setspidx_ipaddr(m, spidx); @@ -612,8 +602,8 @@ ipsec_setspidx(m, spidx, needport) #endif default: KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_setspidx: " - "unknown IP version %u, ignored.\n", v)); + printf("%s: " "unknown IP version %u, ignored.\n", + __func__, v)); return EINVAL; } } @@ -625,9 +615,8 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport) int off; /* sanity check */ - KASSERT(m != NULL, ("ipsec4_get_ulp: null mbuf")); - KASSERT(m->m_pkthdr.len >= sizeof(struct ip), - ("ipsec4_get_ulp: packet too short")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short")); /* NB: ip_input() flips it into host endian XXX need more checking */ if (m->m_len < sizeof (struct ip)) { @@ -747,10 +736,10 @@ ipsec6_get_ulp(m, spidx, needport) /* sanity check */ if (m == NULL) - panic("ipsec6_get_ulp: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec6_get_ulp:\n"); kdebug_mbuf(m)); + printf("%s:\n", __func__); kdebug_mbuf(m)); /* set default */ spidx->ul_proto = IPSEC_ULPROTO_ANY; @@ -851,19 +840,16 @@ ipsec_init_policy(so, pcb_sp) /* sanity check. */ if (so == NULL || pcb_sp == NULL) - panic("ipsec_init_policy: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); new = (struct inpcbpolicy *) malloc(sizeof(struct inpcbpolicy), M_IPSEC_INPCB, M_NOWAIT|M_ZERO); if (new == NULL) { - ipseclog((LOG_DEBUG, "ipsec_init_policy: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } - if (so->so_cred != 0 && so->so_cred->cr_uid == 0) - new->priv = 1; - else - new->priv = 0; + new->priv = IPSEC_IS_PRIVILEGED_SO(so); if ((new->sp_in = KEY_NEWSP()) == NULL) { ipsec_delpcbpolicy(new); @@ -918,14 +904,14 @@ ipsec_newisr(void) p = malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, M_NOWAIT|M_ZERO); if (p != NULL) - mtx_init(&p->lock, "ipsec request", NULL, MTX_DEF); + IPSECREQUEST_LOCK_INIT(p); return p; } void ipsec_delisr(struct ipsecrequest *p) { - mtx_destroy(&p->lock); + IPSECREQUEST_LOCK_DESTROY(p); free(p, M_IPSEC_SR); } @@ -1005,7 +991,7 @@ ipsec_set_policy(pcb_sp, optname, request, len, priv) xpl = (struct sadb_x_policy *)request; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_set_policy: passed policy\n"); + printf("%s: passed policy\n", __func__); kdebug_sadb_x_policy((struct sadb_ext *)xpl)); /* check policy type */ @@ -1028,7 +1014,7 @@ ipsec_set_policy(pcb_sp, optname, request, len, priv) KEY_FREESP(pcb_sp); *pcb_sp = newsp; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_set_policy: new policy\n"); + printf("%s: new policy\n", __func__); kdebug_secpolicy(newsp)); return 0; @@ -1046,14 +1032,13 @@ ipsec_get_policy(pcb_sp, mp) *mp = key_sp2msg(pcb_sp); if (!*mp) { - ipseclog((LOG_DEBUG, "ipsec_get_policy: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } (*mp)->m_type = MT_DATA; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_get_policy:\n"); - kdebug_mbuf(*mp)); + printf("%s:\n", __func__); kdebug_mbuf(*mp)); return 0; } @@ -1085,7 +1070,7 @@ ipsec4_set_policy(inp, optname, request, len, priv) pcb_sp = &inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1106,7 +1091,7 @@ ipsec4_get_policy(inp, request, len, mp) /* sanity check. */ if (inp == NULL || request == NULL || mp == NULL) return EINVAL; - KASSERT(inp->inp_sp != NULL, ("ipsec4_get_policy: null inp_sp")); + IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp")); if (len < sizeof(*xpl)) return EINVAL; xpl = (struct sadb_x_policy *)request; @@ -1120,7 +1105,7 @@ ipsec4_get_policy(inp, request, len, mp) pcb_sp = inp->inp_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec4_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1133,7 +1118,7 @@ int ipsec4_delete_pcbpolicy(inp) struct inpcb *inp; { - KASSERT(inp != NULL, ("ipsec4_delete_pcbpolicy: null inp")); + IPSEC_ASSERT(inp != NULL, ("null inp")); if (inp->inp_sp == NULL) return 0; @@ -1178,7 +1163,7 @@ ipsec6_set_policy(in6p, optname, request, len, priv) pcb_sp = &in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1199,7 +1184,7 @@ ipsec6_get_policy(in6p, request, len, mp) /* sanity check. */ if (in6p == NULL || request == NULL || mp == NULL) return EINVAL; - KASSERT(in6p->in6p_sp != NULL, ("ipsec6_get_policy: null in6p_sp")); + IPSEC_ASSERT(in6p->in6p_sp != NULL, ("null in6p_sp")); if (len < sizeof(*xpl)) return EINVAL; xpl = (struct sadb_x_policy *)request; @@ -1213,7 +1198,7 @@ ipsec6_get_policy(in6p, request, len, mp) pcb_sp = in6p->in6p_sp->sp_out; break; default: - ipseclog((LOG_ERR, "ipsec6_set_policy: invalid direction=%u\n", + ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); return EINVAL; } @@ -1225,7 +1210,7 @@ int ipsec6_delete_pcbpolicy(in6p) struct in6pcb *in6p; { - KASSERT(in6p != NULL, ("ipsec6_delete_pcbpolicy: null in6p")); + IPSEC_ASSERT(in6p != NULL, ("null in6p")); if (in6p->in6p_sp == NULL) return 0; @@ -1255,10 +1240,9 @@ ipsec_get_reqlevel(isr) u_int esp_trans_deflev, esp_net_deflev; u_int ah_trans_deflev, ah_net_deflev; - KASSERT(isr != NULL && isr->sp != NULL, - ("ipsec_get_reqlevel: null argument")); - KASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family, - ("ipsec_get_reqlevel: af family mismatch, src %u, dst %u", + IPSEC_ASSERT(isr != NULL && isr->sp != NULL, ("null argument")); + IPSEC_ASSERT(isr->sp->spidx.src.sa.sa_family == isr->sp->spidx.dst.sa.sa_family, + ("af family mismatch, src %u, dst %u", isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family)); @@ -1293,8 +1277,8 @@ ipsec_get_reqlevel(isr) break; #endif /* INET6 */ default: - panic("key_get_reqlevel: unknown af %u", - isr->sp->spidx.src.sa.sa_family); + panic("%s: unknown af %u", + __func__, isr->sp->spidx.src.sa.sa_family); } #undef IPSEC_CHECK_DEFAULT @@ -1322,8 +1306,7 @@ ipsec_get_reqlevel(isr) level = IPSEC_LEVEL_USE; break; default: - panic("ipsec_get_reqlevel: " - "Illegal protocol defined %u\n", + panic("%s: Illegal protocol defined %u\n", __func__, isr->saidx.proto); } break; @@ -1337,8 +1320,7 @@ ipsec_get_reqlevel(isr) break; default: - panic("ipsec_get_reqlevel: Illegal IPsec level %u\n", - isr->level); + panic("%s: Illegal IPsec level %u\n", __func__, isr->level); } return level; @@ -1361,8 +1343,7 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) int need_auth; KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec_in_reject: using SP\n"); - kdebug_secpolicy(sp)); + printf("%s: using SP\n", __func__); kdebug_secpolicy(sp)); /* check policy */ switch (sp->policy) { @@ -1373,8 +1354,8 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) return 0; } - KASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("ipsec_in_reject: invalid policy %u", sp->policy)); + IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, + ("invalid policy %u", sp->policy)); /* XXX should compare policy against ipsec header history */ @@ -1386,7 +1367,7 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) case IPPROTO_ESP: if ((m->m_flags & M_DECRYPTED) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: ESP m_flags:%x\n", + printf("%s: ESP m_flags:%x\n", __func__, m->m_flags)); return 1; } @@ -1396,7 +1377,7 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) isr->sav->tdb_authalgxform != NULL && (m->m_flags & M_AUTHIPDGM) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: ESP/AH m_flags:%x\n", + printf("%s: ESP/AH m_flags:%x\n", __func__, m->m_flags)); return 1; } @@ -1405,7 +1386,7 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m) need_auth = 1; if ((m->m_flags & M_AUTHIPHDR) == 0) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, - printf("ipsec_in_reject: AH m_flags:%x\n", + printf("%s: AH m_flags:%x\n", __func__, m->m_flags)); return 1; } @@ -1437,7 +1418,7 @@ ipsec4_in_reject(m, inp) int error; int result; - KASSERT(m != NULL, ("ipsec4_in_reject_so: null mbuf")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -1512,8 +1493,7 @@ ipsec_hdrsiz(struct secpolicy *sp) size_t siz; KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec_hdrsiz: using SP\n"); - kdebug_secpolicy(sp)); + printf("%s: using SP\n", __func__); kdebug_secpolicy(sp)); switch (sp->policy) { case IPSEC_POLICY_DISCARD: @@ -1522,8 +1502,8 @@ ipsec_hdrsiz(struct secpolicy *sp) return 0; } - KASSERT(sp->policy == IPSEC_POLICY_IPSEC, - ("ipsec_hdrsiz: invalid policy %u", sp->policy)); + IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, + ("invalid policy %u", sp->policy)); siz = 0; for (isr = sp->req; isr != NULL; isr = isr->next) { @@ -1552,8 +1532,8 @@ ipsec_hdrsiz(struct secpolicy *sp) break; #endif default: - ipseclog((LOG_ERR, "ipsec_hdrsiz: " - "unknown AF %d in IPsec tunnel SA\n", + ipseclog((LOG_ERR, "%s: unknown AF %d in " + "IPsec tunnel SA\n", __func__, ((struct sockaddr *)&isr->saidx.dst)->sa_family)); break; } @@ -1575,7 +1555,7 @@ ipsec4_hdrsiz(m, dir, inp) int error; size_t size; - KASSERT(m != NULL, ("ipsec4_hdrsiz: null mbuf")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); /* get SP for this packet. * When we are called from ip_forward(), we call @@ -1589,7 +1569,7 @@ ipsec4_hdrsiz(m, dir, inp) if (sp != NULL) { size = ipsec_hdrsiz(sp); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec4_hdrsiz: size:%lu.\n", + printf("%s: size:%lu.\n", __func__, (unsigned long)size)); KEY_FREESP(&sp); @@ -1613,9 +1593,9 @@ ipsec6_hdrsiz(m, dir, in6p) int error; size_t size; - KASSERT(m != NULL, ("ipsec6_hdrsiz: null mbuf")); - KASSERT(in6p == NULL || in6p->in6p_socket != NULL, - ("ipsec6_hdrsize: socket w/o inpcb")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(in6p == NULL || in6p->in6p_socket != NULL, + ("socket w/o inpcb")); /* get SP for this packet */ /* XXX Is it right to call with IP_FORWARDING. */ @@ -1628,7 +1608,7 @@ ipsec6_hdrsiz(m, dir, in6p) return 0; size = ipsec_hdrsiz(sp); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec6_hdrsiz: size:%lu.\n", (unsigned long)size)); + printf("%s: size:%lu.\n", __func__, (unsigned long)size)); KEY_FREESP(&sp); return size; @@ -1656,12 +1636,10 @@ ipsec_chkreplay(seq, sav) u_int32_t wsizeb; /* constant: bits of window size */ int frlast; /* constant: last frame */ -#if 0 - SPLASSERT(net, "ipsec_chkreplay"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(sav != NULL, ("ipsec_chkreplay: Null SA")); - KASSERT(sav->replay != NULL, ("ipsec_chkreplay: Null replay state")); + IPSEC_ASSERT(sav != NULL, ("Null SA")); + IPSEC_ASSERT(sav->replay != NULL, ("Null replay state")); replay = sav->replay; @@ -1718,12 +1696,10 @@ ipsec_updatereplay(seq, sav) u_int32_t wsizeb; /* constant: bits of window size */ int frlast; /* constant: last frame */ -#if 0 - SPLASSERT(net, "ipsec_updatereplay"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(sav != NULL, ("ipsec_updatereplay: Null SA")); - KASSERT(sav->replay != NULL, ("ipsec_updatereplay: Null replay state")); + IPSEC_ASSERT(sav != NULL, ("Null SA")); + IPSEC_ASSERT(sav->replay != NULL, ("Null replay state")); replay = sav->replay; @@ -1794,8 +1770,8 @@ ok: if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) return 1; - ipseclog((LOG_WARNING, "replay counter made %d cycle. %s\n", - replay->overflow, ipsec_logsastr(sav))); + ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n", + __func__, replay->overflow, ipsec_logsastr(sav))); } replay->count++; @@ -1872,8 +1848,8 @@ ipsec_logsastr(sav) char *p; struct secasindex *saidx = &sav->sah->saidx; - KASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, - ("ipsec_logsastr: address family mismatch")); + IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family, + ("address family mismatch")); p = buf; snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi)); diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 0c518ff..a5d8c25 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -44,6 +44,7 @@ #include #include +#include #ifdef _KERNEL @@ -79,8 +80,8 @@ struct secpolicy { u_int state; /* 0: dead, others: alive */ #define IPSEC_SPSTATE_DEAD 0 #define IPSEC_SPSTATE_ALIVE 1 - - u_int policy; /* DISCARD, NONE or IPSEC, see keyv2.h */ + u_int16_t policy; /* policy_type per pfkeyv2.h */ + u_int16_t scangen; /* scan generation # */ struct ipsecrequest *req; /* pointer to the ipsec request tree, */ /* if policy == IPSEC else this value == NULL.*/ @@ -92,12 +93,19 @@ struct secpolicy { * "lifetime" is passed by sadb_lifetime.sadb_lifetime_addtime. * "validtime" is passed by sadb_lifetime.sadb_lifetime_usetime. */ - long created; /* time created the policy */ - long lastused; /* updated every when kernel sends a packet */ + time_t created; /* time created the policy */ + time_t lastused; /* updated every when kernel sends a packet */ long lifetime; /* duration of the lifetime of this policy */ long validtime; /* duration this policy is valid without use */ }; +#define SECPOLICY_LOCK_INIT(_sp) \ + mtx_init(&(_sp)->lock, "ipsec policy", NULL, MTX_DEF) +#define SECPOLICY_LOCK(_sp) mtx_lock(&(_sp)->lock) +#define SECPOLICY_UNLOCK(_sp) mtx_unlock(&(_sp)->lock) +#define SECPOLICY_LOCK_DESTROY(_sp) mtx_destroy(&(_sp)->lock) +#define SECPOLICY_LOCK_ASSERT(_sp) mtx_assert(&(_sp)->lock, MA_OWNED) + /* Request for IPsec */ struct ipsecrequest { struct ipsecrequest *next; @@ -112,6 +120,18 @@ struct ipsecrequest { struct mtx lock; /* to interlock updates */ }; +/* + * Need recursion for when crypto callbacks happen directly, + * as in the case of software crypto. Need to look at how + * hard it is to remove this... + */ +#define IPSECREQUEST_LOCK_INIT(_isr) \ + mtx_init(&(_isr)->lock, "ipsec request", NULL, MTX_DEF | MTX_RECURSE) +#define IPSECREQUEST_LOCK(_isr) mtx_lock(&(_isr)->lock) +#define IPSECREQUEST_UNLOCK(_isr) mtx_unlock(&(_isr)->lock) +#define IPSECREQUEST_LOCK_DESTROY(_isr) mtx_destroy(&(_isr)->lock) +#define IPSECREQUEST_LOCK_ASSERT(_isr) mtx_assert(&(_isr)->lock, MA_OWNED) + /* security policy in PCB */ struct inpcbpolicy { struct secpolicy *sp_in; @@ -125,7 +145,7 @@ struct secspacq { struct secpolicyindex spidx; - long created; /* for lifetime */ + time_t created; /* for lifetime */ int count; /* for lifetime */ /* XXX: here is mbuf place holder to be sent ? */ }; @@ -367,7 +387,9 @@ extern void ipsec_dumpmbuf __P((struct mbuf *)); struct m_tag; extern void ah4_input(struct mbuf *m, int off); +extern void ah4_ctlinput(int cmd, struct sockaddr *sa, void *); extern void esp4_input(struct mbuf *m, int off); +extern void esp4_ctlinput(int cmd, struct sockaddr *sa, void *); extern void ipcomp4_input(struct mbuf *m, int off); extern int ipsec4_common_input(struct mbuf *m, ...); extern int ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index 0512b66..9eefa4d 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -91,11 +91,11 @@ #include #include -#include - #define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \ (p) == IPPROTO_AH ? (y)++ : (z)++) +static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int); + /* * ipsec_common_input gets called when an IPsec-protected packet * is received by IPv4 or IPv6. It's job is to find the right SA @@ -113,7 +113,7 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) IPSEC_ISTAT(sproto, espstat.esps_input, ahstat.ahs_input, ipcompstat.ipcomps_input); - KASSERT(m != NULL, ("ipsec_common_input: null packet")); + IPSEC_ASSERT(m != NULL, ("null packet")); if ((sproto == IPPROTO_ESP && !esp_enable) || (sproto == IPPROTO_AH && !ah_enable) || @@ -128,7 +128,7 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) m_freem(m); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); - DPRINTF(("ipsec_common_input: packet too small\n")); + DPRINTF(("%s: packet too small\n", __func__)); return EINVAL; } @@ -170,8 +170,7 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) break; #endif /* INET6 */ default: - DPRINTF(("ipsec_common_input: unsupported protocol " - "family %u\n", af)); + DPRINTF(("%s: unsupported protocol family %u\n", __func__, af)); m_freem(m); IPSEC_ISTAT(sproto, espstat.esps_nopf, ahstat.ahs_nopf, ipcompstat.ipcomps_nopf); @@ -181,9 +180,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) /* NB: only pass dst since key_allocsa follows RFC2401 */ sav = KEY_ALLOCSA(&dst_address, sproto, spi); if (sav == NULL) { - DPRINTF(("ipsec_common_input: no key association found for" - " SA %s/%08lx/%u\n", - ipsec_address(&dst_address), + DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n", + __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); IPSEC_ISTAT(sproto, espstat.esps_notdb, ahstat.ahs_notdb, ipcompstat.ipcomps_notdb); @@ -192,9 +190,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto) } if (sav->tdb_xform == NULL) { - DPRINTF(("ipsec_common_input: attempted to use uninitialized" - " SA %s/%08lx/%u\n", - ipsec_address(&dst_address), + DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n", + __func__, ipsec_address(&dst_address), (u_long) ntohl(spi), sproto)); IPSEC_ISTAT(sproto, espstat.esps_noxform, ahstat.ahs_noxform, ipcompstat.ipcomps_noxform); @@ -236,12 +233,26 @@ ah4_input(struct mbuf *m, int off) { ipsec4_common_input(m, off, IPPROTO_AH); } +void +ah4_ctlinput(int cmd, struct sockaddr *sa, void *v) +{ + if (sa->sa_family == AF_INET && + sa->sa_len == sizeof(struct sockaddr_in)) + ipsec4_common_ctlinput(cmd, sa, v, IPPROTO_AH); +} void esp4_input(struct mbuf *m, int off) { ipsec4_common_input(m, off, IPPROTO_ESP); } +void +esp4_ctlinput(int cmd, struct sockaddr *sa, void *v) +{ + if (sa->sa_family == AF_INET && + sa->sa_len == sizeof(struct sockaddr_in)) + ipsec4_common_ctlinput(cmd, sa, v, IPPROTO_ESP); +} void ipcomp4_input(struct mbuf *m, int off) @@ -266,25 +277,22 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, struct secasindex *saidx; int error; -#if 0 - SPLASSERT(net, "ipsec4_common_input_cb"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(m != NULL, ("ipsec4_common_input_cb: null mbuf")); - KASSERT(sav != NULL, ("ipsec4_common_input_cb: null SA")); - KASSERT(sav->sah != NULL, ("ipsec4_common_input_cb: null SAH")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; - KASSERT(af == AF_INET, ("ipsec4_common_input_cb: unexpected af %u",af)); + IPSEC_ASSERT(af == AF_INET, ("unexpected af %u", af)); sproto = saidx->proto; - KASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || sproto == IPPROTO_IPCOMP, - ("ipsec4_common_input_cb: unexpected security protocol %u", - sproto)); + ("unexpected security protocol %u", sproto)); /* Sanity check */ if (m == NULL) { - DPRINTF(("ipsec4_common_input_cb: null mbuf")); + DPRINTF(("%s: null mbuf", __func__)); IPSEC_ISTAT(sproto, espstat.esps_badkcr, ahstat.ahs_badkcr, ipcompstat.ipcomps_badkcr); KEY_FREESAV(&sav); @@ -294,9 +302,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, if (skip != 0) { /* Fix IPv4 header */ if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) { - DPRINTF(("ipsec4_common_input_cb: processing failed " - "for SA %s/%08lx\n", - ipsec_address(&sav->sah->saidx.dst), + DPRINTF(("%s: processing failed for SA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); @@ -343,9 +350,9 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, (saidx->proxy.sa.sa_family != AF_INET && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec4_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, inet_ntoa4(ipn.ip_src), ipsp_address(saidx->proxy), ipsp_address(saidx->dst), @@ -387,9 +394,9 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, (saidx->proxy.sa.sa_family != AF_INET6 && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec4_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, ip6_sprintf(&ip6n.ip6_src), ipsec_address(&saidx->proxy), ipsec_address(&saidx->dst), @@ -417,7 +424,7 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsec4_common_input_cb: failed to get tag\n")); + DPRINTF(("%s: failed to get tag\n", __func__)); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); error = ENOMEM; @@ -444,8 +451,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, IPSEC_ISTAT(sproto, espstat.esps_qfull, ahstat.ahs_qfull, ipcompstat.ipcomps_qfull); - DPRINTF(("ipsec4_common_input_cb: queue full; " - "proto %u packet dropped\n", sproto)); + DPRINTF(("%s: queue full; proto %u packet dropped\n", + __func__, sproto)); return ENOBUFS; } return 0; @@ -453,6 +460,12 @@ bad: m_freem(m); return error; } + +void +ipsec4_common_ctlinput(int cmd, struct sockaddr *sa, void *v, int proto) +{ + /* XXX nothing just yet */ +} #endif /* INET */ #ifdef INET6 @@ -465,7 +478,7 @@ ipsec6_common_input(struct mbuf **mp, int *offp, int proto) struct ip6_ext ip6e; if (*offp < sizeof(struct ip6_hdr)) { - DPRINTF(("ipsec6_common_input: bad offset %u\n", *offp)); + DPRINTF(("%s: bad offset %u\n", __func__, *offp)); return IPPROTO_DONE; } else if (*offp == sizeof(struct ip6_hdr)) { protoff = offsetof(struct ip6_hdr, ip6_nxt); @@ -482,13 +495,13 @@ ipsec6_common_input(struct mbuf **mp, int *offp, int proto) l = (ip6e.ip6e_len + 2) << 2; else l = (ip6e.ip6e_len + 1) << 3; - KASSERT(l > 0, ("ah6_input: l went zero or negative")); + IPSEC_ASSERT(l > 0, ("l went zero or negative")); } while (protoff + l < *offp); /* Malformed packet check */ if (protoff + l != *offp) { - DPRINTF(("ipsec6_common_input: bad packet header chain, " - "protoff %u, l %u, off %u\n", protoff, l, *offp)); + DPRINTF(("%s: bad packet header chain, protoff %u, " + "l %u, off %u\n", __func__, protoff, l, *offp)); IPSEC_ISTAT(proto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); @@ -502,82 +515,6 @@ ipsec6_common_input(struct mbuf **mp, int *offp, int proto) return IPPROTO_DONE; } -void -esp6_ctlinput(int cmd, struct sockaddr *sa, void *d) -{ - if (sa->sa_family != AF_INET6 || - sa->sa_len != sizeof(struct sockaddr_in6)) - return; - if ((unsigned)cmd >= PRC_NCMDS) - return; - - /* if the parameter is from icmp6, decode it. */ - if (d != NULL) { - struct ip6ctlparam *ip6cp = (struct ip6ctlparam *)d; - struct mbuf *m = ip6cp->ip6c_m; - int off = ip6cp->ip6c_off; - - struct ip6ctlparam ip6cp1; - - /* - * Notify the error to all possible sockets via pfctlinput2. - * Since the upper layer information (such as protocol type, - * source and destination ports) is embedded in the encrypted - * data and might have been cut, we can't directly call - * an upper layer ctlinput function. However, the pcbnotify - * function will consider source and destination addresses - * as well as the flow info value, and may be able to find - * some PCB that should be notified. - * Although pfctlinput2 will call esp6_ctlinput(), there is - * no possibility of an infinite loop of function calls, - * because we don't pass the inner IPv6 header. - */ - bzero(&ip6cp1, sizeof(ip6cp1)); - ip6cp1.ip6c_src = ip6cp->ip6c_src; - pfctlinput2(cmd, sa, (void *)&ip6cp1); - - /* - * Then go to special cases that need ESP header information. - * XXX: We assume that when ip6 is non NULL, - * M and OFF are valid. - */ - - if (cmd == PRC_MSGSIZE) { - struct secasvar *sav; - u_int32_t spi; - int valid; - - /* check header length before using m_copydata */ - if (m->m_pkthdr.len < off + sizeof (struct esp)) - return; - m_copydata(m, off + offsetof(struct esp, esp_spi), - sizeof(u_int32_t), (caddr_t) &spi); - /* - * Check to see if we have a valid SA corresponding to - * the address in the ICMP message payload. - */ - sav = KEY_ALLOCSA((union sockaddr_union *)sa, - IPPROTO_ESP, spi); - valid = (sav != NULL); - if (sav) - KEY_FREESAV(&sav); - - /* XXX Further validation? */ - - /* - * Depending on whether the SA is "valid" and - * routing table size (mtudisc_{hi,lo}wat), we will: - * - recalcurate the new MTU and create the - * corresponding routing entry, or - * - ignore the MTU change notification. - */ - icmp6_mtudisc_update(ip6cp, valid); - } - } else { - /* we normally notify any pcb here */ - } -} - /* * IPsec input callback, called by the transform callback. Takes care of * filtering and other sanity checks on the processed packet. @@ -595,22 +532,20 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto u_int8_t nxt8; int error, nest; - KASSERT(m != NULL, ("ipsec6_common_input_cb: null mbuf")); - KASSERT(sav != NULL, ("ipsec6_common_input_cb: null SA")); - KASSERT(sav->sah != NULL, ("ipsec6_common_input_cb: null SAH")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; - KASSERT(af == AF_INET6, - ("ipsec6_common_input_cb: unexpected af %u", af)); + IPSEC_ASSERT(af == AF_INET6, ("unexpected af %u", af)); sproto = saidx->proto; - KASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || + IPSEC_ASSERT(sproto == IPPROTO_ESP || sproto == IPPROTO_AH || sproto == IPPROTO_IPCOMP, - ("ipsec6_common_input_cb: unexpected security protocol %u", - sproto)); + ("unexpected security protocol %u", sproto)); /* Sanity check */ if (m == NULL) { - DPRINTF(("ipsec4_common_input_cb: null mbuf")); + DPRINTF(("%s: null mbuf", __func__)); IPSEC_ISTAT(sproto, espstat.esps_badkcr, ahstat.ahs_badkcr, ipcompstat.ipcomps_badkcr); error = EINVAL; @@ -621,8 +556,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto if (m->m_len < sizeof(struct ip6_hdr) && (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { - DPRINTF(("ipsec_common_input_cb: processing failed " - "for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst), + DPRINTF(("%s: processing failed for SA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, @@ -663,9 +598,9 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto (saidx->proxy.sa.sa_family != AF_INET && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, inet_ntoa4(ipn.ip_src), ipsec_address(&saidx->proxy), ipsec_address(&saidx->dst), @@ -707,9 +642,9 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto (saidx->proxy.sa.sa_family != AF_INET6 && saidx->proxy.sa.sa_family != 0)) { - DPRINTF(("ipsec_common_input_cb: inner " - "source address %s doesn't correspond to " - "expected proxy source %s, SA %s/%08lx\n", + DPRINTF(("%s: inner source address %s doesn't " + "correspond to expected proxy source %s, " + "SA %s/%08lx\n", __func__, ip6_sprintf(&ip6n.ip6_src), ipsec_address(&saidx->proxy), ipsec_address(&saidx->dst), @@ -735,8 +670,7 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto mtag = m_tag_get(PACKET_TAG_IPSEC_IN_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsec_common_input_cb: failed to " - "get tag\n")); + DPRINTF(("%s: failed to get tag\n", __func__)); IPSEC_ISTAT(sproto, espstat.esps_hdrops, ahstat.ahs_hdrops, ipcompstat.ipcomps_hdrops); error = ENOMEM; @@ -750,7 +684,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto m_tag_prepend(m, mtag); } else { - mt->m_tag_id = PACKET_TAG_IPSEC_IN_DONE; + if (mt != NULL) + mt->m_tag_id = PACKET_TAG_IPSEC_IN_DONE; /* XXX do we need to mark m_flags??? */ } @@ -800,4 +735,80 @@ bad: m_freem(m); return error; } + +void +esp6_ctlinput(int cmd, struct sockaddr *sa, void *d) +{ + if (sa->sa_family != AF_INET6 || + sa->sa_len != sizeof(struct sockaddr_in6)) + return; + if ((unsigned)cmd >= PRC_NCMDS) + return; + + /* if the parameter is from icmp6, decode it. */ + if (d != NULL) { + struct ip6ctlparam *ip6cp = (struct ip6ctlparam *)d; + struct mbuf *m = ip6cp->ip6c_m; + int off = ip6cp->ip6c_off; + + struct ip6ctlparam ip6cp1; + + /* + * Notify the error to all possible sockets via pfctlinput2. + * Since the upper layer information (such as protocol type, + * source and destination ports) is embedded in the encrypted + * data and might have been cut, we can't directly call + * an upper layer ctlinput function. However, the pcbnotify + * function will consider source and destination addresses + * as well as the flow info value, and may be able to find + * some PCB that should be notified. + * Although pfctlinput2 will call esp6_ctlinput(), there is + * no possibility of an infinite loop of function calls, + * because we don't pass the inner IPv6 header. + */ + bzero(&ip6cp1, sizeof(ip6cp1)); + ip6cp1.ip6c_src = ip6cp->ip6c_src; + pfctlinput2(cmd, sa, (void *)&ip6cp1); + + /* + * Then go to special cases that need ESP header information. + * XXX: We assume that when ip6 is non NULL, + * M and OFF are valid. + */ + + if (cmd == PRC_MSGSIZE) { + struct secasvar *sav; + u_int32_t spi; + int valid; + + /* check header length before using m_copydata */ + if (m->m_pkthdr.len < off + sizeof (struct esp)) + return; + m_copydata(m, off + offsetof(struct esp, esp_spi), + sizeof(u_int32_t), (caddr_t) &spi); + /* + * Check to see if we have a valid SA corresponding to + * the address in the ICMP message payload. + */ + sav = KEY_ALLOCSA((union sockaddr_union *)sa, + IPPROTO_ESP, spi); + valid = (sav != NULL); + if (sav) + KEY_FREESAV(&sav); + + /* XXX Further validation? */ + + /* + * Depending on whether the SA is "valid" and + * routing table size (mtudisc_{hi,lo}wat), we will: + * - recalcurate the new MTU and create the + * corresponding routing entry, or + * - ignore the MTU change notification. + */ + icmp6_mtudisc_update(ip6cp, valid); + } + } else { + /* we normally notify any pcb here */ + } +} #endif /* INET6 */ diff --git a/sys/netipsec/ipsec_mbuf.c b/sys/netipsec/ipsec_mbuf.c index a3a3b3f..7d7496d 100644 --- a/sys/netipsec/ipsec_mbuf.c +++ b/sys/netipsec/ipsec_mbuf.c @@ -60,7 +60,7 @@ m_clone(struct mbuf *m0) struct mbuf *n, *mfirst, *mlast; int len, off; - KASSERT(m0 != NULL, ("m_clone: null mbuf")); + IPSEC_ASSERT(m0 != NULL, ("null mbuf")); mprev = NULL; for (m = m0; m != NULL; m = mprev->m_next) { @@ -105,8 +105,7 @@ m_clone(struct mbuf *m0) * it anyway, we try to reduce the number of mbufs and * clusters so that future work is easier). */ - KASSERT(m->m_flags & M_EXT, - ("m_clone: m_flags 0x%x", m->m_flags)); + IPSEC_ASSERT(m->m_flags & M_EXT, ("m_flags 0x%x", m->m_flags)); /* NB: we only coalesce into a cluster or larger */ if (mprev != NULL && (mprev->m_flags & M_EXT) && m->m_len <= M_TRAILINGSPACE(mprev)) { @@ -208,8 +207,8 @@ m_makespace(struct mbuf *m0, int skip, int hlen, int *off) struct mbuf *m; unsigned remain; - KASSERT(m0 != NULL, ("m_dmakespace: null mbuf")); - KASSERT(hlen < MHLEN, ("m_makespace: hlen too big: %u", hlen)); + IPSEC_ASSERT(m0 != NULL, ("null mbuf")); + IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen)); for (m = m0; m && skip > m->m_len; m = m->m_next) skip -= m->m_len; @@ -228,8 +227,7 @@ m_makespace(struct mbuf *m0, int skip, int hlen, int *off) struct mbuf *n; /* XXX code doesn't handle clusters XXX */ - KASSERT(remain < MLEN, - ("m_makespace: remainder too big: %u", remain)); + IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain)); /* * Not enough space in m, split the contents * of m, inserting new mbufs as required. @@ -313,7 +311,7 @@ m_pad(struct mbuf *m, int n) caddr_t retval; if (n <= 0) { /* No stupid arguments. */ - DPRINTF(("m_pad: pad length invalid (%d)\n", n)); + DPRINTF(("%s: pad length invalid (%d)\n", __func__, n)); m_freem(m); return NULL; } @@ -323,14 +321,14 @@ m_pad(struct mbuf *m, int n) m0 = m; while (m0->m_len < len) { -KASSERT(m0->m_next != NULL, ("m_pad: m0 null, len %u m_len %u", len, m0->m_len));/*XXX*/ len -= m0->m_len; m0 = m0->m_next; } if (m0->m_len != len) { - DPRINTF(("m_pad: length mismatch (should be %d instead of %d)\n", - m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len)); + DPRINTF(("%s: length mismatch (should be %d instead of %d)\n", + __func__, m->m_pkthdr.len, + m->m_pkthdr.len + m0->m_len - len)); m_freem(m); return NULL; @@ -339,10 +337,10 @@ KASSERT(m0->m_next != NULL, ("m_pad: m0 null, len %u m_len %u", len, m0->m_len)) /* Check for zero-length trailing mbufs, and find the last one. */ for (m1 = m0; m1->m_next; m1 = m1->m_next) { if (m1->m_next->m_len != 0) { - DPRINTF(("m_pad: length mismatch (should be %d " - "instead of %d)\n", - m->m_pkthdr.len, - m->m_pkthdr.len + m1->m_next->m_len)); + DPRINTF(("%s: length mismatch (should be %d instead " + "of %d)\n", __func__, + m->m_pkthdr.len, + m->m_pkthdr.len + m1->m_next->m_len)); m_freem(m); return NULL; @@ -356,7 +354,7 @@ KASSERT(m0->m_next != NULL, ("m_pad: m0 null, len %u m_len %u", len, m0->m_len)) MGET(m1, M_DONTWAIT, MT_DATA); if (m1 == 0) { m_freem(m0); - DPRINTF(("m_pad: unable to get extra mbuf\n")); + DPRINTF(("%s: unable to get extra mbuf\n", __func__)); return NULL; } diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index 3b66887..8f8c705 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -89,15 +89,13 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) struct secasindex *saidx; int error; -#if 0 - SPLASSERT(net, "ipsec_process_done"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(m != NULL, ("ipsec_process_done: null mbuf")); - KASSERT(isr != NULL, ("ipsec_process_done: null ISR")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(isr != NULL, ("null ISR")); sav = isr->sav; - KASSERT(sav != NULL, ("ipsec_process_done: null SA")); - KASSERT(sav->sah != NULL, ("ipsec_process_done: null SAH")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); saidx = &sav->sah->saidx; switch (saidx->dst.sa.sa_family) { @@ -124,7 +122,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) break; #endif /* INET6 */ default: - DPRINTF(("ipsec_process_done: unknown protocol family %u\n", + DPRINTF(("%s: unknown protocol family %u\n", __func__, saidx->dst.sa.sa_family)); error = ENXIO; goto bad; @@ -137,7 +135,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) mtag = m_tag_get(PACKET_TAG_IPSEC_OUT_DONE, sizeof(struct tdb_ident), M_NOWAIT); if (mtag == NULL) { - DPRINTF(("ipsec_process_done: could not get packet tag\n")); + DPRINTF(("%s: could not get packet tag\n", __func__)); error = ENOMEM; goto bad; } @@ -205,11 +203,11 @@ ipsec_nextisr( isr->saidx.proto == IPPROTO_AH ? (y)++ : (z)++) struct secasvar *sav; -#if 0 - SPLASSERT(net, "ipsec_nextisr"); -#endif - KASSERT(af == AF_INET || af == AF_INET6, - ("ipsec_nextisr: invalid address family %u", af)); + IPSEC_SPLASSERT_SOFTNET(__func__); + IPSECREQUEST_LOCK_ASSERT(isr); + + IPSEC_ASSERT(af == AF_INET || af == AF_INET6, + ("invalid address family %u", af)); again: /* * Craft SA index to search for proper SA. Note that @@ -287,15 +285,17 @@ again: } sav = isr->sav; if (sav == NULL) { /* XXX valid return */ - KASSERT(ipsec_get_reqlevel(isr) == IPSEC_LEVEL_USE, - ("ipsec_nextisr: no SA found, but required; level %u", + IPSEC_ASSERT(ipsec_get_reqlevel(isr) == IPSEC_LEVEL_USE, + ("no SA found, but required; level %u", ipsec_get_reqlevel(isr))); + IPSECREQUEST_UNLOCK(isr); isr = isr->next; if (isr == NULL) { /*XXXstatistic??*/ *error = EINVAL; /*XXX*/ return isr; } + IPSECREQUEST_LOCK(isr); goto again; } @@ -305,8 +305,8 @@ again: if ((isr->saidx.proto == IPPROTO_ESP && !esp_enable) || (isr->saidx.proto == IPPROTO_AH && !ah_enable) || (isr->saidx.proto == IPPROTO_IPCOMP && !ipcomp_enable)) { - DPRINTF(("ipsec_nextisr: IPsec outbound packet dropped due" - " to policy (check your sysctls)\n")); + DPRINTF(("%s: IPsec outbound packet dropped due" + " to policy (check your sysctls)\n", __func__)); IPSEC_OSTAT(espstat.esps_pdrops, ahstat.ahs_pdrops, ipcompstat.ipcomps_pdrops); *error = EHOSTUNREACH; @@ -318,7 +318,7 @@ again: * before they invoke the xform output method. */ if (sav->tdb_xform == NULL) { - DPRINTF(("ipsec_nextisr: no transform for SA\n")); + DPRINTF(("%s: no transform for SA\n", __func__)); IPSEC_OSTAT(espstat.esps_noxform, ahstat.ahs_noxform, ipcompstat.ipcomps_noxform); *error = EHOSTUNREACH; @@ -326,7 +326,8 @@ again: } return isr; bad: - KASSERT(*error != 0, ("ipsec_nextisr: error return w/ no error code")); + IPSEC_ASSERT(*error != 0, ("error return w/ no error code")); + IPSECREQUEST_UNLOCK(isr); return NULL; #undef IPSEC_OSTAT } @@ -347,10 +348,10 @@ ipsec4_process_packet( struct ip *ip; int error, i, off; - KASSERT(m != NULL, ("ipsec4_process_packet: null mbuf")); - KASSERT(isr != NULL, ("ipsec4_process_packet: null isr")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(isr != NULL, ("null isr")); - mtx_lock(&isr->lock); /* insure SA contents don't change */ + IPSECREQUEST_LOCK(isr); /* insure SA contents don't change */ isr = ipsec_nextisr(m, isr, AF_INET, &saidx, &error); if (isr == NULL) @@ -420,8 +421,8 @@ ipsec4_process_packet( error = ipip_output(m, isr, &mp, 0, 0); if (mp == NULL && !error) { /* Should never happen. */ - DPRINTF(("ipsec4_process_packet: ipip_output " - "returns no mbuf and no error!")); + DPRINTF(("%s: ipip_output returns no mbuf and " + "no error!", __func__)); error = EFAULT; } if (error) { @@ -469,10 +470,11 @@ ipsec4_process_packet( } else { error = ipsec_process_done(m, isr); } - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return error; bad: - mtx_unlock(&isr->lock); + if (isr) + IPSECREQUEST_UNLOCK(isr); if (m) m_freem(m); return error; @@ -490,8 +492,8 @@ ipsec6_splithdr(struct mbuf *m) struct ip6_hdr *ip6; int hlen; - KASSERT(m->m_len >= sizeof (struct ip6_hdr), - ("ipsec6_splithdr: first mbuf too short, len %u", m->m_len)); + IPSEC_ASSERT(m->m_len >= sizeof (struct ip6_hdr), + ("first mbuf too short, len %u", m->m_len)); ip6 = mtod(m, struct ip6_hdr *); hlen = sizeof(struct ip6_hdr); if (m->m_len > hlen) { @@ -533,15 +535,15 @@ ipsec6_output_trans( int error = 0; struct mbuf *m; - KASSERT(state != NULL, ("ipsec6_output: null state")); - KASSERT(state->m != NULL, ("ipsec6_output: null m")); - KASSERT(nexthdrp != NULL, ("ipsec6_output: null nexthdrp")); - KASSERT(mprev != NULL, ("ipsec6_output: null mprev")); - KASSERT(sp != NULL, ("ipsec6_output: null sp")); - KASSERT(tun != NULL, ("ipsec6_output: null tun")); + IPSEC_ASSERT(state != NULL, ("null state")); + IPSEC_ASSERT(state->m != NULL, ("null m")); + IPSEC_ASSERT(nexthdrp != NULL, ("null nexthdrp")); + IPSEC_ASSERT(mprev != NULL, ("null mprev")); + IPSEC_ASSERT(sp != NULL, ("null sp")); + IPSEC_ASSERT(tun != NULL, ("null tun")); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec6_output_trans: applyed SP\n"); + printf("%s: applyed SP\n", __func__); kdebug_secpolicy(sp)); isr = sp->req; @@ -596,8 +598,8 @@ ipsec6_encapsulate(struct mbuf *m, struct secasvar *sav) m_freem(m); return EINVAL; } - KASSERT(m->m_len != sizeof (struct ip6_hdr), - ("ipsec6_encapsulate: mbuf wrong size; len %u", m->m_len)); + IPSEC_ASSERT(m->m_len != sizeof (struct ip6_hdr), + ("mbuf wrong size; len %u", m->m_len)); /* @@ -662,12 +664,12 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int struct sockaddr_in6* dst6; struct mbuf *m; - KASSERT(state != NULL, ("ipsec6_output: null state")); - KASSERT(state->m != NULL, ("ipsec6_output: null m")); - KASSERT(sp != NULL, ("ipsec6_output: null sp")); + IPSEC_ASSERT(state != NULL, ("null state")); + IPSEC_ASSERT(state->m != NULL, ("null m")); + IPSEC_ASSERT(sp != NULL, ("null sp")); KEYDEBUG(KEYDEBUG_IPSEC_DATA, - printf("ipsec6_output_tunnel: applyed SP\n"); + printf("%s: applyed SP\n", __func__); kdebug_secpolicy(sp)); m = state->m; @@ -693,8 +695,8 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int */ /* XXX should be processed with other familiy */ if (isr->sav->sah->saidx.src.sa.sa_family != AF_INET6) { - ipseclog((LOG_ERR, "ipsec6_output_tunnel: " - "family mismatched between inner and outer, spi=%u\n", + ipseclog((LOG_ERR, "%s: family mismatched between " + "inner and outer, spi=%u\n", __func__, ntohl(isr->sav->spi))); newipsecstat.ips_out_inval++; error = EAFNOSUPPORT; diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 622a091..b8bad88 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -96,8 +96,6 @@ /* randomness */ #include -#include - #define FULLMASK 0xff #define _BITS(bytes) ((bytes) << 3) @@ -127,15 +125,52 @@ static u_int32_t acq_seq = 0; static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */ static struct mtx sptree_lock; +#define SPTREE_LOCK_INIT() \ + mtx_init(&sptree_lock, "sptree", \ + "fast ipsec security policy database", MTX_DEF) +#define SPTREE_LOCK_DESTROY() mtx_destroy(&sptree_lock) +#define SPTREE_LOCK() mtx_lock(&sptree_lock) +#define SPTREE_UNLOCK() mtx_unlock(&sptree_lock) +#define SPTREE_LOCK_ASSERT() mtx_assert(&sptree_lock, MA_OWNED) + static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ static struct mtx sahtree_lock; +#define SAHTREE_LOCK_INIT() \ + mtx_init(&sahtree_lock, "sahtree", \ + "fast ipsec security association database", MTX_DEF) +#define SAHTREE_LOCK_DESTROY() mtx_destroy(&sahtree_lock) +#define SAHTREE_LOCK() mtx_lock(&sahtree_lock) +#define SAHTREE_UNLOCK() mtx_unlock(&sahtree_lock) +#define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED) + /* registed list */ static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; static struct mtx regtree_lock; +#define REGTREE_LOCK_INIT() \ + mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) +#define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) +#define REGTREE_LOCK() mtx_lock(®tree_lock) +#define REGTREE_UNLOCK() mtx_unlock(®tree_lock) +#define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) + static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ static struct mtx acq_lock; +#define ACQ_LOCK_INIT() \ + mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF) +#define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) +#define ACQ_LOCK() mtx_lock(&acq_lock) +#define ACQ_UNLOCK() mtx_unlock(&acq_lock) +#define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) + static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ static struct mtx spacq_lock; +#define SPACQ_LOCK_INIT() \ + mtx_init(&spacq_lock, "spacqtree", \ + "fast ipsec security policy acquire list", MTX_DEF) +#define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) +#define SPACQ_LOCK() mtx_lock(&spacq_lock) +#define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) +#define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) /* search order for SAs */ static u_int saorder_state_valid[] = { @@ -254,10 +289,6 @@ SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\ &key_prefered_oldsa, 0, ""); -#ifndef LIST_FOREACH -#define LIST_FOREACH(elm, head, field) \ - for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field)) -#endif #define __LIST_CHAINED(elm) \ (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) #define LIST_INSERT_TAIL(head, elm, type, field) \ @@ -467,23 +498,19 @@ static struct mbuf *key_alloc_mbuf __P((int)); #define SA_ADDREF(p) do { \ (p)->refcnt++; \ - KASSERT((p)->refcnt != 0, \ - ("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \ + IPSEC_ASSERT((p)->refcnt != 0, ("SA refcnt overflow")); \ } while (0) #define SA_DELREF(p) do { \ - KASSERT((p)->refcnt > 0, \ - ("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \ + IPSEC_ASSERT((p)->refcnt > 0, ("SA refcnt underflow")); \ (p)->refcnt--; \ } while (0) #define SP_ADDREF(p) do { \ (p)->refcnt++; \ - KASSERT((p)->refcnt != 0, \ - ("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \ + IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow")); \ } while (0) #define SP_DELREF(p) do { \ - KASSERT((p)->refcnt > 0, \ - ("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \ + IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow")); \ (p)->refcnt--; \ } while (0) @@ -511,19 +538,19 @@ key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag) { struct secpolicy *sp; - KASSERT(spidx != NULL, ("key_allocsp: null spidx")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("key_allocsp: invalid direction %u", dir)); + IPSEC_ASSERT(spidx != NULL, ("null spidx")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsp from %s:%u\n", where, tag)); + printf("DP %s from %s:%u\n", __func__, where, tag)); /* get a SP entry */ KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("*** objects\n"); kdebug_secpolicyindex(spidx)); - mtx_lock(&sptree_lock); + SPTREE_LOCK(); LIST_FOREACH(sp, &sptree[dir], chain) { KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("*** in SPD\n"); @@ -538,16 +565,16 @@ key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag) found: if (sp) { /* sanity check */ - KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp"); + KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); /* found a SPD entry */ sp->lastused = time_second; SP_ADDREF(sp); } - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsp return SP:%p (ID=%u) refcnt %u\n", + printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); return sp; } @@ -567,12 +594,12 @@ key_allocsp2(u_int32_t spi, { struct secpolicy *sp; - KASSERT(dst != NULL, ("key_allocsp2: null dst")); - KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, - ("key_allocsp2: invalid direction %u", dir)); + IPSEC_ASSERT(dst != NULL, ("null dst")); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsp2 from %s:%u\n", where, tag)); + printf("DP %s from %s:%u\n", __func__, where, tag)); /* get a SP entry */ KEYDEBUG(KEYDEBUG_IPSEC_DATA, @@ -580,7 +607,7 @@ key_allocsp2(u_int32_t spi, printf("spi %u proto %u dir %u\n", spi, proto, dir); kdebug_sockaddr(&dst->sa)); - mtx_lock(&sptree_lock); + SPTREE_LOCK(); LIST_FOREACH(sp, &sptree[dir], chain) { KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("*** in SPD\n"); @@ -601,16 +628,16 @@ key_allocsp2(u_int32_t spi, found: if (sp) { /* sanity check */ - KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp2"); + KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); /* found a SPD entry */ sp->lastused = time_second; SP_ADDREF(sp); } - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsp2 return SP:%p (ID=%u) refcnt %u\n", + printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); return sp; } @@ -632,16 +659,16 @@ key_gettunnel(const struct sockaddr *osrc, struct secpolicyindex spidx; KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_gettunnel from %s:%u\n", where, tag)); + printf("DP %s from %s:%u\n", __func__, where, tag)); if (isrc->sa_family != idst->sa_family) { - ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.", - isrc->sa_family, idst->sa_family)); + ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.", + __func__, isrc->sa_family, idst->sa_family)); sp = NULL; goto done; } - mtx_lock(&sptree_lock); + SPTREE_LOCK(); LIST_FOREACH(sp, &sptree[dir], chain) { if (sp->state == IPSEC_SPSTATE_DEAD) continue; @@ -683,10 +710,10 @@ found: sp->lastused = time_second; SP_ADDREF(sp); } - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); done: KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_gettunnel return SP:%p (ID=%u) refcnt %u\n", + printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); return sp; } @@ -703,11 +730,11 @@ key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) u_int level; int error; - KASSERT(isr != NULL, ("key_checkrequest: null isr")); - KASSERT(saidx != NULL, ("key_checkrequest: null saidx")); - KASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || + IPSEC_ASSERT(isr != NULL, ("null isr")); + IPSEC_ASSERT(saidx != NULL, ("null saidx")); + IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || saidx->mode == IPSEC_MODE_TUNNEL, - ("key_checkrequest: unexpected policy %u", saidx->mode)); + ("unexpected policy %u", saidx->mode)); /* * XXX guard against protocol callbacks from the crypto @@ -715,7 +742,7 @@ key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) * temporarily null out below. Need to rethink how we * handle bundled SA's in the callback thread. */ - mtx_assert(&isr->lock, MA_OWNED); + IPSECREQUEST_LOCK_ASSERT(isr); /* get current level */ level = ipsec_get_reqlevel(isr); @@ -726,7 +753,7 @@ key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) */ if (isr->sav != NULL) { if (isr->sav->sah == NULL) - panic("key_checkrequest: sah is null.\n"); + panic("%s: sah is null.\n", __func__); if (isr->sav == (struct secasvar *)LIST_FIRST( &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) { KEY_FREESAV(&isr->sav); @@ -771,14 +798,14 @@ key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) error = key_acquire(saidx, isr->sp); if (error != 0) { /* XXX What should I do ? */ - ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned " - "from key_acquire.\n", error)); + ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", + __func__, error)); return error; } if (level != IPSEC_LEVEL_REQUIRE) { /* XXX sigh, the interface to this routine is botched */ - KASSERT(isr->sav == NULL, ("key_checkrequest: unexpected SA")); + IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA")); return 0; } else { return ENOENT; @@ -798,16 +825,16 @@ key_allocsa_policy(const struct secasindex *saidx) struct secasvar *sav; u_int stateidx, state; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (sah->state == SADB_SASTATE_DEAD) continue; if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) { - mtx_unlock(&sahtree_lock); /* XXX??? */ + SAHTREE_UNLOCK(); goto found; } } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); return NULL; @@ -843,7 +870,7 @@ key_do_allocsa_policy(struct secashead *sah, u_int state) /* initilize */ candidate = NULL; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) { @@ -851,7 +878,7 @@ key_do_allocsa_policy(struct secashead *sah, u_int state) nextsav = LIST_NEXT(sav, chain); /* sanity check */ - KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy"); + KEY_CHKSASTATE(sav->state, state, __func__); /* initialize */ if (candidate == NULL) { @@ -861,10 +888,9 @@ key_do_allocsa_policy(struct secashead *sah, u_int state) /* Which SA is the better ? */ - /* sanity check 2 */ - if (candidate->lft_c == NULL || sav->lft_c == NULL) - panic("key_do_allocsa_policy: " - "lifetime_current is NULL.\n"); + IPSEC_ASSERT(candidate->lft_c != NULL, + ("null candidate lifetime")); + IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime")); /* What the best method is to compare ? */ if (key_prefered_oldsa) { @@ -894,8 +920,7 @@ key_do_allocsa_policy(struct secashead *sah, u_int state) key_sa_chgstate(d, SADB_SASTATE_DEAD); - KASSERT(d->refcnt > 0, - ("key_do_allocsa_policy: bogus ref count")); + IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count")); m = key_setsadbmsg(SADB_DELETE, 0, d->sah->saidx.proto, 0, 0, d->refcnt - 1); if (!m) @@ -949,11 +974,10 @@ key_do_allocsa_policy(struct secashead *sah, u_int state) if (candidate) { SA_ADDREF(candidate); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP allocsa_policy cause " - "refcnt++:%d SA:%p\n", - candidate->refcnt, candidate)); + printf("DP %s cause refcnt++:%d SA:%p\n", + __func__, candidate->refcnt, candidate)); } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); return candidate; } @@ -984,10 +1008,10 @@ key_allocsa( struct secasvar *sav; u_int stateidx, state; - KASSERT(dst != NULL, ("key_allocsa: null dst address")); + IPSEC_ASSERT(dst != NULL, ("null dst address")); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsa from %s:%u\n", where, tag)); + printf("DP %s from %s:%u\n", __func__, where, tag)); /* * searching SAD. @@ -995,7 +1019,7 @@ key_allocsa( * IPsec tunnel packet is received. But ESP tunnel mode is * encrypted so we can't check internal IP header. */ - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { /* search valid state */ for (stateidx = 0; @@ -1004,7 +1028,7 @@ key_allocsa( state = saorder_state_valid[stateidx]; LIST_FOREACH(sav, &sah->savtree[state], chain) { /* sanity check */ - KEY_CHKSASTATE(sav->state, state, "key_allocsav"); + KEY_CHKSASTATE(sav->state, state, __func__); /* do not return entries w/ unusable state */ if (sav->state != SADB_SASTATE_MATURE && sav->state != SADB_SASTATE_DYING) @@ -1028,10 +1052,10 @@ key_allocsa( } sav = NULL; done: - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_allocsa return SA:%p; refcnt %u\n", + printf("DP %s return SA:%p; refcnt %u\n", __func__, sav, sav ? sav->refcnt : 0)); return sav; } @@ -1045,20 +1069,20 @@ _key_freesp(struct secpolicy **spp, const char* where, int tag) { struct secpolicy *sp = *spp; - KASSERT(sp != NULL, ("key_freesp: null sp")); + IPSEC_ASSERT(sp != NULL, ("null sp")); - mtx_lock(&sptree_lock); + SPTREE_LOCK(); SP_DELREF(sp); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_freesp SP:%p (ID=%u) from %s:%u; refcnt now %u\n", - sp, sp->id, where, tag, sp->refcnt)); + printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n", + __func__, sp, sp->id, where, tag, sp->refcnt)); if (sp->refcnt == 0) { *spp = NULL; key_delsp(sp); } - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); } /* @@ -1068,8 +1092,7 @@ _key_freesp(struct secpolicy **spp, const char* where, int tag) void key_freeso(struct socket *so) { - /* sanity check */ - KASSERT(so != NULL, ("key_freeso: null so")); + IPSEC_ASSERT(so != NULL, ("null so")); switch (so->so_proto->pr_domain->dom_family) { #ifdef INET @@ -1109,8 +1132,8 @@ key_freeso(struct socket *so) break; #endif /* INET6 */ default: - ipseclog((LOG_DEBUG, "key_freeso: unknown address family=%d.\n", - so->so_proto->pr_domain->dom_family)); + ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n", + __func__, so->so_proto->pr_domain->dom_family)); return; } } @@ -1118,14 +1141,14 @@ key_freeso(struct socket *so) static void key_freesp_so(struct secpolicy **sp) { - KASSERT(sp != NULL && *sp != NULL, ("key_freesp_so: null sp")); + IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp")); if ((*sp)->policy == IPSEC_POLICY_ENTRUST || (*sp)->policy == IPSEC_POLICY_BYPASS) return; - KASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, - ("key_freesp_so: invalid policy %u", (*sp)->policy)); + IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, + ("invalid policy %u", (*sp)->policy)); KEY_FREESP(sp); } @@ -1139,13 +1162,14 @@ key_freesav(struct secasvar **psav, const char* where, int tag) { struct secasvar *sav = *psav; - KASSERT(sav != NULL, ("key_freesav: null sav")); + IPSEC_ASSERT(sav != NULL, ("null sav")); + /* XXX unguarded? */ SA_DELREF(sav); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_freesav SA:%p (SPI %u) from %s:%u; refcnt now %u\n", - sav, ntohl(sav->spi), where, tag, sav->refcnt)); + printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", + __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); if (sav->refcnt == 0) { *psav = NULL; @@ -1162,14 +1186,13 @@ key_delsp(struct secpolicy *sp) { struct ipsecrequest *isr, *nextisr; - KASSERT(sp != NULL, ("key_delsp: null sp")); - mtx_assert(&sptree_lock, MA_OWNED); + IPSEC_ASSERT(sp != NULL, ("null sp")); + SPTREE_LOCK_ASSERT(); sp->state = IPSEC_SPSTATE_DEAD; - KASSERT(sp->refcnt == 0, - ("key_delsp: SP with references deleted (refcnt %u)", - sp->refcnt)); + IPSEC_ASSERT(sp->refcnt == 0, + ("SP with references deleted (refcnt %u)", sp->refcnt)); /* remove from SP index */ if (__LIST_CHAINED(sp)) @@ -1197,9 +1220,9 @@ key_getsp(struct secpolicyindex *spidx) { struct secpolicy *sp; - KASSERT(spidx != NULL, ("key_getsp: null spidx")); + IPSEC_ASSERT(spidx != NULL, ("null spidx")); - mtx_lock(&sptree_lock); + SPTREE_LOCK(); LIST_FOREACH(sp, &sptree[spidx->dir], chain) { if (sp->state == IPSEC_SPSTATE_DEAD) continue; @@ -1208,7 +1231,7 @@ key_getsp(struct secpolicyindex *spidx) break; } } - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); return sp; } @@ -1223,7 +1246,7 @@ key_getspbyid(u_int32_t id) { struct secpolicy *sp; - mtx_lock(&sptree_lock); + SPTREE_LOCK(); LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) { if (sp->state == IPSEC_SPSTATE_DEAD) continue; @@ -1242,7 +1265,7 @@ key_getspbyid(u_int32_t id) } } done: - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); return sp; } @@ -1255,13 +1278,13 @@ key_newsp(const char* where, int tag) newsp = (struct secpolicy *) malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO); if (newsp) { - mtx_init(&newsp->lock, "ipsec policy", NULL, MTX_DEF); + SECPOLICY_LOCK_INIT(newsp); newsp->refcnt = 1; newsp->req = NULL; } KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_newsp from %s:%u return SP:%p\n", + printf("DP %s from %s:%u return SP:%p\n", __func__, where, tag, newsp)); return newsp; } @@ -1269,7 +1292,7 @@ key_newsp(const char* where, int tag) static void _key_delsp(struct secpolicy *sp) { - mtx_destroy(&sp->lock); + SECPOLICY_LOCK_DESTROY(sp); free(sp, M_IPSEC_SP); } @@ -1286,13 +1309,11 @@ key_msg2sp(xpl0, len, error) { struct secpolicy *newsp; - /* sanity check */ - if (xpl0 == NULL) - panic("key_msg2sp: NULL pointer was passed.\n"); - if (len < sizeof(*xpl0)) - panic("key_msg2sp: invalid length.\n"); + IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); + IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %u", len)); + if (len != PFKEY_EXTLEN(xpl0)) { - ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n")); + ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); *error = EINVAL; return NULL; } @@ -1322,8 +1343,8 @@ key_msg2sp(xpl0, len, error) /* validity check */ if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { - ipseclog((LOG_DEBUG, - "key_msg2sp: Invalid msg length.\n")); + ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", + __func__)); KEY_FREESP(&newsp); *error = EINVAL; return NULL; @@ -1335,8 +1356,8 @@ key_msg2sp(xpl0, len, error) while (tlen > 0) { /* length check */ if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { - ipseclog((LOG_DEBUG, "key_msg2sp: " - "invalid ipsecrequest length.\n")); + ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " + "length.\n", __func__)); KEY_FREESP(&newsp); *error = EINVAL; return NULL; @@ -1347,7 +1368,7 @@ key_msg2sp(xpl0, len, error) *p_isr = ipsec_newisr(); if ((*p_isr) == NULL) { ipseclog((LOG_DEBUG, - "key_msg2sp: No more memory.\n")); + "%s: No more memory.\n", __func__)); KEY_FREESP(&newsp); *error = ENOBUFS; return NULL; @@ -1361,7 +1382,7 @@ key_msg2sp(xpl0, len, error) break; default: ipseclog((LOG_DEBUG, - "key_msg2sp: invalid proto type=%u\n", + "%s: invalid proto type=%u\n", __func__, xisr->sadb_x_ipsecrequest_proto)); KEY_FREESP(&newsp); *error = EPROTONOSUPPORT; @@ -1376,7 +1397,7 @@ key_msg2sp(xpl0, len, error) case IPSEC_MODE_ANY: default: ipseclog((LOG_DEBUG, - "key_msg2sp: invalid mode=%u\n", + "%s: invalid mode=%u\n", __func__, xisr->sadb_x_ipsecrequest_mode)); KEY_FREESP(&newsp); *error = EINVAL; @@ -1398,8 +1419,9 @@ key_msg2sp(xpl0, len, error) if (xisr->sadb_x_ipsecrequest_reqid > IPSEC_MANUAL_REQID_MAX) { ipseclog((LOG_DEBUG, - "key_msg2sp: reqid=%d range " + "%s: reqid=%d range " "violation, updated by kernel.\n", + __func__, xisr->sadb_x_ipsecrequest_reqid)); xisr->sadb_x_ipsecrequest_reqid = 0; } @@ -1422,7 +1444,8 @@ key_msg2sp(xpl0, len, error) break; default: - ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n", + ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", + __func__, xisr->sadb_x_ipsecrequest_level)); KEY_FREESP(&newsp); *error = EINVAL; @@ -1439,8 +1462,9 @@ key_msg2sp(xpl0, len, error) /* validity check */ if (paddr->sa_len > sizeof((*p_isr)->saidx.src)) { - ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " - "address length.\n")); + ipseclog((LOG_DEBUG, "%s: invalid " + "request address length.\n", + __func__)); KEY_FREESP(&newsp); *error = EINVAL; return NULL; @@ -1454,8 +1478,9 @@ key_msg2sp(xpl0, len, error) /* validity check */ if (paddr->sa_len > sizeof((*p_isr)->saidx.dst)) { - ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " - "address length.\n")); + ipseclog((LOG_DEBUG, "%s: invalid " + "request address length.\n", + __func__)); KEY_FREESP(&newsp); *error = EINVAL; return NULL; @@ -1472,7 +1497,8 @@ key_msg2sp(xpl0, len, error) /* validity check */ if (tlen < 0) { - ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n")); + ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", + __func__)); KEY_FREESP(&newsp); *error = EINVAL; return NULL; @@ -1484,7 +1510,7 @@ key_msg2sp(xpl0, len, error) } break; default: - ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n")); + ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); KEY_FREESP(&newsp); *error = EINVAL; return NULL; @@ -1519,9 +1545,7 @@ key_sp2msg(sp) caddr_t p; struct mbuf *m; - /* sanity check. */ - if (sp == NULL) - panic("key_sp2msg: NULL pointer was passed.\n"); + IPSEC_ASSERT(sp != NULL, ("null policy")); tlen = key_getspreqmsglen(sp); @@ -1594,8 +1618,8 @@ key_gather_mbuf(m, mhp, ndeep, nitem, va_alist) struct mbuf *result = NULL, *n; int len; - if (m == NULL || mhp == NULL) - panic("null pointer passed to key_gather"); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); va_start(ap, nitem); for (i = 0; i < nitem; i++) { @@ -1611,10 +1635,9 @@ key_gather_mbuf(m, mhp, ndeep, nitem, va_alist) if (idx == SADB_EXT_RESERVED) { len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); -#ifdef DIAGNOSTIC - if (len > MHLEN) - panic("assumption failed"); -#endif + + IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); + MGETHDR(n, M_DONTWAIT, MT_DATA); if (!n) goto fail; @@ -1688,9 +1711,10 @@ key_spdadd(so, m, mhp) struct secpolicy *newsp; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spdadd: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || @@ -1701,13 +1725,15 @@ key_spdadd(so, m, mhp) if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { - ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(struct sadb_lifetime)) { - ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; @@ -1733,7 +1759,7 @@ key_spdadd(so, m, mhp) case IPSEC_DIR_OUTBOUND: break; default: - ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n")); + ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); mhp->msg->sadb_msg_errno = EINVAL; return 0; } @@ -1742,7 +1768,7 @@ key_spdadd(so, m, mhp) /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { - ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n")); + ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__)); return key_senderror(so, m, EINVAL); } @@ -1750,7 +1776,8 @@ key_spdadd(so, m, mhp) if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { - ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n")); + ipseclog((LOG_DEBUG, "%s: some policy requests part required\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -1769,7 +1796,8 @@ key_spdadd(so, m, mhp) } else { if (newsp != NULL) { KEY_FREESP(&newsp); - ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n")); + ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n", + __func__)); return key_senderror(so, m, EEXIST); } } @@ -1839,7 +1867,7 @@ key_spdadd(so, m, mhp) /* reset counter in order to deletion by timehandler. */ spacq->created = time_second; spacq->count = 0; - mtx_unlock(&spacq_lock); + SPACQ_UNLOCK(); } } @@ -1913,7 +1941,8 @@ key_getnewspid() } if (count == 0 || newid == 0) { - ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n")); + ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n", + __func__)); return 0; } @@ -1943,20 +1972,23 @@ key_spddelete(so, m, mhp) struct secpolicyindex spidx; struct secpolicy *sp; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spddelete: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null so")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || mhp->ext[SADB_X_EXT_POLICY] == NULL) { - ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { - ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -1980,13 +2012,13 @@ key_spddelete(so, m, mhp) case IPSEC_DIR_OUTBOUND: break; default: - ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n")); + ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); return key_senderror(so, m, EINVAL); } /* Is there SP in SPD ? */ if ((sp = key_getsp(&spidx)) == NULL) { - ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n")); + ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); return key_senderror(so, m, EINVAL); } @@ -1994,7 +2026,7 @@ key_spddelete(so, m, mhp) xpl0->sadb_x_policy_id = sp->id; sp->state = IPSEC_SPSTATE_DEAD; - mtx_destroy(&sp->lock); + SECPOLICY_LOCK_DESTROY(sp); KEY_FREESP(&sp); { @@ -2037,13 +2069,14 @@ key_spddelete2(so, m, mhp) u_int32_t id; struct secpolicy *sp; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spddelete2: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_X_EXT_POLICY] == NULL || mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { - ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__)); key_senderror(so, m, EINVAL); return 0; } @@ -2052,12 +2085,12 @@ key_spddelete2(so, m, mhp) /* Is there SP in SPD ? */ if ((sp = key_getspbyid(id)) == NULL) { - ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id)); + ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); key_senderror(so, m, EINVAL); } sp->state = IPSEC_SPSTATE_DEAD; - mtx_destroy(&sp->lock); + SECPOLICY_LOCK_DESTROY(sp); KEY_FREESP(&sp); { @@ -2088,10 +2121,8 @@ key_spddelete2(so, m, mhp) m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); -#ifdef DIAGNOSTIC - if (off != len) - panic("length inconsistency in key_spddelete2"); -#endif + IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", + off, len)); n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT); @@ -2135,13 +2166,15 @@ key_spdget(so, m, mhp) struct secpolicy *sp; struct mbuf *n; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spdget: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_X_EXT_POLICY] == NULL || mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { - ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -2149,7 +2182,7 @@ key_spdget(so, m, mhp) /* Is there SP in SPD ? */ if ((sp = key_getspbyid(id)) == NULL) { - ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id)); + ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); return key_senderror(so, m, ENOENT); } @@ -2184,13 +2217,10 @@ key_spdacquire(sp) struct secspacq *newspacq; int error; - /* sanity check */ - if (sp == NULL) - panic("key_spdacquire: NULL pointer is passed.\n"); - if (sp->req != NULL) - panic("key_spdacquire: called but there is request.\n"); - if (sp->policy != IPSEC_POLICY_IPSEC) - panic("key_spdacquire: policy mismathed. IPsec is expected.\n"); + IPSEC_ASSERT(sp != NULL, ("null secpolicy")); + IPSEC_ASSERT(sp->req == NULL, ("policy exists")); + IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, + ("policy not IPSEC %u", sp->policy)); /* Get an entry to check whether sent message or not. */ newspacq = key_getspacq(&sp->spidx); @@ -2203,7 +2233,7 @@ key_spdacquire(sp) newspacq->count++; return 0; } - mtx_unlock(&spacq_lock); + SPACQ_UNLOCK(); } else { /* make new entry for blocking to send SADB_ACQUIRE. */ newspacq = key_newspacq(&sp->spidx); @@ -2256,21 +2286,23 @@ key_spdflush(so, m, mhp) struct secpolicy *sp; u_int dir; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spdflush: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) return key_senderror(so, m, EINVAL); for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { - LIST_FOREACH(sp, &sptree[dir], chain) { + SPTREE_LOCK(); + LIST_FOREACH(sp, &sptree[dir], chain) sp->state = IPSEC_SPSTATE_DEAD; - } + SPTREE_UNLOCK(); } if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { - ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return key_senderror(so, m, ENOBUFS); } @@ -2307,9 +2339,10 @@ key_spddump(so, m, mhp) u_int dir; struct mbuf *n; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spddump: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* search SPD entry and get buffer size. */ cnt = 0; @@ -2444,9 +2477,7 @@ key_spdexpire(sp) /* XXX: Why do we lock ? */ - /* sanity check */ - if (sp == NULL) - panic("key_spdexpire: NULL pointer is passed.\n"); + IPSEC_ASSERT(sp != NULL, ("null secpolicy")); /* set msg header */ m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); @@ -2550,7 +2581,7 @@ key_newsah(saidx) { struct secashead *newsah; - KASSERT(saidx != NULL, ("key_newsaidx: null saidx")); + IPSEC_ASSERT(saidx != NULL, ("null saidx")); newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO); if (newsah != NULL) { @@ -2562,9 +2593,9 @@ key_newsah(saidx) /* add to saidxtree */ newsah->state = SADB_SASTATE_MATURE; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_INSERT_HEAD(&sahtree, newsah, chain); - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); } return(newsah); } @@ -2577,28 +2608,21 @@ key_delsah(sah) struct secashead *sah; { struct secasvar *sav, *nextsav; - u_int stateidx, state; + u_int stateidx; int zombie = 0; - /* sanity check */ - KASSERT(sah != NULL, ("key_delsah: NULL sah")); - mtx_assert(&sahtree_lock, MA_OWNED); + IPSEC_ASSERT(sah != NULL, ("NULL sah")); + SAHTREE_LOCK_ASSERT(); /* searching all SA registerd in the secindex. */ for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_any); stateidx++) { - - state = saorder_state_any[stateidx]; - for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]); - sav != NULL; - sav = nextsav) { - - nextsav = LIST_NEXT(sav, chain); - + u_int state = saorder_state_any[stateidx]; + LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) { if (sav->refcnt == 0) { /* sanity check */ - KEY_CHKSASTATE(state, sav->state, "key_delsah"); + KEY_CHKSASTATE(state, sav->state, __func__); KEY_FREESAV(&sav); } else { /* give up to delete this sa */ @@ -2606,20 +2630,16 @@ key_delsah(sah) } } } - /* remove from tree of SA index */ - if (!zombie && __LIST_CHAINED(sah)) - LIST_REMOVE(sah, chain); - - /* don't delete sah only if there are savs. */ - if (zombie) - return; - - if (sah->sa_route.ro_rt) { - RTFREE(sah->sa_route.ro_rt); - sah->sa_route.ro_rt = (struct rtentry *)NULL; + if (!zombie) { /* delete only if there are savs */ + /* remove from tree of SA index */ + if (__LIST_CHAINED(sah)) + LIST_REMOVE(sah, chain); + if (sah->sa_route.ro_rt) { + RTFREE(sah->sa_route.ro_rt); + sah->sa_route.ro_rt = (struct rtentry *)NULL; + } + free(sah, M_IPSEC_SAH); } - - free(sah, M_IPSEC_SAH); } /* @@ -2646,13 +2666,14 @@ key_newsav(m, mhp, sah, errp, where, tag) struct secasvar *newsav; const struct sadb_sa *xsa; - /* sanity check */ - if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) - panic("key_newsa: NULL pointer is passed.\n"); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); + IPSEC_ASSERT(sah != NULL, ("null secashead")); newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO); if (newsav == NULL) { - ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); *errp = ENOBUFS; goto done; } @@ -2676,7 +2697,8 @@ key_newsav(m, mhp, sah, errp, where, tag) if (mhp->ext[SADB_EXT_SA] == NULL) { free(newsav, M_IPSEC_SA); newsav = NULL; - ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); *errp = EINVAL; goto done; } @@ -2702,7 +2724,7 @@ key_newsav(m, mhp, sah, errp, where, tag) } } - mtx_init(&newsav->lock, "ipsec sa", NULL, MTX_DEF); + SECASVAR_LOCK_INIT(newsav); /* reset created */ newsav->created = time_second; @@ -2718,7 +2740,7 @@ key_newsav(m, mhp, sah, errp, where, tag) secasvar, chain); done: KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_newsav from %s:%u return SP:%p\n", + printf("DP %s from %s:%u return SP:%p\n", __func__, where, tag, newsav)); return newsav; @@ -2738,6 +2760,7 @@ key_cleansav(struct secasvar *sav) sav->tdb_xform->xf_zeroize(sav); sav->tdb_xform = NULL; } else { + KASSERT(sav->iv == NULL, ("iv but no xform")); if (sav->key_auth != NULL) bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); if (sav->key_enc != NULL) @@ -2772,10 +2795,6 @@ key_cleansav(struct secasvar *sav) free(sav->lft_s, M_IPSEC_MISC); sav->lft_s = NULL; } - if (sav->iv != NULL) { - free(sav->iv, M_IPSEC_MISC); - sav->iv = NULL; - } } /* @@ -2785,15 +2804,14 @@ static void key_delsav(sav) struct secasvar *sav; { - KASSERT(sav != NULL, ("key_delsav: null sav")); - KASSERT(sav->refcnt == 0, - ("key_delsav: reference count %u > 0", sav->refcnt)); + IPSEC_ASSERT(sav != NULL, ("null sav")); + IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt)); /* remove from SA header */ if (__LIST_CHAINED(sav)) LIST_REMOVE(sav, chain); key_cleansav(sav); - mtx_destroy(&sav->lock); + SECASVAR_LOCK_DESTROY(sav); free(sav, M_IPSEC_SA); } @@ -2809,14 +2827,14 @@ key_getsah(saidx) { struct secashead *sah; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (sah->state == SADB_SASTATE_DEAD) continue; if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) break; } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); return sah; } @@ -2838,13 +2856,14 @@ key_checkspidup(saidx, spi) /* check address family */ if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { - ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n")); + ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", + __func__)); return NULL; } sav = NULL; /* check all SAD */ - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) continue; @@ -2852,7 +2871,7 @@ key_checkspidup(saidx, spi) if (sav != NULL) break; } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); return sav; } @@ -2872,7 +2891,7 @@ key_getsavbyspi(sah, spi) u_int stateidx, state; sav = NULL; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK_ASSERT(); /* search all status */ for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); @@ -2883,9 +2902,9 @@ key_getsavbyspi(sah, spi) /* sanity check */ if (sav->state != state) { - ipseclog((LOG_DEBUG, "key_getsavbyspi: " + ipseclog((LOG_DEBUG, "%s: " "invalid sav->state (queue: %d SA: %d)\n", - state, sav->state)); + __func__, state, sav->state)); continue; } @@ -2893,7 +2912,6 @@ key_getsavbyspi(sah, spi) break; } } - mtx_unlock(&sahtree_lock); return sav; } @@ -2914,9 +2932,9 @@ key_setsaval(sav, m, mhp) { int error = 0; - /* sanity check */ - if (m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_setsaval: NULL pointer is passed.\n"); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* initialization */ sav->replay = NULL; @@ -2952,7 +2970,8 @@ key_setsaval(sav, m, mhp) sav->replay = (struct secreplay *) malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO); if (sav->replay == NULL) { - ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", + __func__)); error = ENOBUFS; goto fail; } @@ -2988,13 +3007,14 @@ key_setsaval(sav, m, mhp) break; } if (error) { - ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n")); + ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", + __func__)); goto fail; } sav->key_auth = key_dup(key0, len, M_IPSEC_MISC); if (sav->key_auth == NULL) { - ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); error = ENOBUFS; goto fail; } @@ -3022,7 +3042,8 @@ key_setsaval(sav, m, mhp) } sav->key_enc = key_dup(key0, len, M_IPSEC_MISC); if (sav->key_enc == NULL) { - ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", + __func__)); error = ENOBUFS; goto fail; } @@ -3038,7 +3059,8 @@ key_setsaval(sav, m, mhp) break; } if (error) { - ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n")); + ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", + __func__)); goto fail; } } @@ -3058,9 +3080,8 @@ key_setsaval(sav, m, mhp) break; } if (error) { - ipseclog((LOG_DEBUG, - "key_setsaval: unable to initialize SA type %u.\n", - mhp->msg->sadb_msg_satype)); + ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", + __func__, mhp->msg->sadb_msg_satype)); goto fail; } @@ -3070,7 +3091,7 @@ key_setsaval(sav, m, mhp) /* make lifetime for CURRENT */ sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT); if (sav->lft_c == NULL) { - ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); error = ENOBUFS; goto fail; } @@ -3095,7 +3116,7 @@ key_setsaval(sav, m, mhp) } sav->lft_h = key_dup(lft0, sizeof(*lft0), M_IPSEC_MISC); if (sav->lft_h == NULL) { - ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); error = ENOBUFS; goto fail; } @@ -3110,7 +3131,7 @@ key_setsaval(sav, m, mhp) } sav->lft_s = key_dup(lft0, sizeof(*lft0), M_IPSEC_MISC); if (sav->lft_s == NULL) { - ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); error = ENOBUFS; goto fail; } @@ -3142,9 +3163,8 @@ key_mature(struct secasvar *sav) case IPPROTO_ESP: case IPPROTO_AH: if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) { - ipseclog((LOG_DEBUG, - "key_mature: illegal range of SPI %u.\n", - (u_int32_t)ntohl(sav->spi))); + ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", + __func__, (u_int32_t)ntohl(sav->spi))); return EINVAL; } break; @@ -3156,8 +3176,8 @@ key_mature(struct secasvar *sav) /* check flags */ if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { - ipseclog((LOG_DEBUG, "key_mature: " - "invalid flag (derived) given to old-esp.\n")); + ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " + "given to old-esp.\n", __func__)); return EINVAL; } error = xform_init(sav, XF_ESP); @@ -3165,39 +3185,40 @@ key_mature(struct secasvar *sav) case IPPROTO_AH: /* check flags */ if (sav->flags & SADB_X_EXT_DERIV) { - ipseclog((LOG_DEBUG, "key_mature: " - "invalid flag (derived) given to AH SA.\n")); + ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " + "given to AH SA.\n", __func__)); return EINVAL; } if (sav->alg_enc != SADB_EALG_NONE) { - ipseclog((LOG_DEBUG, "key_mature: " - "protocol and algorithm mismated.\n")); + ipseclog((LOG_DEBUG, "%s: protocol and algorithm " + "mismated.\n", __func__)); return(EINVAL); } error = xform_init(sav, XF_AH); break; case IPPROTO_IPCOMP: if (sav->alg_auth != SADB_AALG_NONE) { - ipseclog((LOG_DEBUG, "key_mature: " - "protocol and algorithm mismated.\n")); + ipseclog((LOG_DEBUG, "%s: protocol and algorithm " + "mismated.\n", __func__)); return(EINVAL); } if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && ntohl(sav->spi) >= 0x10000) { - ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n")); + ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", + __func__)); return(EINVAL); } error = xform_init(sav, XF_IPCOMP); break; default: - ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n")); + ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); error = EPROTONOSUPPORT; break; } if (error == 0) { - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); key_sa_chgstate(sav, SADB_SASTATE_MATURE); - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); } return (error); } @@ -3561,7 +3582,7 @@ key_dup(const void *src, u_int len, struct malloc_type *type) copy = malloc(len, type, M_NOWAIT); if (copy == NULL) { /* XXX counter */ - ipseclog((LOG_DEBUG, "key_dup: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); } else bcopy(src, copy, len); return copy; @@ -3580,9 +3601,7 @@ key_ismyaddr(sa) struct in_ifaddr *ia; #endif - /* sanity check */ - if (sa == NULL) - panic("key_ismyaddr: NULL pointer is passed.\n"); + IPSEC_ASSERT(sa != NULL, ("null sockaddr")); switch (sa->sa_family) { #ifdef INET @@ -3942,35 +3961,37 @@ key_bbcmp(const void *a1, const void *a2, u_int bits) static void key_flush_spd(time_t now) { - struct secpolicy *sp, *nextsp; + static u_int16_t sptree_scangen = 0; + u_int16_t gen = sptree_scangen++; + struct secpolicy *sp; u_int dir; /* SPD */ for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { - mtx_lock(&sptree_lock); - for (sp = LIST_FIRST(&sptree[dir]); - sp != NULL; - sp = nextsp) { - - nextsp = LIST_NEXT(sp, chain); - +restart: + SPTREE_LOCK(); + LIST_FOREACH(sp, &sptree[dir], chain) { + if (sp->scangen == gen) /* previously handled */ + continue; + sp->scangen = gen; if (sp->state == IPSEC_SPSTATE_DEAD) { + /* NB: clean entries created by key_spdflush */ + SPTREE_UNLOCK(); KEY_FREESP(&sp); - continue; + goto restart; } - if (sp->lifetime == 0 && sp->validtime == 0) continue; - - /* the deletion will occur next time */ if ((sp->lifetime && now - sp->created > sp->lifetime) || (sp->validtime && now - sp->lastused > sp->validtime)) { sp->state = IPSEC_SPSTATE_DEAD; + SPTREE_UNLOCK(); key_spdexpire(sp); - continue; + KEY_FREESP(&sp); + goto restart; } } - mtx_unlock(&sptree_lock); + SPTREE_UNLOCK(); } } @@ -3981,13 +4002,8 @@ key_flush_sad(time_t now) struct secasvar *sav, *nextsav; /* SAD */ - mtx_lock(&sahtree_lock); - for (sah = LIST_FIRST(&sahtree); - sah != NULL; - sah = nextsah) { - - nextsah = LIST_NEXT(sah, chain); - + SAHTREE_LOCK(); + LIST_FOREACH_SAFE(sah, &sahtree, chain, nextsah) { /* if sah has been dead, then delete it and process next sah. */ if (sah->state == SADB_SASTATE_DEAD) { key_delsah(sah); @@ -3995,41 +4011,30 @@ key_flush_sad(time_t now) } /* if LARVAL entry doesn't become MATURE, delete it. */ - for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]); - sav != NULL; - sav = nextsav) { - - nextsav = LIST_NEXT(sav, chain); - - if (now - sav->created > key_larval_lifetime) { + LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) { + if (now - sav->created > key_larval_lifetime) KEY_FREESAV(&sav); - } } /* * check MATURE entry to start to send expire message * whether or not. */ - for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); - sav != NULL; - sav = nextsav) { - - nextsav = LIST_NEXT(sav, chain); - + LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) { /* we don't need to check. */ if (sav->lft_s == NULL) continue; /* sanity check */ if (sav->lft_c == NULL) { - ipseclog((LOG_DEBUG,"key_timehandler: " - "There is no CURRENT time, why?\n")); + ipseclog((LOG_DEBUG,"%s: there is no CURRENT " + "time, why?\n", __func__)); continue; } /* check SOFT lifetime */ - if (sav->lft_s->sadb_lifetime_addtime != 0 - && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { + if (sav->lft_s->sadb_lifetime_addtime != 0 && + now - sav->created > sav->lft_s->sadb_lifetime_addtime) { /* * check SA to be used whether or not. * when SA hasn't been used, delete it. @@ -4053,8 +4058,8 @@ key_flush_sad(time_t now) * when new SA is installed. Caution when it's * installed too big lifetime by time. */ - else if (sav->lft_s->sadb_lifetime_bytes != 0 - && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { + else if (sav->lft_s->sadb_lifetime_bytes != 0 && + sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { key_sa_chgstate(sav, SADB_SASTATE_DYING); /* @@ -4067,25 +4072,20 @@ key_flush_sad(time_t now) } /* check DYING entry to change status to DEAD. */ - for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]); - sav != NULL; - sav = nextsav) { - - nextsav = LIST_NEXT(sav, chain); - + LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) { /* we don't need to check. */ if (sav->lft_h == NULL) continue; /* sanity check */ if (sav->lft_c == NULL) { - ipseclog((LOG_DEBUG, "key_timehandler: " - "There is no CURRENT time, why?\n")); + ipseclog((LOG_DEBUG, "%s: there is no CURRENT " + "time, why?\n", __func__)); continue; } - if (sav->lft_h->sadb_lifetime_addtime != 0 - && now - sav->created > sav->lft_h->sadb_lifetime_addtime) { + if (sav->lft_h->sadb_lifetime_addtime != 0 && + now - sav->created > sav->lft_h->sadb_lifetime_addtime) { key_sa_chgstate(sav, SADB_SASTATE_DEAD); KEY_FREESAV(&sav); } @@ -4106,29 +4106,22 @@ key_flush_sad(time_t now) } #endif /* check HARD lifetime by bytes */ - else if (sav->lft_h->sadb_lifetime_bytes != 0 - && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { + else if (sav->lft_h->sadb_lifetime_bytes != 0 && + sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { key_sa_chgstate(sav, SADB_SASTATE_DEAD); KEY_FREESAV(&sav); } } /* delete entry in DEAD */ - for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]); - sav != NULL; - sav = nextsav) { - - nextsav = LIST_NEXT(sav, chain); - + LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) { /* sanity check */ if (sav->state != SADB_SASTATE_DEAD) { - ipseclog((LOG_DEBUG, "key_timehandler: " - "invalid sav->state " - "(queue: %d SA: %d): " - "kill it anyway\n", + ipseclog((LOG_DEBUG, "%s: invalid sav->state " + "(queue: %d SA: %d): kill it anyway\n", + __func__, SADB_SASTATE_DEAD, sav->state)); } - /* * do not call key_freesav() here. * sav should already be freed, and sav->refcnt @@ -4137,7 +4130,7 @@ key_flush_sad(time_t now) */ } } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); } static void @@ -4146,7 +4139,7 @@ key_flush_acq(time_t now) struct secacq *acq, *nextacq; /* ACQ tree */ - mtx_lock(&acq_lock); + ACQ_LOCK(); for (acq = LIST_FIRST(&acqtree); acq != NULL; acq = nextacq) { nextacq = LIST_NEXT(acq, chain); if (now - acq->created > key_blockacq_lifetime @@ -4155,7 +4148,7 @@ key_flush_acq(time_t now) free(acq, M_IPSEC_SAQ); } } - mtx_unlock(&acq_lock); + ACQ_UNLOCK(); } static void @@ -4164,7 +4157,7 @@ key_flush_spacq(time_t now) struct secspacq *acq, *nextacq; /* SP ACQ tree */ - mtx_lock(&spacq_lock); + SPACQ_LOCK(); for (acq = LIST_FIRST(&spacqtree); acq != NULL; acq = nextacq) { nextacq = LIST_NEXT(acq, chain); if (now - acq->created > key_blockacq_lifetime @@ -4173,7 +4166,7 @@ key_flush_spacq(time_t now) free(acq, M_IPSEC_SAQ); } } - mtx_unlock(&spacq_lock); + SPACQ_UNLOCK(); } /* @@ -4309,18 +4302,21 @@ key_getspi(so, m, mhp) u_int32_t reqid; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_getspi: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { - ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { - ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->ext[SADB_X_EXT_SA2] != NULL) { @@ -4336,7 +4332,8 @@ key_getspi(so, m, mhp) /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -4387,7 +4384,7 @@ key_getspi(so, m, mhp) if ((newsah = key_getsah(&saidx)) == NULL) { /* create a new SA index */ if ((newsah = key_newsah(&saidx)) == NULL) { - ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); return key_senderror(so, m, ENOBUFS); } } @@ -4449,10 +4446,8 @@ key_getspi(so, m, mhp) m_sa->sadb_sa_spi = htonl(spi); off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); -#ifdef DIAGNOSTIC - if (off != len) - panic("length inconsistency in key_getspi"); -#endif + IPSEC_ASSERT(off == len, + ("length inconsistency (off %u len %u)", off, len)); n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); @@ -4519,7 +4514,8 @@ key_do_getnewspi(spirange, saidx) if (min == max) { if (key_checkspidup(saidx, min) != NULL) { - ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min)); + ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", + __func__, min)); return 0; } @@ -4541,7 +4537,8 @@ key_do_getnewspi(spirange, saidx) } if (count == 0 || newspi == 0) { - ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n")); + ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n", + __func__)); return 0; } } @@ -4582,13 +4579,15 @@ key_update(so, m, mhp) u_int32_t reqid; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_update: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -4603,13 +4602,15 @@ key_update(so, m, mhp) mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { - ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { - ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->ext[SADB_X_EXT_SA2] != NULL) { @@ -4630,7 +4631,7 @@ key_update(so, m, mhp) /* get a SA header */ if ((sah = key_getsah(&saidx)) == NULL) { - ipseclog((LOG_DEBUG, "key_update: no SA index found.\n")); + ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__)); return key_senderror(so, m, ENOENT); } @@ -4644,40 +4645,40 @@ key_update(so, m, mhp) #ifdef IPSEC_DOSEQCHECK if (mhp->msg->sadb_msg_seq != 0 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) { - ipseclog((LOG_DEBUG, - "key_update: no larval SA with sequence %u exists.\n", - mhp->msg->sadb_msg_seq)); + ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u " + "exists.\n", __func__, mhp->msg->sadb_msg_seq)); return key_senderror(so, m, ENOENT); } #else - if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) { - ipseclog((LOG_DEBUG, - "key_update: no such a SA found (spi:%u)\n", - (u_int32_t)ntohl(sa0->sadb_sa_spi))); + SAHTREE_LOCK(); + sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); + SAHTREE_UNLOCK(); + if (sav == NULL) { + ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n", + __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi))); return key_senderror(so, m, EINVAL); } #endif /* validity check */ if (sav->sah->saidx.proto != proto) { - ipseclog((LOG_DEBUG, - "key_update: protocol mismatched (DB=%u param=%u)\n", - sav->sah->saidx.proto, proto)); + ipseclog((LOG_DEBUG, "%s: protocol mismatched " + "(DB=%u param=%u)\n", __func__, + sav->sah->saidx.proto, proto)); return key_senderror(so, m, EINVAL); } #ifdef IPSEC_DOSEQCHECK if (sav->spi != sa0->sadb_sa_spi) { - ipseclog((LOG_DEBUG, - "key_update: SPI mismatched (DB:%u param:%u)\n", + ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n", + __func__, (u_int32_t)ntohl(sav->spi), (u_int32_t)ntohl(sa0->sadb_sa_spi))); return key_senderror(so, m, EINVAL); } #endif if (sav->pid != mhp->msg->sadb_msg_pid) { - ipseclog((LOG_DEBUG, - "key_update: pid mismatched (DB:%u param:%u)\n", - sav->pid, mhp->msg->sadb_msg_pid)); + ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n", + __func__, sav->pid, mhp->msg->sadb_msg_pid)); return key_senderror(so, m, EINVAL); } @@ -4700,7 +4701,7 @@ key_update(so, m, mhp) /* set msg buf from mhp */ n = key_getmsgbuf_x1(m, mhp); if (n == NULL) { - ipseclog((LOG_DEBUG, "key_update: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return key_senderror(so, m, ENOBUFS); } @@ -4730,14 +4731,13 @@ key_getsavbyseq(sah, seq) /* search SAD with sequence number ? */ LIST_FOREACH(sav, &sah->savtree[state], chain) { - KEY_CHKSASTATE(state, sav->state, "key_getsabyseq"); + KEY_CHKSASTATE(state, sav->state, __func__); if (sav->seq == seq) { SA_ADDREF(sav); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, - printf("DP key_getsavbyseq cause " - "refcnt++:%d SA:%p\n", - sav->refcnt, sav)); + printf("DP %s cause refcnt++:%d SA:%p\n", + __func__, sav->refcnt, sav)); return sav; } } @@ -4777,13 +4777,15 @@ key_add(so, m, mhp) u_int32_t reqid; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_add: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -4798,14 +4800,16 @@ key_add(so, m, mhp) mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { - ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { /* XXX need more */ - ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->ext[SADB_X_EXT_SA2] != NULL) { @@ -4827,7 +4831,7 @@ key_add(so, m, mhp) if ((newsah = key_getsah(&saidx)) == NULL) { /* create a new SA header */ if ((newsah = key_newsah(&saidx)) == NULL) { - ipseclog((LOG_DEBUG, "key_add: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); return key_senderror(so, m, ENOBUFS); } } @@ -4841,8 +4845,11 @@ key_add(so, m, mhp) /* create new SA entry. */ /* We can create new SA only if SPI is differenct. */ - if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) { - ipseclog((LOG_DEBUG, "key_add: SA already exists.\n")); + SAHTREE_LOCK(); + newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi); + SAHTREE_UNLOCK(); + if (newsav != NULL) { + ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); return key_senderror(so, m, EEXIST); } newsav = KEY_NEWSAV(m, mhp, newsah, &error); @@ -4867,7 +4874,7 @@ key_add(so, m, mhp) /* set msg buf from mhp */ n = key_getmsgbuf_x1(m, mhp); if (n == NULL) { - ipseclog((LOG_DEBUG, "key_update: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return key_senderror(so, m, ENOBUFS); } @@ -4886,9 +4893,10 @@ key_setident(sah, m, mhp) const struct sadb_ident *idsrc, *iddst; int idsrclen, iddstlen; - /* sanity check */ - if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_setident: NULL pointer is passed.\n"); + IPSEC_ASSERT(sah != NULL, ("null secashead")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* don't make buffer if not there */ if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && @@ -4900,7 +4908,7 @@ key_setident(sah, m, mhp) if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { - ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n")); + ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); return EINVAL; } @@ -4911,7 +4919,7 @@ key_setident(sah, m, mhp) /* validity check */ if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { - ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n")); + ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); return EINVAL; } @@ -4929,14 +4937,14 @@ key_setident(sah, m, mhp) /* make structure */ sah->idents = malloc(idsrclen, M_IPSEC_MISC, M_NOWAIT); if (sah->idents == NULL) { - ipseclog((LOG_DEBUG, "key_setident: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } sah->identd = malloc(iddstlen, M_IPSEC_MISC, M_NOWAIT); if (sah->identd == NULL) { free(sah->idents, M_IPSEC_MISC); sah->idents = NULL; - ipseclog((LOG_DEBUG, "key_setident: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return ENOBUFS; } bcopy(idsrc, sah->idents, idsrclen); @@ -4956,9 +4964,9 @@ key_getmsgbuf_x1(m, mhp) { struct mbuf *n; - /* sanity check */ - if (m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_getmsgbuf_x1: NULL pointer is passed.\n"); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* create new sadb_msg to reply. */ n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED, @@ -5008,25 +5016,29 @@ key_delete(so, m, mhp) struct secasvar *sav = NULL; u_int16_t proto; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_delete: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { - ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { - ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -5036,10 +5048,11 @@ key_delete(so, m, mhp) * that match the src/dst. This is used during * IKE INITIAL-CONTACT. */ - ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n")); + ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); return key_delete_all(so, m, mhp, proto); } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { - ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -5051,7 +5064,7 @@ key_delete(so, m, mhp) KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); /* get a SA header */ - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (sah->state == SADB_SASTATE_DEAD) continue; @@ -5064,13 +5077,13 @@ key_delete(so, m, mhp) break; } if (sah == NULL) { - mtx_unlock(&sahtree_lock); - ipseclog((LOG_DEBUG, "key_delete: no SA found.\n")); + SAHTREE_UNLOCK(); + ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); return key_senderror(so, m, ENOENT); } key_sa_chgstate(sav, SADB_SASTATE_DEAD); - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); KEY_FREESAV(&sav); { @@ -5119,7 +5132,7 @@ key_delete_all(so, m, mhp, proto) /* XXX boundary check against sa_len */ KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (sah->state == SADB_SASTATE_DEAD) continue; @@ -5138,10 +5151,9 @@ key_delete_all(so, m, mhp, proto) nextsav = LIST_NEXT(sav, chain); /* sanity check */ if (sav->state != state) { - ipseclog((LOG_DEBUG, "key_delete_all: " - "invalid sav->state " - "(queue: %d SA: %d)\n", - state, sav->state)); + ipseclog((LOG_DEBUG, "%s: invalid " + "sav->state (queue %d SA %d)\n", + __func__, state, sav->state)); continue; } @@ -5150,7 +5162,7 @@ key_delete_all(so, m, mhp, proto) } } } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); { struct mbuf *n; struct sadb_msg *newmsg; @@ -5200,26 +5212,30 @@ key_get(so, m, mhp) struct secasvar *sav = NULL; u_int16_t proto; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_get: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->ext[SADB_EXT_SA] == NULL || mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { - ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { - ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -5231,7 +5247,7 @@ key_get(so, m, mhp) KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); /* get a SA header */ - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (sah->state == SADB_SASTATE_DEAD) continue; @@ -5243,9 +5259,9 @@ key_get(so, m, mhp) if (sav) break; } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); if (sah == NULL) { - ipseclog((LOG_DEBUG, "key_get: no SA found.\n")); + ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); return key_senderror(so, m, ENOENT); } @@ -5255,7 +5271,8 @@ key_get(so, m, mhp) /* map proto to satype */ if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { - ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n")); + ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -5318,9 +5335,8 @@ key_getcomb_esp() if (ipsec_esp_auth) m = key_getcomb_ah(); else { - KASSERT(l <= MLEN, - ("key_getcomb_esp: l=%u > MLEN=%lu", - l, (u_long) MLEN)); + IPSEC_ASSERT(l <= MLEN, + ("l=%u > MLEN=%lu", l, (u_long) MLEN)); MGET(m, M_DONTWAIT, MT_DATA); if (m) { M_ALIGN(m, l); @@ -5335,8 +5351,7 @@ key_getcomb_esp() totlen = 0; for (n = m; n; n = n->m_next) totlen += n->m_len; - KASSERT((totlen % l) == 0, - ("key_getcomb_esp: totlen=%u, l=%u", totlen, l)); + IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); for (off = 0; off < totlen; off += l) { n = m_pulldown(m, off, l, &o); @@ -5384,8 +5399,8 @@ key_getsizes_ah( case SADB_X_AALG_SHA: *min = *max = 20; break; case SADB_X_AALG_NULL: *min = 1; *max = 256; break; default: - DPRINTF(("key_getsizes_ah: unknown AH algorithm %u\n", - alg)); + DPRINTF(("%s: unknown AH algorithm %u\n", + __func__, alg)); break; } } @@ -5420,9 +5435,8 @@ key_getcomb_ah() continue; if (!m) { - KASSERT(l <= MLEN, - ("key_getcomb_ah: l=%u > MLEN=%lu", - l, (u_long) MLEN)); + IPSEC_ASSERT(l <= MLEN, + ("l=%u > MLEN=%lu", l, (u_long) MLEN)); MGET(m, M_DONTWAIT, MT_DATA); if (m) { M_ALIGN(m, l); @@ -5465,9 +5479,8 @@ key_getcomb_ipcomp() continue; if (!m) { - KASSERT(l <= MLEN, - ("key_getcomb_ipcomp: l=%u > MLEN=%lu", - l, (u_long) MLEN)); + IPSEC_ASSERT(l <= MLEN, + ("l=%u > MLEN=%lu", l, (u_long) MLEN)); MGET(m, M_DONTWAIT, MT_DATA); if (m) { M_ALIGN(m, l); @@ -5565,11 +5578,9 @@ key_acquire(const struct secasindex *saidx, struct secpolicy *sp) int error = -1; u_int32_t seq; - /* sanity check */ - KASSERT(saidx != NULL, ("key_acquire: null saidx")); + IPSEC_ASSERT(saidx != NULL, ("null saidx")); satype = key_proto2satype(saidx->proto); - KASSERT(satype != 0, - ("key_acquire: null satype, protocol %u", saidx->proto)); + IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); /* * We never do anything about acquirng SA. There is anather @@ -5731,7 +5742,7 @@ key_newacq(const struct secasindex *saidx) /* get new entry */ newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); if (newacq == NULL) { - ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return NULL; } @@ -5742,9 +5753,9 @@ key_newacq(const struct secasindex *saidx) newacq->count = 0; /* add to acqtree */ - mtx_lock(&acq_lock); + ACQ_LOCK(); LIST_INSERT_HEAD(&acqtree, newacq, chain); - mtx_unlock(&acq_lock); + ACQ_UNLOCK(); return newacq; } @@ -5754,12 +5765,12 @@ key_getacq(const struct secasindex *saidx) { struct secacq *acq; - mtx_lock(&acq_lock); + ACQ_LOCK(); LIST_FOREACH(acq, &acqtree, chain) { if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY)) break; } - mtx_unlock(&acq_lock); + ACQ_UNLOCK(); return acq; } @@ -5770,12 +5781,12 @@ key_getacqbyseq(seq) { struct secacq *acq; - mtx_lock(&acq_lock); + ACQ_LOCK(); LIST_FOREACH(acq, &acqtree, chain) { if (acq->seq == seq) break; } - mtx_unlock(&acq_lock); + ACQ_UNLOCK(); return acq; } @@ -5789,7 +5800,7 @@ key_newspacq(spidx) /* get new entry */ acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); if (acq == NULL) { - ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return NULL; } @@ -5799,9 +5810,9 @@ key_newspacq(spidx) acq->count = 0; /* add to spacqtree */ - mtx_lock(&spacq_lock); + SPACQ_LOCK(); LIST_INSERT_HEAD(&spacqtree, acq, chain); - mtx_unlock(&spacq_lock); + SPACQ_UNLOCK(); return acq; } @@ -5812,14 +5823,14 @@ key_getspacq(spidx) { struct secspacq *acq; - mtx_lock(&spacq_lock); + SPACQ_LOCK(); LIST_FOREACH(acq, &spacqtree, chain) { if (key_cmpspidx_exactly(spidx, &acq->spidx)) { /* NB: return holding spacq_lock */ return acq; } } - mtx_unlock(&spacq_lock); + SPACQ_UNLOCK(); return NULL; } @@ -5850,9 +5861,10 @@ key_acquire2(so, m, mhp) u_int16_t proto; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_acquire2: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* * Error message from KMd. @@ -5865,7 +5877,8 @@ key_acquire2(so, m, mhp) /* check sequence number */ if (mhp->msg->sadb_msg_seq == 0) { - ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n")); + ipseclog((LOG_DEBUG, "%s: must specify sequence " + "number.\n", __func__)); m_freem(m); return 0; } @@ -5892,7 +5905,8 @@ key_acquire2(so, m, mhp) /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -5900,14 +5914,16 @@ key_acquire2(so, m, mhp) mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || mhp->ext[SADB_EXT_PROPOSAL] == NULL) { /* error */ - ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { /* error */ - ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } @@ -5918,23 +5934,23 @@ key_acquire2(so, m, mhp) KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); /* get a SA index */ - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (sah->state == SADB_SASTATE_DEAD) continue; if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) break; } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); if (sah != NULL) { - ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n")); + ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); return key_senderror(so, m, EEXIST); } error = key_acquire(&saidx, NULL); if (error != 0) { - ipseclog((LOG_DEBUG, "key_acquire2: error %d returned " - "from key_acquire.\n", mhp->msg->sadb_msg_errno)); + ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", + __func__, mhp->msg->sadb_msg_errno)); return key_senderror(so, m, error); } @@ -5962,9 +5978,10 @@ key_register(so, m, mhp) { struct secreg *reg, *newreg = 0; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_register: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* check for invalid register message */ if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0])) @@ -5975,11 +5992,12 @@ key_register(so, m, mhp) goto setmsg; /* check whether existing or not */ - mtx_lock(®tree_lock); + REGTREE_LOCK(); LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) { if (reg->so == so) { - mtx_unlock(®tree_lock); - ipseclog((LOG_DEBUG, "key_register: socket exists already.\n")); + REGTREE_UNLOCK(); + ipseclog((LOG_DEBUG, "%s: socket exists already.\n", + __func__)); return key_senderror(so, m, EEXIST); } } @@ -5987,8 +6005,8 @@ key_register(so, m, mhp) /* create regnode */ newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); if (newreg == NULL) { - mtx_unlock(®tree_lock); - ipseclog((LOG_DEBUG, "key_register: No more memory.\n")); + REGTREE_UNLOCK(); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return key_senderror(so, m, ENOBUFS); } @@ -5997,7 +6015,7 @@ key_register(so, m, mhp) /* add regnode to regtree. */ LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain); - mtx_unlock(®tree_lock); + REGTREE_UNLOCK(); setmsg: { @@ -6097,10 +6115,8 @@ key_register(so, m, mhp) } } -#ifdef DIGAGNOSTIC - if (off != len) - panic("length assumption failed in key_register"); -#endif + IPSEC_ASSERT(off == len, + ("length assumption failed (off %u len %u)", off, len)); m_freem(m); return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); @@ -6117,15 +6133,14 @@ key_freereg(struct socket *so) struct secreg *reg; int i; - /* sanity check */ - KASSERT(so != NULL, ("key_freereg: NULL so")); + IPSEC_ASSERT(so != NULL, ("NULL so")); /* * check whether existing or not. * check all type of SA, because there is a potential that * one socket is registered to multiple type of SA. */ - mtx_lock(®tree_lock); + REGTREE_LOCK(); for (i = 0; i <= SADB_SATYPE_MAX; i++) { LIST_FOREACH(reg, ®tree[i], chain) { if (reg->so == so && __LIST_CHAINED(reg)) { @@ -6135,7 +6150,7 @@ key_freereg(struct socket *so) } } } - mtx_unlock(®tree_lock); + REGTREE_UNLOCK(); } /* @@ -6161,15 +6176,12 @@ key_expire(struct secasvar *sav) /* XXX: Why do we lock ? */ s = splnet(); /*called from softclock()*/ - /* sanity check */ - if (sav == NULL) - panic("key_expire: NULL pointer is passed.\n"); - if (sav->sah == NULL) - panic("key_expire: Why was SA index in SA NULL.\n"); - if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) - panic("key_expire: invalid proto is passed.\n"); + IPSEC_ASSERT (sav != NULL, ("null sav")); + IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); /* set msg header */ + satype = key_proto2satype(sav->sah->saidx.proto); + IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); if (!m) { error = ENOBUFS; @@ -6291,18 +6303,19 @@ key_flush(so, m, mhp) u_int8_t state; u_int stateidx; - /* sanity check */ - if (so == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_flush: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } /* no SATYPE specified, i.e. flushing all SA. */ - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) { @@ -6329,11 +6342,11 @@ key_flush(so, m, mhp) sah->state = SADB_SASTATE_DEAD; } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); if (m->m_len < sizeof(struct sadb_msg) || sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { - ipseclog((LOG_DEBUG, "key_flush: No more memory.\n")); + ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); return key_senderror(so, m, ENOBUFS); } @@ -6376,19 +6389,21 @@ key_dump(so, m, mhp) struct sadb_msg *newmsg; struct mbuf *n; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_dump: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { - ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n")); + ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", + __func__)); return key_senderror(so, m, EINVAL); } /* count sav entries to be sent to the userland. */ cnt = 0; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && proto != sah->saidx.proto) @@ -6405,7 +6420,7 @@ key_dump(so, m, mhp) } if (cnt == 0) { - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); return key_senderror(so, m, ENOENT); } @@ -6418,8 +6433,9 @@ key_dump(so, m, mhp) /* map proto to satype */ if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { - mtx_unlock(&sahtree_lock); - ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n")); + SAHTREE_UNLOCK(); + ipseclog((LOG_DEBUG, "%s: there was invalid proto in " + "SAD.\n", __func__)); return key_senderror(so, m, EINVAL); } @@ -6431,14 +6447,14 @@ key_dump(so, m, mhp) n = key_setdumpsa(sav, SADB_DUMP, satype, --cnt, mhp->msg->sadb_msg_pid); if (!n) { - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); return key_senderror(so, m, ENOBUFS); } key_sendup_mbuf(so, n, KEY_SENDUP_ONE); } } } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); m_freem(m); return 0; @@ -6457,9 +6473,10 @@ key_promisc(so, m, mhp) { int olen; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_promisc: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); @@ -6548,13 +6565,12 @@ key_parse(m, so) int error; int target; - /* sanity check */ - if (m == NULL || so == NULL) - panic("key_parse: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); #if 0 /*kdebug_sadb assumes msg in linear buffer*/ KEYDEBUG(KEYDEBUG_KEY_DUMP, - ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n")); + ipseclog((LOG_DEBUG, "%s: passed sadb_msg\n", __func__)); kdebug_sadb(msg)); #endif @@ -6569,24 +6585,23 @@ key_parse(m, so) if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != m->m_pkthdr.len) { - ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n")); + ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); pfkeystat.out_invlen++; error = EINVAL; goto senderror; } if (msg->sadb_msg_version != PF_KEY_V2) { - ipseclog((LOG_DEBUG, - "key_parse: PF_KEY version %u is mismatched.\n", - msg->sadb_msg_version)); + ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", + __func__, msg->sadb_msg_version)); pfkeystat.out_invver++; error = EINVAL; goto senderror; } if (msg->sadb_msg_type > SADB_MAX) { - ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n", - msg->sadb_msg_type)); + ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", + __func__, msg->sadb_msg_type)); pfkeystat.out_invmsgtype++; error = EINVAL; goto senderror; @@ -6642,8 +6657,9 @@ key_parse(m, so) case SADB_GET: case SADB_ACQUIRE: case SADB_EXPIRE: - ipseclog((LOG_DEBUG, "key_parse: must specify satype " - "when msg type=%u.\n", msg->sadb_msg_type)); + ipseclog((LOG_DEBUG, "%s: must specify satype " + "when msg type=%u.\n", __func__, + msg->sadb_msg_type)); pfkeystat.out_invsatype++; error = EINVAL; goto senderror; @@ -6661,8 +6677,8 @@ key_parse(m, so) case SADB_X_SPDSETIDX: case SADB_X_SPDUPDATE: case SADB_X_SPDDELETE2: - ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n", - msg->sadb_msg_type)); + ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", + __func__, msg->sadb_msg_type)); pfkeystat.out_invsatype++; error = EINVAL; goto senderror; @@ -6672,8 +6688,8 @@ key_parse(m, so) case SADB_SATYPE_OSPFV2: case SADB_SATYPE_RIPV2: case SADB_SATYPE_MIP: - ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n", - msg->sadb_msg_satype)); + ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", + __func__, msg->sadb_msg_satype)); pfkeystat.out_invsatype++; error = EOPNOTSUPP; goto senderror; @@ -6682,8 +6698,8 @@ key_parse(m, so) break; /*FALLTHROUGH*/ default: - ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n", - msg->sadb_msg_satype)); + ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", + __func__, msg->sadb_msg_satype)); pfkeystat.out_invsatype++; error = EINVAL; goto senderror; @@ -6700,7 +6716,8 @@ key_parse(m, so) /* check upper layer protocol */ if (src0->sadb_address_proto != dst0->sadb_address_proto) { - ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n")); + ipseclog((LOG_DEBUG, "%s: upper layer protocol " + "mismatched.\n", __func__)); pfkeystat.out_invaddr++; error = EINVAL; goto senderror; @@ -6709,15 +6726,16 @@ key_parse(m, so) /* check family */ if (PFKEY_ADDR_SADDR(src0)->sa_family != PFKEY_ADDR_SADDR(dst0)->sa_family) { - ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n")); + ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", + __func__)); pfkeystat.out_invaddr++; error = EINVAL; goto senderror; } if (PFKEY_ADDR_SADDR(src0)->sa_len != PFKEY_ADDR_SADDR(dst0)->sa_len) { - ipseclog((LOG_DEBUG, - "key_parse: address struct size mismatched.\n")); + ipseclog((LOG_DEBUG, "%s: address struct size " + "mismatched.\n", __func__)); pfkeystat.out_invaddr++; error = EINVAL; goto senderror; @@ -6741,8 +6759,8 @@ key_parse(m, so) } break; default: - ipseclog((LOG_DEBUG, - "key_parse: unsupported address family.\n")); + ipseclog((LOG_DEBUG, "%s: unsupported address family\n", + __func__)); pfkeystat.out_invaddr++; error = EAFNOSUPPORT; goto senderror; @@ -6763,8 +6781,8 @@ key_parse(m, so) /* check max prefix length */ if (src0->sadb_address_prefixlen > plen || dst0->sadb_address_prefixlen > plen) { - ipseclog((LOG_DEBUG, - "key_parse: illegal prefixlen.\n")); + ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", + __func__)); pfkeystat.out_invaddr++; error = EINVAL; goto senderror; @@ -6798,8 +6816,8 @@ key_senderror(so, m, code) { struct sadb_msg *msg; - if (m->m_len < sizeof(struct sadb_msg)) - panic("invalid mbuf passed to key_senderror"); + IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), + ("mbuf too small, len %u", m->m_len)); msg = mtod(m, struct sadb_msg *); msg->sadb_msg_errno = code; @@ -6822,11 +6840,10 @@ key_align(m, mhp) int extlen; int toff; - /* sanity check */ - if (m == NULL || mhp == NULL) - panic("key_align: NULL pointer is passed.\n"); - if (m->m_len < sizeof(struct sadb_msg)) - panic("invalid mbuf passed to key_align"); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), + ("mbuf too small, len %u", m->m_len)); /* initialize */ bzero(mhp, sizeof(*mhp)); @@ -6870,18 +6887,16 @@ key_align(m, mhp) * KEY_AUTH or KEY_ENCRYPT ? */ if (mhp->ext[ext->sadb_ext_type] != NULL) { - ipseclog((LOG_DEBUG, - "key_align: duplicate ext_type %u " - "is passed.\n", ext->sadb_ext_type)); + ipseclog((LOG_DEBUG, "%s: duplicate ext_type " + "%u\n", __func__, ext->sadb_ext_type)); m_freem(m); pfkeystat.out_dupext++; return EINVAL; } break; default: - ipseclog((LOG_DEBUG, - "key_align: invalid ext_type %u is passed.\n", - ext->sadb_ext_type)); + ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", + __func__, ext->sadb_ext_type)); m_freem(m); pfkeystat.out_invexttype++; return EINVAL; @@ -6980,11 +6995,11 @@ key_init() { int i; - mtx_init(&sptree_lock, "sptree lock", "fast ipsec sadb", MTX_DEF); - mtx_init(®tree_lock, "regtree lock", "fast ipsec sadb", MTX_DEF); - mtx_init(&sahtree_lock, "sahtree lock", "fast ipsec sadb", MTX_DEF); - mtx_init(&acq_lock, "acqtree lock", "fast ipsec sadb", MTX_DEF); - mtx_init(&spacq_lock, "spacqtree lock", "fast ipsec sadb", MTX_DEF); + SPTREE_LOCK_INIT(); + REGTREE_LOCK_INIT(); + SAHTREE_LOCK_INIT(); + ACQ_LOCK_INIT(); + SPACQ_LOCK_INIT(); for (i = 0; i < IPSEC_DIR_MAX; i++) LIST_INIT(&sptree[i]); @@ -7008,7 +7023,7 @@ key_init() /* initialize key statistics */ keystat.getspi_count = 1; - printf("IPsec: Initialized Security Association Processing.\n"); + printf("Fast IPsec: Initialized Security Association Processing.\n"); return; } @@ -7028,9 +7043,7 @@ key_checktunnelsanity(sav, family, src, dst) caddr_t src; caddr_t dst; { - /* sanity check */ - if (sav->sah == NULL) - panic("sav->sah == NULL at key_checktunnelsanity"); + IPSEC_ASSERT(sav->sah != NULL, ("null SA header")); /* XXX: check inner IP header */ @@ -7043,8 +7056,8 @@ key_sa_recordxfer(sav, m) struct secasvar *sav; struct mbuf *m; { - KASSERT(sav != NULL, ("key_sa_recordxfer: Null secasvar")); - KASSERT(m != NULL, ("key_sa_recordxfer: Null mbuf")); + IPSEC_ASSERT(sav != NULL, ("Null secasvar")); + IPSEC_ASSERT(m != NULL, ("Null mbuf")); if (!sav->lft_c) return; @@ -7088,7 +7101,7 @@ key_sa_routechange(dst) struct secashead *sah; struct route *ro; - mtx_lock(&sahtree_lock); + SAHTREE_LOCK(); LIST_FOREACH(sah, &sahtree, chain) { ro = &sah->sa_route; if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len @@ -7097,7 +7110,7 @@ key_sa_routechange(dst) ro->ro_rt = (struct rtentry *)NULL; } } - mtx_unlock(&sahtree_lock); + SAHTREE_UNLOCK(); } static void @@ -7105,8 +7118,8 @@ key_sa_chgstate(sav, state) struct secasvar *sav; u_int8_t state; { - KASSERT(sav != NULL, ("key_sa_chgstate: NULL sav")); - mtx_assert(&sahtree_lock, MA_OWNED); + IPSEC_ASSERT(sav != NULL, ("NULL sav")); + SAHTREE_LOCK_ASSERT(); if (sav->state != state) { if (__LIST_CHAINED(sav)) @@ -7121,8 +7134,7 @@ key_sa_stir_iv(sav) struct secasvar *sav; { - if (!sav->iv) - panic("key_sa_stir_iv called with sav == NULL"); + IPSEC_ASSERT(sav->iv != NULL, ("null IV")); key_randomfill(sav->iv, sav->ivlen); } diff --git a/sys/netipsec/key_debug.c b/sys/netipsec/key_debug.c index b38fc61..a8e5296 100644 --- a/sys/netipsec/key_debug.c +++ b/sys/netipsec/key_debug.c @@ -88,7 +88,7 @@ kdebug_sadb(base) /* sanity check */ if (base == NULL) - panic("kdebug_sadb: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n", base->sadb_msg_version, base->sadb_msg_type, @@ -105,11 +105,12 @@ kdebug_sadb(base) ext->sadb_ext_len, ext->sadb_ext_type); if (ext->sadb_ext_len == 0) { - printf("kdebug_sadb: invalid ext_len=0 was passed.\n"); + printf("%s: invalid ext_len=0 was passed.\n", __func__); return; } if (ext->sadb_ext_len > tlen) { - printf("kdebug_sadb: ext_len exceeds end of buffer.\n"); + printf("%s: ext_len too big (%u > %u).\n", + __func__, ext->sadb_ext_len, tlen); return; } @@ -154,7 +155,7 @@ kdebug_sadb(base) kdebug_sadb_x_sa2(ext); break; default: - printf("kdebug_sadb: invalid ext_type %u was passed.\n", + printf("%s: invalid ext_type %u\n", __func__, ext->sadb_ext_type); return; } @@ -177,7 +178,7 @@ kdebug_sadb_prop(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_prop: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); len = (PFKEY_UNUNIT64(prop->sadb_prop_len) - sizeof(*prop)) / sizeof(*comb); @@ -226,7 +227,7 @@ kdebug_sadb_identity(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_identity: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); len = PFKEY_UNUNIT64(id->sadb_ident_len) - sizeof(*id); printf("sadb_ident_%s{", @@ -270,7 +271,7 @@ kdebug_sadb_supported(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_supported: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); len = (PFKEY_UNUNIT64(sup->sadb_supported_len) - sizeof(*sup)) / sizeof(*alg); @@ -295,7 +296,7 @@ kdebug_sadb_lifetime(ext) /* sanity check */ if (ext == NULL) - printf("kdebug_sadb_lifetime: NULL pointer was passed.\n"); + printf("%s: NULL pointer was passed.\n", __func__); printf("sadb_lifetime{ alloc=%u, bytes=%u\n", lft->sadb_lifetime_allocations, @@ -315,7 +316,7 @@ kdebug_sadb_sa(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_sa: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("sadb_sa{ spi=%u replay=%u state=%u\n", (u_int32_t)ntohl(sa->sadb_sa_spi), sa->sadb_sa_replay, @@ -334,7 +335,7 @@ kdebug_sadb_address(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_address: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("sadb_address{ proto=%u prefixlen=%u reserved=0x%02x%02x }\n", addr->sadb_address_proto, addr->sadb_address_prefixlen, @@ -354,7 +355,7 @@ kdebug_sadb_key(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_key: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("sadb_key{ bits=%u reserved=%u\n", key->sadb_key_bits, key->sadb_key_reserved); @@ -363,7 +364,8 @@ kdebug_sadb_key(ext) /* sanity check 2 */ if ((key->sadb_key_bits >> 3) > (PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key))) { - printf("kdebug_sadb_key: key length mismatch, bit:%d len:%ld.\n", + printf("%s: key length mismatch, bit:%d len:%ld.\n", + __func__, key->sadb_key_bits >> 3, (long)PFKEY_UNUNIT64(key->sadb_key_len) - sizeof(struct sadb_key)); } @@ -382,7 +384,7 @@ kdebug_sadb_x_sa2(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("sadb_x_sa2{ mode=%u reqid=%u\n", sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); @@ -402,7 +404,7 @@ kdebug_sadb_x_policy(ext) /* sanity check */ if (ext == NULL) - panic("kdebug_sadb_x_policy: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("sadb_x_policy{ type=%u dir=%u id=%x }\n", xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir, @@ -435,12 +437,14 @@ kdebug_sadb_x_policy(ext) /* prevent infinite loop */ if (xisr->sadb_x_ipsecrequest_len <= 0) { - printf("kdebug_sadb_x_policy: wrong policy struct.\n"); + printf("%s: wrong policy struct.\n", __func__); return; } /* prevent overflow */ if (xisr->sadb_x_ipsecrequest_len > tlen) { - printf("invalid ipsec policy length\n"); + printf("%s: invalid ipsec policy length " + "(%u > %u)\n", __func__, + xisr->sadb_x_ipsecrequest_len, tlen); return; } @@ -451,7 +455,7 @@ kdebug_sadb_x_policy(ext) } if (tlen != 0) - panic("kdebug_sadb_x_policy: wrong policy struct.\n"); + panic("%s: wrong policy struct.\n", __func__); } return; @@ -465,7 +469,7 @@ kdebug_secpolicy(sp) { /* sanity check */ if (sp == NULL) - panic("kdebug_secpolicy: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("secpolicy{ refcnt=%u state=%u policy=%u\n", sp->refcnt, sp->state, sp->policy); @@ -500,8 +504,7 @@ kdebug_secpolicy(sp) printf(" type=entrust }\n"); break; default: - printf("kdebug_secpolicy: Invalid policy found. %d\n", - sp->policy); + printf("%s: Invalid policy found. %d\n", __func__, sp->policy); break; } @@ -514,7 +517,7 @@ kdebug_secpolicyindex(spidx) { /* sanity check */ if (spidx == NULL) - panic("kdebug_secpolicyindex: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("secpolicyindex{ dir=%u prefs=%u prefd=%u ul_proto=%u\n", spidx->dir, spidx->prefs, spidx->prefd, spidx->ul_proto); @@ -535,7 +538,7 @@ kdebug_secasindex(saidx) { /* sanity check */ if (saidx == NULL) - panic("kdebug_secpolicyindex: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("secasindex{ mode=%u proto=%u\n", saidx->mode, saidx->proto); @@ -556,7 +559,7 @@ kdebug_secasv(sav) { /* sanity check */ if (sav == NULL) - panic("kdebug_secasv: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf("secas{"); kdebug_secasindex(&sav->sah->saidx); @@ -600,7 +603,7 @@ kdebug_secreplay(rpl) /* sanity check */ if (rpl == NULL) - panic("kdebug_secreplay: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); printf(" secreplay{ count=%u wsize=%u seq=%u lastseq=%u", rpl->count, rpl->wsize, rpl->seq, rpl->lastseq); @@ -685,7 +688,7 @@ kdebug_sockaddr(addr) /* sanity check */ if (addr == NULL) - panic("kdebug_sockaddr: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); /* NOTE: We deal with port number as host byte order. */ printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family); diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h index 93773fb..1ba8eb1 100644 --- a/sys/netipsec/keydb.h +++ b/sys/netipsec/keydb.h @@ -102,7 +102,7 @@ struct secasvar { size_t schedlen; struct secreplay *replay; /* replay prevention */ - long created; /* for lifetime */ + time_t created; /* for lifetime */ struct sadb_lifetime *lft_c; /* CURRENT lifetime, it's constant. */ struct sadb_lifetime *lft_h; /* HARD lifetime */ @@ -125,6 +125,13 @@ struct secasvar { u_int64_t tdb_cryptoid; /* crypto session id */ }; +#define SECASVAR_LOCK_INIT(_sav) \ + mtx_init(&(_sav)->lock, "ipsec association", NULL, MTX_DEF) +#define SECASVAR_LOCK(_sav) mtx_lock(&(_sav)->lock) +#define SECASVAR_UNLOCK(_sav) mtx_unlock(&(_sav)->lock) +#define SECASVAR_LOCK_DESTROY(_sav) mtx_destroy(&(_sav)->lock) +#define SECASVAR_LOCK_ASSERT(_sav) mtx_assert(&(_sav)->lock, MA_OWNED) + /* replay prevention */ struct secreplay { u_int32_t count; @@ -142,7 +149,6 @@ struct secreg { struct socket *so; }; -#ifndef IPSEC_NONBLOCK_ACQUIRE /* acquiring list table. */ struct secacq { LIST_ENTRY(secacq) chain; @@ -150,10 +156,9 @@ struct secacq { struct secasindex saidx; u_int32_t seq; /* sequence number */ - long created; /* for lifetime */ + time_t created; /* for lifetime */ int count; /* for lifetime */ }; -#endif /* Sensitivity Level Specification */ /* nothing */ diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c index 4b587f4..b78a307 100644 --- a/sys/netipsec/keysock.c +++ b/sys/netipsec/keysock.c @@ -94,7 +94,7 @@ key_output(m, va_alist) va_end(ap); if (m == 0) - panic("key_output: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); pfkeystat.out_total++; pfkeystat.out_bytes += m->m_pkthdr.len; @@ -195,10 +195,10 @@ key_sendup(so, msg, len, target) /* sanity check */ if (so == 0 || msg == 0) - panic("key_sendup: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); KEYDEBUG(KEYDEBUG_KEY_DUMP, - printf("key_sendup: \n"); + printf("%s: \n", __func__); kdebug_sadb(msg)); /* @@ -283,7 +283,7 @@ key_sendup_mbuf(so, m, target) if (m == NULL) panic("key_sendup_mbuf: NULL pointer was passed.\n"); if (so == NULL && target == KEY_SENDUP_ONE) - panic("key_sendup_mbuf: NULL pointer was passed.\n"); + panic("%s: NULL pointer was passed.\n", __func__); pfkeystat.in_total++; pfkeystat.in_bytes += m->m_pkthdr.len; diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 795701b..32f73f0 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -142,8 +142,7 @@ ah_hdrsiz(struct secasvar *sav) if (sav != NULL) { int authsize; - KASSERT(sav->tdb_authalgxform != NULL, - ("ah_hdrsiz: null xform")); + IPSEC_ASSERT(sav->tdb_authalgxform != NULL, ("null xform")); /*XXX not right for null algorithm--does it matter??*/ authsize = AUTHSIZE(sav); size = roundup(authsize, sizeof (u_int32_t)) + HDRSIZE(sav); @@ -165,8 +164,8 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) thash = ah_algorithm_lookup(sav->alg_auth); if (thash == NULL) { - DPRINTF(("ah_init: unsupported authentication algorithm %u\n", - sav->alg_auth)); + DPRINTF(("%s: unsupported authentication algorithm %u\n", + __func__, sav->alg_auth)); return EINVAL; } /* @@ -176,21 +175,21 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria) */ /* NB: replay state is setup elsewhere (sigh) */ if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) { - DPRINTF(("ah_init: replay state block inconsistency, " - "%s algorithm %s replay state\n", + DPRINTF(("%s: replay state block inconsistency, " + "%s algorithm %s replay state\n", __func__, (sav->flags & SADB_X_EXT_OLD) ? "old" : "new", sav->replay == NULL ? "without" : "with")); return EINVAL; } if (sav->key_auth == NULL) { - DPRINTF(("ah_init: no authentication key for %s " - "algorithm\n", thash->name)); + DPRINTF(("%s: no authentication key for %s algorithm\n", + __func__, thash->name)); return EINVAL; } keylen = _KEYLEN(sav->key_auth); if (keylen != thash->keysize && thash->keysize != 0) { - DPRINTF(("ah_init: invalid keylength %d, algorithm " - "%s requires keysize %d\n", + DPRINTF(("%s: invalid keylength %d, algorithm %s requires " + "keysize %d\n", __func__, keylen, thash->name, thash->keysize)); return EINVAL; } @@ -271,7 +270,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) */ *m0 = m = m_pullup(m, skip); if (m == NULL) { - DPRINTF(("ah_massage_headers: m_pullup failed\n")); + DPRINTF(("%s: m_pullup failed\n", __func__)); return ENOBUFS; } @@ -308,9 +307,8 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) off + 1 < skip) ; else { - DPRINTF(("ah_massage_headers: illegal IPv4 " - "option length for option %d\n", - ptr[off])); + DPRINTF(("%s: illegal IPv4 option length for " + "option %d\n", __func__, ptr[off])); m_freem(m); return EINVAL; @@ -332,9 +330,9 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) case 0x95: /* RFC1770 */ /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("ah_massage_headers: " - "illegal IPv4 option length for " - "option %d\n", ptr[off])); + DPRINTF(("%s: illegal IPv4 option " + "length for option %d\n", + __func__, ptr[off])); m_freem(m); return EINVAL; @@ -347,9 +345,9 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) case IPOPT_SSRR: /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("ah_massage_headers: " - "illegal IPv4 option length for " - "option %d\n", ptr[off])); + DPRINTF(("%s: illegal IPv4 option " + "length for option %d\n", + __func__, ptr[off])); m_freem(m); return EINVAL; @@ -373,9 +371,9 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) default: /* Sanity check for option length. */ if (ptr[off + 1] < 2) { - DPRINTF(("ah_massage_headers: " - "illegal IPv4 option length for " - "option %d\n", ptr[off])); + DPRINTF(("%s: illegal IPv4 option " + "length for option %d\n", + __func__, ptr[off])); m_freem(m); return EINVAL; } @@ -389,8 +387,8 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) /* Sanity check. */ if (off > skip) { - DPRINTF(("ah_massage_headers(): malformed " - "IPv4 options header\n")); + DPRINTF(("%s: malformed IPv4 options header\n", + __func__)); m_freem(m); return EINVAL; @@ -407,7 +405,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) /* We don't do IPv6 Jumbograms. */ if (ip6.ip6_plen == 0) { - DPRINTF(("ah_massage_headers: unsupported IPv6 jumbogram\n")); + DPRINTF(("%s: unsupported IPv6 jumbogram\n", __func__)); m_freem(m); return EMSGSIZE; } @@ -433,9 +431,8 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) skip - sizeof(struct ip6_hdr), M_XDATA, M_NOWAIT); if (ptr == NULL) { - DPRINTF(("ah_massage_headers: failed " - "to allocate memory for IPv6 " - "headers\n")); + DPRINTF(("%s: failed to allocate memory" + "for IPv6 headers\n",__func__)); m_freem(m); return ENOBUFS; } @@ -524,8 +521,8 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) break; default: - DPRINTF(("ah_massage_headers: unexpected " - "IPv6 header type %d", off)); + DPRINTF(("%s: unexpected IPv6 header type %d", + __func__, off)); if (alloc) FREE(ptr, M_XDATA); m_freem(m); @@ -563,15 +560,12 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) struct cryptodesc *crda; struct cryptop *crp; -#if 0 - SPLASSERT(net, "ah_input"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(sav != NULL, ("ah_input: null SA")); - KASSERT(sav->key_auth != NULL, - ("ah_input: null authentication key")); - KASSERT(sav->tdb_authalgxform != NULL, - ("ah_input: null authentication xform")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->key_auth != NULL, ("null authentication key")); + IPSEC_ASSERT(sav->tdb_authalgxform != NULL, + ("null authentication xform")); /* Figure out header size. */ rplen = HDRSIZE(sav); @@ -588,7 +582,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Check replay window, if applicable. */ if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) { ahstat.ahs_replay++; - DPRINTF(("ah_input: packet replay failure: %s\n", + DPRINTF(("%s: packet replay failure: %s\n", __func__, ipsec_logsastr(sav))); m_freem(m); return ENOBUFS; @@ -599,8 +593,8 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) ahx = sav->tdb_authalgxform; authsize = AUTHSIZE(sav); if (hl != authsize + rplen - sizeof (struct ah)) { - DPRINTF(("ah_input: bad authenticator length %u (expecting %lu)" - " for packet in SA %s/%08lx\n", + DPRINTF(("%s: bad authenticator length %u (expecting %lu)" + " for packet in SA %s/%08lx\n", __func__, hl, (u_long) (authsize + rplen - sizeof (struct ah)), ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -613,14 +607,14 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("ah_input: failed to acquire crypto descriptor\n")); + DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__)); ahstat.ahs_crypto++; m_freem(m); return ENOBUFS; } crda = crp->crp_desc; - KASSERT(crda != NULL, ("ah_input: null crypto descriptor")); + IPSEC_ASSERT(crda != NULL, ("null crypto descriptor")); crda->crd_skip = 0; crda->crd_len = m->m_pkthdr.len; @@ -653,7 +647,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) M_XDATA, M_NOWAIT|M_ZERO); } if (tc == NULL) { - DPRINTF(("ah_input: failed to allocate tdb_crypto\n")); + DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); ahstat.ahs_crypto++; crypto_freereq(crp); m_freem(m); @@ -743,7 +737,7 @@ ah_input_cb(struct cryptop *crp) crd = crp->crp_desc; tc = (struct tdb_crypto *) crp->crp_opaque; - KASSERT(tc != NULL, ("ah_input_cb: null opaque crypto data area!")); + IPSEC_ASSERT(tc != NULL, ("null opaque crypto data area!")); skip = tc->tc_skip; nxt = tc->tc_nxt; protoff = tc->tc_protoff; @@ -753,16 +747,15 @@ ah_input_cb(struct cryptop *crp) sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { ahstat.ahs_notdb++; - DPRINTF(("ah_input_cb: SA expired while in crypto\n")); + DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; } saidx = &sav->sah->saidx; - KASSERT(saidx->dst.sa.sa_family == AF_INET || + IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || saidx->dst.sa.sa_family == AF_INET6, - ("ah_input_cb: unexpected protocol family %u", - saidx->dst.sa.sa_family)); + ("unexpected protocol family %u", saidx->dst.sa.sa_family)); ahx = (struct auth_hash *) sav->tdb_authalgxform; @@ -775,7 +768,7 @@ ah_input_cb(struct cryptop *crp) return crypto_dispatch(crp); ahstat.ahs_noxform++; - DPRINTF(("ah_input_cb: crypto error %d\n", crp->crp_etype)); + DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } else { @@ -787,7 +780,7 @@ ah_input_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { ahstat.ahs_crypto++; - DPRINTF(("ah_input_cb: bogus returned buffer from crypto\n")); + DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } @@ -808,8 +801,8 @@ ah_input_cb(struct cryptop *crp) /* Verify authenticator. */ if (bcmp(ptr + skip + rplen, calc, authsize)) { - DPRINTF(("ah_input: authentication hash mismatch " - "for packet in SA %s/%08lx\n", + DPRINTF(("%s: authentication hash mismatch for packet " + "in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); ahstat.ahs_badauth++; @@ -854,7 +847,7 @@ ah_input_cb(struct cryptop *crp) */ error = m_striphdr(m, skip, rplen + authsize); if (error) { - DPRINTF(("ah_input_cb: mangled mbuf chain for SA %s/%08lx\n", + DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); ahstat.ahs_hdrops++; @@ -900,14 +893,12 @@ ah_output( u_int8_t prot; struct newah *ah; -#if 0 - SPLASSERT(net, "ah_output"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); sav = isr->sav; - KASSERT(sav != NULL, ("ah_output: null SA")); + IPSEC_ASSERT(sav != NULL, ("null SA")); ahx = sav->tdb_authalgxform; - KASSERT(ahx != NULL, ("ah_output: null authentication xform")); + IPSEC_ASSERT(ahx != NULL, ("null authentication xform")); ahstat.ahs_output++; @@ -927,8 +918,8 @@ ah_output( break; #endif /* INET6 */ default: - DPRINTF(("ah_output: unknown/unsupported protocol " - "family %u, SA %s/%08lx\n", + DPRINTF(("%s: unknown/unsupported protocol family %u, " + "SA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -938,8 +929,8 @@ ah_output( } authsize = AUTHSIZE(sav); if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) { - DPRINTF(("ah_output: packet in SA %s/%08lx got too big " - "(len %u, max len %u)\n", + DPRINTF(("%s: packet in SA %s/%08lx got too big " + "(len %u, max len %u)\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi), rplen + authsize + m->m_pkthdr.len, maxpacketsize)); @@ -953,7 +944,7 @@ ah_output( m = m_clone(m); if (m == NULL) { - DPRINTF(("ah_output: cannot clone mbuf chain, SA %s/%08lx\n", + DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); ahstat.ahs_hdrops++; @@ -964,8 +955,8 @@ ah_output( /* Inject AH header. */ mi = m_makespace(m, skip, rplen + authsize, &roff); if (mi == NULL) { - DPRINTF(("ah_output: failed to inject %u byte AH header for SA " - "%s/%08lx\n", + DPRINTF(("%s: failed to inject %u byte AH header for SA " + "%s/%08lx\n", __func__, rplen + authsize, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -993,8 +984,8 @@ ah_output( if (sav->replay) { if (sav->replay->count == ~0 && (sav->flags & SADB_X_EXT_CYCSEQ) == 0) { - DPRINTF(("ah_output: replay counter wrapped for SA " - "%s/%08lx\n", + DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); ahstat.ahs_wrap++; @@ -1008,7 +999,8 @@ ah_output( /* Get crypto descriptors. */ crp = crypto_getreq(1); if (crp == NULL) { - DPRINTF(("ah_output: failed to acquire crypto descriptors\n")); + DPRINTF(("%s: failed to acquire crypto descriptors\n", + __func__)); ahstat.ahs_crypto++; error = ENOBUFS; goto bad; @@ -1030,7 +1022,7 @@ ah_output( sizeof(struct tdb_crypto) + skip, M_XDATA, M_NOWAIT|M_ZERO); if (tc == NULL) { crypto_freereq(crp); - DPRINTF(("ah_output: failed to allocate tdb_crypto\n")); + DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); ahstat.ahs_crypto++; error = ENOBUFS; goto bad; @@ -1123,22 +1115,22 @@ ah_output_cb(struct cryptop *crp) int err; tc = (struct tdb_crypto *) crp->crp_opaque; - KASSERT(tc != NULL, ("ah_output_cb: null opaque data area!")); + IPSEC_ASSERT(tc != NULL, ("null opaque data area!")); skip = tc->tc_skip; protoff = tc->tc_protoff; ptr = (caddr_t) (tc + 1); m = (struct mbuf *) crp->crp_buf; isr = tc->tc_isr; - mtx_lock(&isr->lock); + IPSECREQUEST_LOCK(isr); sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { ahstat.ahs_notdb++; - DPRINTF(("ah_output_cb: SA expired while in crypto\n")); + DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; } - KASSERT(isr->sav == sav, ("ah_output_cb: SA changed\n")); + IPSEC_ASSERT(isr->sav == sav, ("SA changed\n")); /* Check for crypto errors. */ if (crp->crp_etype) { @@ -1147,12 +1139,12 @@ ah_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return crypto_dispatch(crp); } ahstat.ahs_noxform++; - DPRINTF(("ah_output_cb: crypto error %d\n", crp->crp_etype)); + DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } @@ -1160,7 +1152,7 @@ ah_output_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { ahstat.ahs_crypto++; - DPRINTF(("ah_output_cb: bogus returned buffer from crypto\n")); + DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } @@ -1179,13 +1171,13 @@ ah_output_cb(struct cryptop *crp) /* NB: m is reclaimed by ipsec_process_done. */ err = ipsec_process_done(m, isr); KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return err; bad: if (sav) KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); if (m) m_freem(m); free(tc, M_XDATA); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 62c7ac1..27ad5e7 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -124,8 +124,8 @@ esp_hdrsiz(struct secasvar *sav) if (sav != NULL) { /*XXX not right for null algorithm--does it matter??*/ - KASSERT(sav->tdb_encalgxform != NULL, - ("esp_hdrsiz: SA with null xform")); + IPSEC_ASSERT(sav->tdb_encalgxform != NULL, + ("SA with null xform")); if (sav->flags & SADB_X_EXT_OLD) size = sizeof (struct esp); else @@ -161,23 +161,24 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) txform = esp_algorithm_lookup(sav->alg_enc); if (txform == NULL) { - DPRINTF(("esp_init: unsupported encryption algorithm %d\n", - sav->alg_enc)); + DPRINTF(("%s: unsupported encryption algorithm %d\n", + __func__, sav->alg_enc)); return EINVAL; } if (sav->key_enc == NULL) { - DPRINTF(("esp_init: no encoding key for %s algorithm\n", - txform->name)); + DPRINTF(("%s: no encoding key for %s algorithm\n", + __func__, txform->name)); return EINVAL; } if ((sav->flags&(SADB_X_EXT_OLD|SADB_X_EXT_IV4B)) == SADB_X_EXT_IV4B) { - DPRINTF(("esp_init: 4-byte IV not supported with protocol\n")); + DPRINTF(("%s: 4-byte IV not supported with protocol\n", + __func__)); return EINVAL; } keylen = _KEYLEN(sav->key_enc); if (txform->minkey > keylen || keylen > txform->maxkey) { - DPRINTF(("esp_init: invalid key length %u, must be in " - "the range [%u..%u] for algorithm %s\n", + DPRINTF(("%s: invalid key length %u, must be in the range " + "[%u..%u] for algorithm %s\n", __func__, keylen, txform->minkey, txform->maxkey, txform->name)); return EINVAL; @@ -192,7 +193,7 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) sav->ivlen = (txform == &enc_xform_null ? 0 : txform->blocksize); sav->iv = (caddr_t) malloc(sav->ivlen, M_XDATA, M_WAITOK); if (sav->iv == NULL) { - DPRINTF(("esp_init: no memory for IV\n")); + DPRINTF(("%s: no memory for IV\n", __func__)); return EINVAL; } key_randomfill(sav->iv, sav->ivlen); /*XXX*/ @@ -230,7 +231,8 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) &cria, crypto_support); } else { /* XXX cannot happen? */ - DPRINTF(("esp_init: no encoding OR authentication xform!\n")); + DPRINTF(("%s: no encoding OR authentication xform!\n", + __func__)); error = EINVAL; } return error; @@ -247,7 +249,10 @@ esp_zeroize(struct secasvar *sav) if (sav->key_enc) bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); - /* NB: sav->iv is freed elsewhere, even though we malloc it! */ + if (sav->iv) { + free(sav->iv, M_XDATA); + sav->iv = NULL; + } sav->tdb_encalgxform = NULL; sav->tdb_xform = NULL; return error; @@ -270,15 +275,12 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) struct cryptodesc *crde; struct cryptop *crp; -#if 0 - SPLASSERT(net, "esp_input"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); - KASSERT(sav != NULL, ("esp_input: null SA")); - KASSERT(sav->tdb_encalgxform != NULL, - ("esp_input: null encoding xform")); - KASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0, - ("esp_input: misaligned packet, skip %u pkt len %u", + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->tdb_encalgxform != NULL, ("null encoding xform")); + IPSEC_ASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0, + ("misaligned packet, skip %u pkt len %u", skip, m->m_pkthdr.len)); /* XXX don't pullup, just copy header */ @@ -305,9 +307,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) */ plen = m->m_pkthdr.len - (skip + hlen + alen); if ((plen & (espx->blocksize - 1)) || (plen <= 0)) { - DPRINTF(("esp_input: " - "payload of %d octets not a multiple of %d octets," - " SA %s/%08lx\n", + DPRINTF(("%s: payload of %d octets not a multiple of %d octets," + " SA %s/%08lx\n", __func__, plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -320,7 +321,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) * Check sequence number. */ if (esph && sav->replay && !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) { - DPRINTF(("esp_input: packet replay check for %s\n", + DPRINTF(("%s: packet replay check for %s\n", __func__, ipsec_logsastr(sav))); /*XXX*/ espstat.esps_replay++; m_freem(m); @@ -345,7 +346,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Get crypto descriptors */ crp = crypto_getreq(esph && espx ? 2 : 1); if (crp == NULL) { - DPRINTF(("esp_input: failed to acquire crypto descriptors\n")); + DPRINTF(("%s: failed to acquire crypto descriptors\n", + __func__)); espstat.esps_crypto++; m_freem(m); return ENOBUFS; @@ -360,7 +362,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) M_XDATA, M_NOWAIT|M_ZERO); if (tc == NULL) { crypto_freereq(crp); - DPRINTF(("esp_input: failed to allocate tdb_crypto\n")); + DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); espstat.esps_crypto++; m_freem(m); return ENOBUFS; @@ -371,7 +373,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (esph) { struct cryptodesc *crda = crp->crp_desc; - KASSERT(crda != NULL, ("esp_input: null ah crypto descriptor")); + IPSEC_ASSERT(crda != NULL, ("null ah crypto descriptor")); /* Authentication descriptor */ crda->crd_skip = skip; @@ -410,7 +412,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Decryption descriptor */ if (espx) { - KASSERT(crde != NULL, ("esp_input: null esp crypto descriptor")); + IPSEC_ASSERT(crde != NULL, ("null esp crypto descriptor")); crde->crd_skip = skip + hlen; crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen); crde->crd_inject = skip + hlen - sav->ivlen; @@ -459,10 +461,10 @@ esp_input_cb(struct cryptop *crp) caddr_t ptr; crd = crp->crp_desc; - KASSERT(crd != NULL, ("esp_input_cb: null crypto descriptor!")); + IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!")); tc = (struct tdb_crypto *) crp->crp_opaque; - KASSERT(tc != NULL, ("esp_input_cb: null opaque crypto data area!")); + IPSEC_ASSERT(tc != NULL, ("null opaque crypto data area!")); skip = tc->tc_skip; protoff = tc->tc_protoff; mtag = (struct m_tag *) tc->tc_ptr; @@ -471,18 +473,17 @@ esp_input_cb(struct cryptop *crp) sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { espstat.esps_notdb++; - DPRINTF(("esp_input_cb: SA expired while in crypto " - "(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst), + DPRINTF(("%s: SA gone during crypto (SA %s/%08lx proto %u)\n", + __func__, ipsec_address(&tc->tc_dst), (u_long) ntohl(tc->tc_spi), tc->tc_proto)); error = ENOBUFS; /*XXX*/ goto bad; } saidx = &sav->sah->saidx; - KASSERT(saidx->dst.sa.sa_family == AF_INET || + IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || saidx->dst.sa.sa_family == AF_INET6, - ("ah_input_cb: unexpected protocol family %u", - saidx->dst.sa.sa_family)); + ("unexpected protocol family %u", saidx->dst.sa.sa_family)); esph = sav->tdb_authalgxform; espx = sav->tdb_encalgxform; @@ -499,7 +500,7 @@ esp_input_cb(struct cryptop *crp) } espstat.esps_noxform++; - DPRINTF(("esp_input_cb: crypto error %d\n", crp->crp_etype)); + DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } @@ -507,7 +508,7 @@ esp_input_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { espstat.esps_crypto++; - DPRINTF(("esp_input_cb: bogus returned buffer from crypto\n")); + DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } @@ -530,8 +531,9 @@ esp_input_cb(struct cryptop *crp) /* Verify authenticator */ if (bcmp(ptr, aalg, esph->authsize) != 0) { - DPRINTF(("esp_input_cb: " + DPRINTF(("%s: " "authentication hash mismatch for packet in SA %s/%08lx\n", + __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); espstat.esps_badauth++; @@ -563,7 +565,7 @@ esp_input_cb(struct cryptop *crp) error = m_striphdr(m, skip, hlen); if (error) { espstat.esps_hdrops++; - DPRINTF(("esp_input_cb: bad mbuf chain, SA %s/%08lx\n", + DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); goto bad; @@ -575,8 +577,8 @@ esp_input_cb(struct cryptop *crp) /* Verify pad length */ if (lastthree[1] + 2 > m->m_pkthdr.len - skip) { espstat.esps_badilen++; - DPRINTF(("esp_input_cb: invalid padding length %d " - "for %u byte packet in SA %s/%08lx\n", + DPRINTF(("%s: invalid padding length %d for %u byte packet " + "in SA %s/%08lx\n", __func__, lastthree[1], m->m_pkthdr.len - skip, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -588,11 +590,10 @@ esp_input_cb(struct cryptop *crp) if ((sav->flags & SADB_X_EXT_PMASK) != SADB_X_EXT_PRAND) { if (lastthree[1] != lastthree[0] && lastthree[1] != 0) { espstat.esps_badenc++; - DPRINTF(("esp_input_cb: decryption failed " - "for packet in SA %s/%08lx\n", + DPRINTF(("%s: decryption failed for packet in " + "SA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); -DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1])); error = EINVAL; goto bad; } @@ -646,15 +647,13 @@ esp_output( struct cryptodesc *crde = NULL, *crda = NULL; struct cryptop *crp; -#if 0 - SPLASSERT(net, "esp_output"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); sav = isr->sav; - KASSERT(sav != NULL, ("esp_output: null SA")); + IPSEC_ASSERT(sav != NULL, ("null SA")); esph = sav->tdb_authalgxform; espx = sav->tdb_encalgxform; - KASSERT(espx != NULL, ("esp_output: null encoding xform")); + IPSEC_ASSERT(espx != NULL, ("null encoding xform")); if (sav->flags & SADB_X_EXT_OLD) hlen = sizeof (struct esp) + sav->ivlen; @@ -693,8 +692,8 @@ esp_output( break; #endif /* INET6 */ default: - DPRINTF(("esp_output: unknown/unsupported protocol " - "family %d, SA %s/%08lx\n", + DPRINTF(("%s: unknown/unsupported protocol " + "family %d, SA %s/%08lx\n", __func__, saidx->dst.sa.sa_family, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); espstat.esps_nopf++; @@ -702,8 +701,8 @@ esp_output( goto bad; } if (skip + hlen + rlen + padding + alen > maxpacketsize) { - DPRINTF(("esp_output: packet in SA %s/%08lx got too big " - "(len %u, max len %u)\n", + DPRINTF(("%s: packet in SA %s/%08lx got too big " + "(len %u, max len %u)\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi), skip + hlen + rlen + padding + alen, maxpacketsize)); espstat.esps_toobig++; @@ -716,7 +715,7 @@ esp_output( m = m_clone(m); if (m == NULL) { - DPRINTF(("esp_output: cannot clone mbuf chain, SA %s/%08lx\n", + DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); espstat.esps_hdrops++; error = ENOBUFS; @@ -726,9 +725,8 @@ esp_output( /* Inject ESP header. */ mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { - DPRINTF(("esp_output: failed to inject %u byte ESP hdr for SA " - "%s/%08lx\n", - hlen, ipsec_address(&saidx->dst), + DPRINTF(("%s: %u byte ESP hdr inject failed for SA %s/%08lx\n", + __func__, hlen, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); espstat.esps_hdrops++; /* XXX diffs from openbsd */ error = ENOBUFS; @@ -750,7 +748,7 @@ esp_output( */ pad = (u_char *) m_pad(m, padding + alen); if (pad == NULL) { - DPRINTF(("esp_output: m_pad failed for SA %s/%08lx\n", + DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); m = NULL; /* NB: free'd by m_pad */ error = ENOBUFS; @@ -785,7 +783,8 @@ esp_output( /* Get crypto descriptors. */ crp = crypto_getreq(esph && espx ? 2 : 1); if (crp == NULL) { - DPRINTF(("esp_output: failed to acquire crypto descriptors\n")); + DPRINTF(("%s: failed to acquire crypto descriptors\n", + __func__)); espstat.esps_crypto++; error = ENOBUFS; goto bad; @@ -814,7 +813,7 @@ esp_output( M_XDATA, M_NOWAIT|M_ZERO); if (tc == NULL) { crypto_freereq(crp); - DPRINTF(("esp_output: failed to allocate tdb_crypto\n")); + DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); espstat.esps_crypto++; error = ENOBUFS; goto bad; @@ -866,22 +865,22 @@ esp_output_cb(struct cryptop *crp) int err, error; tc = (struct tdb_crypto *) crp->crp_opaque; - KASSERT(tc != NULL, ("esp_output_cb: null opaque data area!")); + IPSEC_ASSERT(tc != NULL, ("null opaque data area!")); m = (struct mbuf *) crp->crp_buf; isr = tc->tc_isr; - mtx_lock(&isr->lock); + IPSECREQUEST_LOCK(isr); sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { espstat.esps_notdb++; - DPRINTF(("esp_output_cb: SA expired while in crypto " - "(SA %s/%08lx proto %u)\n", ipsec_address(&tc->tc_dst), + DPRINTF(("%s: SA gone during crypto (SA %s/%08lx proto %u)\n", + __func__, ipsec_address(&tc->tc_dst), (u_long) ntohl(tc->tc_spi), tc->tc_proto)); error = ENOBUFS; /*XXX*/ goto bad; } - KASSERT(isr->sav == sav, - ("esp_output_cb: SA changed was %p now %p\n", isr->sav, sav)); + IPSEC_ASSERT(isr->sav == sav, + ("SA changed was %p now %p\n", isr->sav, sav)); /* Check for crypto errors. */ if (crp->crp_etype) { @@ -891,12 +890,12 @@ esp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return crypto_dispatch(crp); } espstat.esps_noxform++; - DPRINTF(("esp_output_cb: crypto error %d\n", crp->crp_etype)); + DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } @@ -904,7 +903,7 @@ esp_output_cb(struct cryptop *crp) /* Shouldn't happen... */ if (m == NULL) { espstat.esps_crypto++; - DPRINTF(("esp_output_cb: bogus returned buffer from crypto\n")); + DPRINTF(("%s: bogus returned buffer from crypto\n", __func__)); error = EINVAL; goto bad; } @@ -919,13 +918,13 @@ esp_output_cb(struct cryptop *crp) /* NB: m is reclaimed by ipsec_process_done. */ err = ipsec_process_done(m, isr); KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return err; bad: if (sav) KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); if (m) m_freem(m); free(tc, M_XDATA); diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 0fcbe1c..4199516 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -102,7 +102,7 @@ ipcomp_init(struct secasvar *sav, struct xformsw *xsp) /* NB: algorithm really comes in alg_enc and not alg_comp! */ tcomp = ipcomp_algorithm_lookup(sav->alg_enc); if (tcomp == NULL) { - DPRINTF(("ipcomp_init: unsupported compression algorithm %d\n", + DPRINTF(("%s: unsupported compression algorithm %d\n", __func__, sav->alg_comp)); return EINVAL; } @@ -141,15 +141,13 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) struct cryptop *crp; int hlen = IPCOMP_HLENGTH; -#if 0 - SPLASSERT(net, "ipcomp_input"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); /* Get crypto descriptors */ crp = crypto_getreq(1); if (crp == NULL) { m_freem(m); - DPRINTF(("ipcomp_input: no crypto descriptors\n")); + DPRINTF(("%s: no crypto descriptors\n", __func__)); ipcompstat.ipcomps_crypto++; return ENOBUFS; } @@ -158,7 +156,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (tc == NULL) { m_freem(m); crypto_freereq(crp); - DPRINTF(("ipcomp_input: cannot allocate tdb_crypto\n")); + DPRINTF(("%s: cannot allocate tdb_crypto\n", __func__)); ipcompstat.ipcomps_crypto++; return ENOBUFS; } @@ -224,7 +222,7 @@ ipcomp_input_cb(struct cryptop *crp) crd = crp->crp_desc; tc = (struct tdb_crypto *) crp->crp_opaque; - KASSERT(tc != NULL, ("ipcomp_input_cb: null opaque crypto data area!")); + IPSEC_ASSERT(tc != NULL, ("null opaque crypto data area!")); skip = tc->tc_skip; protoff = tc->tc_protoff; mtag = (struct mtag *) tc->tc_ptr; @@ -233,16 +231,15 @@ ipcomp_input_cb(struct cryptop *crp) sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { ipcompstat.ipcomps_notdb++; - DPRINTF(("ipcomp_input_cb: SA expired while in crypto\n")); + DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; } saidx = &sav->sah->saidx; - KASSERT(saidx->dst.sa.sa_family == AF_INET || + IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || saidx->dst.sa.sa_family == AF_INET6, - ("ah_input_cb: unexpected protocol family %u", - saidx->dst.sa.sa_family)); + ("unexpected protocol family %u", saidx->dst.sa.sa_family)); /* Check for crypto errors */ if (crp->crp_etype) { @@ -256,14 +253,14 @@ ipcomp_input_cb(struct cryptop *crp) } ipcompstat.ipcomps_noxform++; - DPRINTF(("ipcomp_input_cb: crypto error %d\n", crp->crp_etype)); + DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } /* Shouldn't happen... */ if (m == NULL) { ipcompstat.ipcomps_crypto++; - DPRINTF(("ipcomp_input_cb: null mbuf returned from crypto\n")); + DPRINTF(("%s: null mbuf returned from crypto\n", __func__)); error = EINVAL; goto bad; } @@ -280,7 +277,7 @@ ipcomp_input_cb(struct cryptop *crp) if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) { ipcompstat.ipcomps_hdrops++; /*XXX*/ - DPRINTF(("ipcomp_input_cb: m_pullup failed\n")); + DPRINTF(("%s: m_pullup failed\n", __func__)); error = EINVAL; /*XXX*/ goto bad; } @@ -293,7 +290,7 @@ ipcomp_input_cb(struct cryptop *crp) error = m_striphdr(m, skip, hlen); if (error) { ipcompstat.ipcomps_hdrops++; - DPRINTF(("ipcomp_input_cb: bad mbuf chain, IPCA %s/%08lx\n", + DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); goto bad; @@ -340,14 +337,12 @@ ipcomp_output( struct mbuf *mo; struct ipcomp *ipcomp; -#if 0 - SPLASSERT(net, "ipcomp_output"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); sav = isr->sav; - KASSERT(sav != NULL, ("ipcomp_output: null SA")); + IPSEC_ASSERT(sav != NULL, ("null SA")); ipcompx = sav->tdb_compalgxform; - KASSERT(ipcompx != NULL, ("ipcomp_output: null compression xform")); + IPSEC_ASSERT(ipcompx != NULL, ("null compression xform")); ralen = m->m_pkthdr.len - skip; /* Raw payload length before comp. */ hlen = IPCOMP_HLENGTH; @@ -368,8 +363,8 @@ ipcomp_output( #endif /* INET6 */ default: ipcompstat.ipcomps_nopf++; - DPRINTF(("ipcomp_output: unknown/unsupported protocol family %d" - ", IPCA %s/%08lx\n", + DPRINTF(("%s: unknown/unsupported protocol family %d, " + "IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -378,8 +373,8 @@ ipcomp_output( } if (skip + hlen + ralen > maxpacketsize) { ipcompstat.ipcomps_toobig++; - DPRINTF(("ipcomp_output: packet in IPCA %s/%08lx got too big " - "(len %u, max len %u)\n", + DPRINTF(("%s: packet in IPCA %s/%08lx got too big " + "(len %u, max len %u)\n", __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi), skip + hlen + ralen, maxpacketsize)); @@ -393,8 +388,8 @@ ipcomp_output( m = m_clone(m); if (m == NULL) { ipcompstat.ipcomps_hdrops++; - DPRINTF(("ipcomp_output: cannot clone mbuf chain, IPCA %s/%08lx\n", - ipsec_address(&sav->sah->saidx.dst), + DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); error = ENOBUFS; goto bad; @@ -404,9 +399,8 @@ ipcomp_output( mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { ipcompstat.ipcomps_wrap++; - DPRINTF(("ipcomp_output: failed to inject IPCOMP header for " - "IPCA %s/%08lx\n", - ipsec_address(&sav->sah->saidx.dst), + DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n", + __func__, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); error = ENOBUFS; goto bad; @@ -440,7 +434,7 @@ ipcomp_output( crp = crypto_getreq(1); if (crp == NULL) { ipcompstat.ipcomps_crypto++; - DPRINTF(("ipcomp_output: failed to acquire crypto descriptor\n")); + DPRINTF(("%s: failed to acquire crypto descriptor\n",__func__)); error = ENOBUFS; goto bad; } @@ -460,7 +454,7 @@ ipcomp_output( M_XDATA, M_NOWAIT|M_ZERO); if (tc == NULL) { ipcompstat.ipcomps_crypto++; - DPRINTF(("ipcomp_output: failed to allocate tdb_crypto\n")); + DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__)); crypto_freereq(crp); error = ENOBUFS; goto bad; @@ -500,21 +494,21 @@ ipcomp_output_cb(struct cryptop *crp) int error, skip, rlen; tc = (struct tdb_crypto *) crp->crp_opaque; - KASSERT(tc != NULL, ("ipcomp_output_cb: null opaque data area!")); + IPSEC_ASSERT(tc != NULL, ("null opaque data area!")); m = (struct mbuf *) crp->crp_buf; skip = tc->tc_skip; rlen = crp->crp_ilen - skip; isr = tc->tc_isr; - mtx_lock(&isr->lock); + IPSECREQUEST_LOCK(isr); sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { ipcompstat.ipcomps_notdb++; - DPRINTF(("ipcomp_output_cb: SA expired while in crypto\n")); + DPRINTF(("%s: SA expired while in crypto\n", __func__)); error = ENOBUFS; /*XXX*/ goto bad; } - KASSERT(isr->sav == sav, ("ipcomp_output_cb: SA changed\n")); + IPSEC_ASSERT(isr->sav == sav, ("SA changed\n")); /* Check for crypto errors */ if (crp->crp_etype) { @@ -524,18 +518,18 @@ ipcomp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return crypto_dispatch(crp); } ipcompstat.ipcomps_noxform++; - DPRINTF(("ipcomp_output_cb: crypto error %d\n", crp->crp_etype)); + DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); error = crp->crp_etype; goto bad; } /* Shouldn't happen... */ if (m == NULL) { ipcompstat.ipcomps_crypto++; - DPRINTF(("ipcomp_output_cb: bogus return buffer from crypto\n")); + DPRINTF(("%s: bogus return buffer from crypto\n", __func__)); error = EINVAL; goto bad; } @@ -557,8 +551,8 @@ ipcomp_output_cb(struct cryptop *crp) #endif /* INET6 */ default: ipcompstat.ipcomps_nopf++; - DPRINTF(("ipcomp_output: unknown/unsupported protocol " - "family %d, IPCA %s/%08lx\n", + DPRINTF(("%s: unknown/unsupported protocol " + "family %d, IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); @@ -577,13 +571,13 @@ ipcomp_output_cb(struct cryptop *crp) /* NB: m is reclaimed by ipsec_process_done. */ error = ipsec_process_done(m, isr); KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); return error; bad: if (sav) KEY_FREESAV(&sav); - mtx_unlock(&isr->lock); + IPSECREQUEST_UNLOCK(isr); if (m) m_freem(m); free(tc, M_XDATA); diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index 11ec9b9..a845322 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -114,7 +114,7 @@ ip4_input6(struct mbuf **m, int *offp, int proto) #if 0 /* If we do not accept IP-in-IP explicitly, drop. */ if (!ipip_allow && ((*m)->m_flags & M_IPSEC) == 0) { - DPRINTF(("ip4_input6: dropped due to policy\n")); + DPRINTF(("%s: dropped due to policy\n", __func__)); ipipstat.ipips_pdrops++; m_freem(*m); return IPPROTO_DONE; @@ -138,7 +138,7 @@ ip4_input(struct mbuf *m, ...) #if 0 /* If we do not accept IP-in-IP explicitly, drop. */ if (!ipip_allow && (m->m_flags & M_IPSEC) == 0) { - DPRINTF(("ip4_input: dropped due to policy\n")); + DPRINTF(("%s: dropped due to policy\n", __func__)); ipipstat.ipips_pdrops++; m_freem(m); return; @@ -201,7 +201,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) /* Bring the IP header in the first mbuf, if not there already */ if (m->m_len < hlen) { if ((m = m_pullup(m, hlen)) == NULL) { - DPRINTF(("ipip_input: m_pullup (1) failed\n")); + DPRINTF(("%s: m_pullup (1) failed\n", __func__)); ipipstat.ipips_hdrops++; return; } @@ -269,7 +269,7 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) */ if (m->m_len < hlen) { if ((m = m_pullup(m, hlen)) == NULL) { - DPRINTF(("ipip_input: m_pullup (2) failed\n")); + DPRINTF(("%s: m_pullup (2) failed\n", __func__)); ipipstat.ipips_hdrops++; return; } @@ -376,12 +376,13 @@ _ipip_input(struct mbuf *m, int iphlen, struct ifnet *gifp) break; #endif default: - panic("ipip_input: should never reach here"); + panic("%s: bogus ip version %u", __func__, v>>4); } if (!netisr_queue(isr, m)) { ipipstat.ipips_qfull++; - DPRINTF(("ipip_input: packet dropped because of full queue\n")); + DPRINTF(("%s: packet dropped because of full queue\n", + __func__)); } } @@ -406,13 +407,11 @@ ipip_output( struct ip6_hdr *ip6, *ip6o; #endif /* INET6 */ -#if 0 - SPLASSERT(net, "ipip_output"); -#endif + IPSEC_SPLASSERT_SOFTNET(__func__); sav = isr->sav; - KASSERT(sav != NULL, ("ipip_output: null SA")); - KASSERT(sav->sah != NULL, ("ipip_output: null SAH")); + IPSEC_ASSERT(sav != NULL, ("null SA")); + IPSEC_ASSERT(sav->sah != NULL, ("null SAH")); /* XXX Deal with empty TDB source/destination addresses. */ @@ -426,8 +425,8 @@ ipip_output( if (saidx->src.sa.sa_family != AF_INET || saidx->src.sin.sin_addr.s_addr == INADDR_ANY || saidx->dst.sin.sin_addr.s_addr == INADDR_ANY) { - DPRINTF(("ipip_output: unspecified tunnel endpoint " - "address in SA %s/%08lx\n", + DPRINTF(("%s: unspecified tunnel endpoint " + "address in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); ipipstat.ipips_unspec++; @@ -437,7 +436,7 @@ ipip_output( M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); if (m == 0) { - DPRINTF(("ipip_output: M_PREPEND failed\n")); + DPRINTF(("%s: M_PREPEND failed\n", __func__)); ipipstat.ipips_hdrops++; error = ENOBUFS; goto bad; @@ -507,8 +506,8 @@ ipip_output( if (IN6_IS_ADDR_UNSPECIFIED(&saidx->dst.sin6.sin6_addr) || saidx->src.sa.sa_family != AF_INET6 || IN6_IS_ADDR_UNSPECIFIED(&saidx->src.sin6.sin6_addr)) { - DPRINTF(("ipip_output: unspecified tunnel endpoint " - "address in SA %s/%08lx\n", + DPRINTF(("%s: unspecified tunnel endpoint " + "address in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); ipipstat.ipips_unspec++; @@ -525,7 +524,7 @@ ipip_output( M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); if (m == 0) { - DPRINTF(("ipip_output: M_PREPEND failed\n")); + DPRINTF(("%s: M_PREPEND failed\n", __func__)); ipipstat.ipips_hdrops++; *mp = NULL; error = ENOBUFS; @@ -575,7 +574,7 @@ ipip_output( default: nofamily: - DPRINTF(("ipip_output: unsupported protocol family %u\n", + DPRINTF(("%s: unsupported protocol family %u\n", __func__, saidx->dst.sa.sa_family)); ipipstat.ipips_family++; error = EAFNOSUPPORT; /* XXX diffs from openbsd */ @@ -634,7 +633,7 @@ static int ipe4_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) { /* This is a rather serious mistake, so no conditional printing. */ - printf("ipe4_input: should never be called\n"); + printf("%s: should never be called\n", __func__); if (m) m_freem(m); return EOPNOTSUPP; -- cgit v1.1