D2321.id4893.diff
No OneTemporary
Actions

Size

20 KB

Referenced Files

None

Subscribers

None

D2321.id4893.diff
View Options

	Index: sys/netipsec/ipsec.h
	===================================================================
	--- sys/netipsec/ipsec.h
	+++ sys/netipsec/ipsec.h
	@@ -327,8 +327,8 @@
	extern size_t ipsec_hdrsiz_tcp(struct tcpcb *);

	union sockaddr_union;
	-extern char * ipsec_address(union sockaddr_union* sa);
	-extern const char ipsec_logsastr(struct secasvar );
	+extern char ipsec_address(union sockaddr_union , char *, socklen_t);
	+extern char ipsec_logsastr(struct secasvar , char *, size_t);

	extern void ipsec_dumpmbuf(struct mbuf *);

	Index: sys/netipsec/ipsec.c
	===================================================================
	--- sys/netipsec/ipsec.c
	+++ sys/netipsec/ipsec.c
	@@ -1488,6 +1488,7 @@
	int
	ipsec_updatereplay(u_int32_t seq, struct secasvar *sav)
	{
	+ char buf[128];
	struct secreplay *replay;
	u_int32_t diff;
	int fr;
	@@ -1567,7 +1568,8 @@
	return (1);

	ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n",
	- __func__, replay->overflow, ipsec_logsastr(sav)));
	+ __func__, replay->overflow,
	+ ipsec_logsastr(sav, buf, sizeof(buf))));
	}

	replay->count++;
	@@ -1598,67 +1600,37 @@
	}
	}

	-#ifdef INET
	-/* Return a printable string for the IPv4 address. */
	-static char *
	-inet_ntoa4(struct in_addr ina)
	-{
	- static char buf[4][4 * sizeof "123" + 4];
	- unsigned char ucp = (unsigned char ) &ina;
	- static int i = 3;
	-
	- /* XXX-BZ Returns static buffer. */
	- i = (i + 1) % 4;
	- sprintf(buf[i], "%d.%d.%d.%d", ucp[0] & 0xff, ucp[1] & 0xff,
	- ucp[2] & 0xff, ucp[3] & 0xff);
	- return (buf[i]);
	-}
	-#endif
	-
	/* Return a printable string for the address. */
	-char *
	-ipsec_address(union sockaddr_union* sa)
	+char*
	+ipsec_address(union sockaddr_union* sa, char *buf, socklen_t size)
	{
	-#ifdef INET6
	- char ip6buf[INET6_ADDRSTRLEN];
	-#endif

	switch (sa->sa.sa_family) {
	#ifdef INET
	case AF_INET:
	- return (inet_ntoa4(sa->sin.sin_addr));
	+ return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size));
	#endif /* INET */
	#ifdef INET6
	case AF_INET6:
	- return (ip6_sprintf(ip6buf, &sa->sin6.sin6_addr));
	+ return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, buf, size));
	#endif /* INET6 */
	default:
	return ("(unknown address family)");
	}
	}

	-const char *
	-ipsec_logsastr(struct secasvar *sav)
	+char *
	+ipsec_logsastr(struct secasvar sav, char buf, size_t size)
	{
	- static char buf[256];
	- char *p;
	- struct secasindex *saidx = &sav->sah->saidx;
	-
	- IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family,
	- ("address family mismatch"));
	-
	- p = buf;
	- snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi));
	- while (p && *p)
	- p++;
	- /* NB: only use ipsec_address on one address at a time. */
	- snprintf(p, sizeof (buf) - (p - buf), "src=%s ",
	- ipsec_address(&saidx->src));
	- while (p && *p)
	- p++;
	- snprintf(p, sizeof (buf) - (p - buf), "dst=%s)",
	- ipsec_address(&saidx->dst));
	+ char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN];
	+
	+ IPSEC_ASSERT(sav->sah->saidx.src.sa.sa_family ==
	+ sav->sah->saidx.dst.sa.sa_family, ("address family mismatch"));

	+ snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)",
	+ (u_long)ntohl(sav->spi),
	+ ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)),
	+ ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf)));
	return (buf);
	}

	Index: sys/netipsec/ipsec_input.c
	===================================================================
	--- sys/netipsec/ipsec_input.c
	+++ sys/netipsec/ipsec_input.c
	@@ -121,6 +121,7 @@
	static int
	ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
	{
	+ char buf[INET6_ADDRSTRLEN];
	union sockaddr_union dst_address;
	struct secasvar *sav;
	u_int32_t spi;
	@@ -215,8 +216,8 @@
	sav = KEY_ALLOCSA(&dst_address, sproto, spi);
	if (sav == NULL) {
	DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n",
	- __func__, ipsec_address(&dst_address),
	- (u_long) ntohl(spi), sproto));
	+ __func__, ipsec_address(&dst_address, buf,
	+ sizeof(buf)), (u_long) ntohl(spi), sproto));
	IPSEC_ISTAT(sproto, notdb);
	m_freem(m);
	return ENOENT;
	@@ -224,8 +225,8 @@

	if (sav->tdb_xform == NULL) {
	DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n",
	- __func__, ipsec_address(&dst_address),
	- (u_long) ntohl(spi), sproto));
	+ __func__, ipsec_address(&dst_address, buf,
	+ sizeof(buf)), (u_long) ntohl(spi), sproto));
	IPSEC_ISTAT(sproto, noxform);
	KEY_FREESAV(&sav);
	m_freem(m);
	@@ -327,6 +328,7 @@
	ipsec4_common_input_cb(struct mbuf m, struct secasvar sav, int skip,
	int protoff)
	{
	+ char buf[INET6_ADDRSTRLEN];
	int prot, af, sproto, isr_prot;
	struct ip *ip;
	struct m_tag *mtag;
	@@ -365,8 +367,8 @@
	*/
	if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
	DPRINTF(("%s: processing failed for SA %s/%08lx\n",
	- __func__, ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ __func__, ipsec_address(&sav->sah->saidx.dst,
	+ buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
	IPSEC_ISTAT(sproto, hdrops);
	error = ENOBUFS;
	goto bad;
	@@ -622,6 +624,7 @@
	ipsec6_common_input_cb(struct mbuf m, struct secasvar sav, int skip,
	int protoff)
	{
	+ char buf[INET6_ADDRSTRLEN];
	int prot, af, sproto;
	struct ip6_hdr *ip6;
	struct m_tag *mtag;
	@@ -658,8 +661,8 @@
	(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {

	DPRINTF(("%s: processing failed for SA %s/%08lx\n",
	- __func__, ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ __func__, ipsec_address(&sav->sah->saidx.dst, buf,
	+ sizeof(buf)), (u_long) ntohl(sav->spi)));

	IPSEC_ISTAT(sproto, hdrops);
	error = EACCES;
	Index: sys/netipsec/ipsec_output.c
	===================================================================
	--- sys/netipsec/ipsec_output.c
	+++ sys/netipsec/ipsec_output.c
	@@ -529,6 +529,7 @@
	int
	ipsec4_process_packet(struct mbuf m, struct ipsecrequest isr)
	{
	+ char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN];
	union sockaddr_union *dst;
	struct secasindex saidx;
	struct secasvar *sav;
	@@ -579,9 +580,10 @@
	if (error != 0) {
	DPRINTF(("%s: encapsulation for SA %s->%s "
	"SPI 0x%08x failed with error %d\n", __func__,
	- ipsec_address(&sav->sah->saidx.src),
	- ipsec_address(&sav->sah->saidx.dst),
	- ntohl(sav->spi), error));
	+ ipsec_address(&sav->sah->saidx.src, sbuf,
	+ sizeof(sbuf)),
	+ ipsec_address(&sav->sah->saidx.dst, dbuf,
	+ sizeof(dbuf)), ntohl(sav->spi), error));
	goto bad;
	}
	}
	@@ -650,11 +652,9 @@
	* IPsec output logic for IPv6.
	*/
	int
	-ipsec6_process_packet(
	- struct mbuf *m,
	- struct ipsecrequest *isr
	- )
	+ipsec6_process_packet(struct mbuf m, struct ipsecrequest isr)
	{
	+ char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN];
	struct secasindex saidx;
	struct secasvar *sav;
	struct ip6_hdr *ip6;
	@@ -704,9 +704,10 @@
	if (error != 0) {
	DPRINTF(("%s: encapsulation for SA %s->%s "
	"SPI 0x%08x failed with error %d\n", __func__,
	- ipsec_address(&sav->sah->saidx.src),
	- ipsec_address(&sav->sah->saidx.dst),
	- ntohl(sav->spi), error));
	+ ipsec_address(&sav->sah->saidx.src, sbuf,
	+ sizeof(sbuf)),
	+ ipsec_address(&sav->sah->saidx.dst, dbuf,
	+ sizeof(dbuf)), ntohl(sav->spi), error));
	goto bad;
	}
	}
	Index: sys/netipsec/xform_ah.c
	===================================================================
	--- sys/netipsec/xform_ah.c
	+++ sys/netipsec/xform_ah.c
	@@ -567,6 +567,7 @@
	static int
	ah_input(struct mbuf m, struct secasvar sav, int skip, int protoff)
	{
	+ char buf[128];
	struct auth_hash *ahx;
	struct tdb_crypto *tc;
	struct newah *ah;
	@@ -596,7 +597,7 @@
	if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
	AHSTAT_INC(ahs_replay);
	DPRINTF(("%s: packet replay failure: %s\n", __func__,
	- ipsec_logsastr(sav)));
	+ ipsec_logsastr(sav, buf, sizeof(buf))));
	m_freem(m);
	return ENOBUFS;
	}
	@@ -607,10 +608,10 @@
	authsize = AUTHSIZE(sav);
	if (hl != authsize + rplen - sizeof (struct ah)) {
	DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
	- " for packet in SA %s/%08lx\n", __func__,
	- hl, (u_long) (authsize + rplen - sizeof (struct ah)),
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ " for packet in SA %s/%08lx\n", __func__, hl,
	+ (u_long) (authsize + rplen - sizeof (struct ah)),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_badauthl);
	m_freem(m);
	return EACCES;
	@@ -695,6 +696,7 @@
	static int
	ah_input_cb(struct cryptop *crp)
	{
	+ char buf[INET6_ADDRSTRLEN];
	int rplen, error, skip, protoff;
	unsigned char calc[AH_ALEN_MAX];
	struct mbuf *m;
	@@ -764,7 +766,7 @@
	if (bcmp(ptr + skip + rplen, calc, authsize)) {
	DPRINTF(("%s: authentication hash mismatch for packet "
	"in SA %s/%08lx\n", __func__,
	- ipsec_address(&saidx->dst),
	+ ipsec_address(&saidx->dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_badauth);
	error = EACCES;
	@@ -803,8 +805,8 @@
	error = m_striphdr(m, skip, rplen + authsize);
	if (error) {
	DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
	- ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
	-
	+ ipsec_address(&saidx->dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_hdrops);
	goto bad;
	}
	@@ -843,13 +845,10 @@
	* AH output routine, called by ipsec[46]_process_packet().
	*/
	static int
	-ah_output(
	- struct mbuf *m,
	- struct ipsecrequest *isr,
	- struct mbuf **mp,
	- int skip,
	- int protoff)
	+ah_output(struct mbuf m, struct ipsecrequest isr, struct mbuf **mp,
	+ int skip, int protoff)
	{
	+ char buf[INET6_ADDRSTRLEN];
	struct secasvar *sav;
	struct auth_hash *ahx;
	struct cryptodesc *crda;
	@@ -887,7 +886,7 @@
	DPRINTF(("%s: unknown/unsupported protocol family %u, "
	"SA %s/%08lx\n", __func__,
	sav->sah->saidx.dst.sa.sa_family,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_nopf);
	error = EPFNOSUPPORT;
	@@ -897,7 +896,7 @@
	if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) {
	DPRINTF(("%s: packet in SA %s/%08lx got too big "
	"(len %u, max len %u)\n", __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi),
	rplen + authsize + m->m_pkthdr.len, maxpacketsize));
	AHSTAT_INC(ahs_toobig);
	@@ -911,7 +910,7 @@
	m = m_unshare(m, M_NOWAIT);
	if (m == NULL) {
	DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_hdrops);
	error = ENOBUFS;
	@@ -924,7 +923,7 @@
	DPRINTF(("%s: failed to inject %u byte AH header for SA "
	"%s/%08lx\n", __func__,
	rplen + authsize,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_hdrops); /XXX differs from openbsd /
	error = ENOBUFS;
	@@ -951,9 +950,8 @@
	if (sav->replay->count == ~0 &&
	(sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
	DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n",
	- __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ __func__, ipsec_address(&sav->sah->saidx.dst, buf,
	+ sizeof(buf)), (u_long) ntohl(sav->spi)));
	AHSTAT_INC(ahs_wrap);
	error = EINVAL;
	goto bad;
	Index: sys/netipsec/xform_esp.c
	===================================================================
	--- sys/netipsec/xform_esp.c
	+++ sys/netipsec/xform_esp.c
	@@ -268,6 +268,7 @@
	static int
	esp_input(struct mbuf m, struct secasvar sav, int skip, int protoff)
	{
	+ char buf[128];
	struct auth_hash *esph;
	struct enc_xform *espx;
	struct tdb_crypto *tc;
	@@ -326,9 +327,8 @@
	if ((plen & (espx->blocksize - 1)) \|\| (plen <= 0)) {
	DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
	" SA %s/%08lx\n", __func__,
	- plen, espx->blocksize,
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
	+ buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
	ESPSTAT_INC(esps_badilen);
	m_freem(m);
	return EINVAL;
	@@ -340,7 +340,7 @@
	if (esph != NULL && sav->replay != NULL &&
	!ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
	DPRINTF(("%s: packet replay check for %s\n", __func__,
	- ipsec_logsastr(sav))); /XXX/
	+ ipsec_logsastr(sav, buf, sizeof(buf)))); /XXX/
	ESPSTAT_INC(esps_replay);
	m_freem(m);
	return ENOBUFS; /XXX/
	@@ -431,6 +431,7 @@
	static int
	esp_input_cb(struct cryptop *crp)
	{
	+ char buf[128];
	u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN];
	int hlen, skip, protoff, error, alen;
	struct mbuf *m;
	@@ -507,7 +508,7 @@
	if (bcmp(ptr, aalg, alen) != 0) {
	DPRINTF(("%s: authentication hash mismatch for "
	"packet in SA %s/%08lx\n", __func__,
	- ipsec_address(&saidx->dst),
	+ ipsec_address(&saidx->dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	ESPSTAT_INC(esps_badauth);
	error = EACCES;
	@@ -537,7 +538,7 @@
	sizeof (seq), (caddr_t) &seq);
	if (ipsec_updatereplay(ntohl(seq), sav)) {
	DPRINTF(("%s: packet replay check for %s\n", __func__,
	- ipsec_logsastr(sav)));
	+ ipsec_logsastr(sav, buf, sizeof(buf))));
	ESPSTAT_INC(esps_replay);
	error = ENOBUFS;
	goto bad;
	@@ -555,7 +556,7 @@
	if (error) {
	ESPSTAT_INC(esps_hdrops);
	DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	goto bad;
	}
	@@ -567,10 +568,10 @@
	if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
	ESPSTAT_INC(esps_badilen);
	DPRINTF(("%s: invalid padding length %d for %u byte packet "
	- "in SA %s/%08lx\n", __func__,
	- lastthree[1], m->m_pkthdr.len - skip,
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ "in SA %s/%08lx\n", __func__, lastthree[1],
	+ m->m_pkthdr.len - skip,
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	error = EINVAL;
	goto bad;
	}
	@@ -580,9 +581,9 @@
	if (lastthree[1] != lastthree[0] && lastthree[1] != 0) {
	ESPSTAT_INC(esps_badenc);
	DPRINTF(("%s: decryption failed for packet in "
	- "SA %s/%08lx\n", __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ "SA %s/%08lx\n", __func__, ipsec_address(
	+ &sav->sah->saidx.dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	error = EINVAL;
	goto bad;
	}
	@@ -628,14 +629,10 @@
	* ESP output routine, called by ipsec[46]_process_packet().
	*/
	static int
	-esp_output(
	- struct mbuf *m,
	- struct ipsecrequest *isr,
	- struct mbuf **mp,
	- int skip,
	- int protoff
	-)
	+esp_output(struct mbuf m, struct ipsecrequest isr, struct mbuf **mp,
	+ int skip, int protoff)
	{
	+ char buf[INET6_ADDRSTRLEN];
	struct enc_xform *espx;
	struct auth_hash *esph;
	int hlen, rlen, padding, blks, alen, i, roff;
	@@ -703,8 +700,8 @@
	default:
	DPRINTF(("%s: unknown/unsupported protocol "
	"family %d, SA %s/%08lx\n", __func__,
	- saidx->dst.sa.sa_family, ipsec_address(&saidx->dst),
	- (u_long) ntohl(sav->spi)));
	+ saidx->dst.sa.sa_family, ipsec_address(&saidx->dst,
	+ buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
	ESPSTAT_INC(esps_nopf);
	error = EPFNOSUPPORT;
	goto bad;
	@@ -712,7 +709,8 @@
	if (skip + hlen + rlen + padding + alen > maxpacketsize) {
	DPRINTF(("%s: packet in SA %s/%08lx got too big "
	"(len %u, max len %u)\n", __func__,
	- ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi),
	+ ipsec_address(&saidx->dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi),
	skip + hlen + rlen + padding + alen, maxpacketsize));
	ESPSTAT_INC(esps_toobig);
	error = EMSGSIZE;
	@@ -725,7 +723,8 @@
	m = m_unshare(m, M_NOWAIT);
	if (m == NULL) {
	DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
	- ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
	+ ipsec_address(&saidx->dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	ESPSTAT_INC(esps_hdrops);
	error = ENOBUFS;
	goto bad;
	@@ -735,8 +734,8 @@
	mo = m_makespace(m, skip, hlen, &roff);
	if (mo == NULL) {
	DPRINTF(("%s: %u byte ESP hdr inject failed for SA %s/%08lx\n",
	- __func__, hlen, ipsec_address(&saidx->dst),
	- (u_long) ntohl(sav->spi)));
	+ __func__, hlen, ipsec_address(&saidx->dst, buf,
	+ sizeof(buf)), (u_long) ntohl(sav->spi)));
	ESPSTAT_INC(esps_hdrops); /* XXX diffs from openbsd */
	error = ENOBUFS;
	goto bad;
	@@ -765,7 +764,8 @@
	pad = (u_char *) m_pad(m, padding + alen);
	if (pad == NULL) {
	DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__,
	- ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
	+ ipsec_address(&saidx->dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	m = NULL; /* NB: free'd by m_pad */
	error = ENOBUFS;
	goto bad;
	@@ -876,6 +876,7 @@
	static int
	esp_output_cb(struct cryptop *crp)
	{
	+ char buf[INET6_ADDRSTRLEN];
	struct tdb_crypto *tc;
	struct ipsecrequest *isr;
	struct secasvar *sav;
	@@ -893,7 +894,7 @@
	if (sav != isr->sav) {
	ESPSTAT_INC(esps_notdb);
	DPRINTF(("%s: SA gone during crypto (SA %s/%08lx proto %u)\n",
	- __func__, ipsec_address(&tc->tc_dst),
	+ __func__, ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
	(u_long) ntohl(tc->tc_spi), tc->tc_proto));
	error = ENOBUFS; /XXX/
	goto bad;
	Index: sys/netipsec/xform_ipcomp.c
	===================================================================
	--- sys/netipsec/xform_ipcomp.c
	+++ sys/netipsec/xform_ipcomp.c
	@@ -224,6 +224,7 @@
	static int
	ipcomp_input_cb(struct cryptop *crp)
	{
	+ char buf[INET6_ADDRSTRLEN];
	struct cryptodesc *crd;
	struct tdb_crypto *tc;
	int skip, protoff;
	@@ -298,8 +299,8 @@
	if (error) {
	IPCOMPSTAT_INC(ipcomps_hdrops);
	DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	+ (u_long) ntohl(sav->spi)));
	goto bad;
	}

	@@ -340,14 +341,10 @@
	* IPComp output routine, called by ipsec[46]_process_packet()
	*/
	static int
	-ipcomp_output(
	- struct mbuf *m,
	- struct ipsecrequest *isr,
	- struct mbuf **mp,
	- int skip,
	- int protoff
	-)
	+ipcomp_output(struct mbuf m, struct ipsecrequest isr, struct mbuf **mp,
	+ int skip, int protoff)
	{
	+ char buf[INET6_ADDRSTRLEN];
	struct secasvar *sav;
	struct comp_algo *ipcompx;
	int error, ralen, maxpacketsize;
	@@ -391,7 +388,7 @@
	DPRINTF(("%s: unknown/unsupported protocol family %d, "
	"IPCA %s/%08lx\n", __func__,
	sav->sah->saidx.dst.sa.sa_family,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi)));
	error = EPFNOSUPPORT;
	goto bad;
	@@ -400,7 +397,7 @@
	IPCOMPSTAT_INC(ipcomps_toobig);
	DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
	"(len %u, max len %u)\n", __func__,
	- ipsec_address(&sav->sah->saidx.dst),
	+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
	(u_long) ntohl(sav->spi),
	ralen + skip + IPCOMP_HLENGTH, maxpacketsize));
	error = EMSGSIZE;
	@@ -414,8 +411,8 @@
	if (m == NULL) {
	IPCOMPSTAT_INC(ipcomps_hdrops);
	DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
	- __func__, ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ __func__, ipsec_address(&sav->sah->saidx.dst, buf,
	+ sizeof(buf)), (u_long) ntohl(sav->spi)));
	error = ENOBUFS;
	goto bad;
	}
	@@ -482,6 +479,7 @@
	static int
	ipcomp_output_cb(struct cryptop *crp)
	{
	+ char buf[INET6_ADDRSTRLEN];
	struct tdb_crypto *tc;
	struct ipsecrequest *isr;
	struct secasvar *sav;
	@@ -539,8 +537,8 @@
	if (mo == NULL) {
	IPCOMPSTAT_INC(ipcomps_wrap);
	DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n",
	- __func__, ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ __func__, ipsec_address(&sav->sah->saidx.dst, buf,
	+ sizeof(buf)), (u_long) ntohl(sav->spi)));
	error = ENOBUFS;
	goto bad;
	}
	@@ -586,8 +584,8 @@
	DPRINTF(("%s: unknown/unsupported protocol "
	"family %d, IPCA %s/%08lx\n", __func__,
	sav->sah->saidx.dst.sa.sa_family,
	- ipsec_address(&sav->sah->saidx.dst),
	- (u_long) ntohl(sav->spi)));
	+ ipsec_address(&sav->sah->saidx.dst, buf,
	+ sizeof(buf)), (u_long) ntohl(sav->spi)));
	error = EPFNOSUPPORT;
	goto bad;
	}

File Metadata

Mime Type: text/plain
Expires: Mon, Mar 23, 7:13 AM (17 h, 20 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 30170002
Default Alt Text: D2321.id4893.diff (20 KB)

D2321.id4893.diffNo OneTemporaryActions

D2321.id4893.diffView Options

File Metadata

Event Timeline

D2321.id4893.diff
No OneTemporary
Actions

D2321.id4893.diff
View Options