Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Make ipsec_address() and ipsec_logsastr() mpsafe.
details: https://anonhg.NetBSD.org/src/rev/2296e85087d0
branches: trunk
changeset: 353538:2296e85087d0
user: ryo <ryo%NetBSD.org@localhost>
date: Thu May 11 05:55:14 2017 +0000
description:
Make ipsec_address() and ipsec_logsastr() mpsafe.
diffstat:
sys/netipsec/ipsec.c | 53 ++++++++++++--------------------------------
sys/netipsec/ipsec.h | 11 ++++++--
sys/netipsec/ipsec_input.c | 38 +++++++++++++++++++------------
sys/netipsec/ipsec_output.c | 13 +++++-----
sys/netipsec/xform_ah.c | 29 ++++++++++++++----------
sys/netipsec/xform_esp.c | 50 ++++++++++++++++++++++++++----------------
sys/netipsec/xform_ipcomp.c | 28 +++++++++++++----------
sys/netipsec/xform_ipip.c | 9 ++++---
8 files changed, 122 insertions(+), 109 deletions(-)
diffs (truncated from 771 to 300 lines):
diff -r 3f0eaf68bbcb -r 2296e85087d0 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Thu May 11 04:33:14 2017 +0000
+++ b/sys/netipsec/ipsec.c Thu May 11 05:55:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.87 2017/05/10 09:34:52 ozaki-r Exp $ */
+/* $NetBSD: ipsec.c,v 1.88 2017/05/11 05:55:14 ryo Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.87 2017/05/10 09:34:52 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.88 2017/05/11 05:55:14 ryo Exp $");
/*
* IPsec controller part.
@@ -2101,6 +2101,7 @@
int fr;
u_int32_t wsizeb; /* constant: bits of window size */
int frlast; /* constant: last frame */
+ char buf[INET6_ADDRSTRLEN];
IPSEC_SPLASSERT_SOFTNET(__func__);
@@ -2177,7 +2178,7 @@
return 1;
ipseclog((LOG_WARNING, "replay counter made %d cycle. %s\n",
- replay->overflow, ipsec_logsastr(sav)));
+ replay->overflow, ipsec_logsastr(sav, buf, sizeof(buf))));
}
replay->count++;
@@ -2210,37 +2211,21 @@
return;
}
-/* Return a printable string for the IPv4 address. */
-static char *
-inet_ntoa4(struct in_addr ina)
-{
- static char buf[4][4 * sizeof "123" + 4];
- unsigned char *ucp = (unsigned char *) &ina;
- static int i = 3;
-
- i = (i + 1) % 4;
- snprintf(buf[i], sizeof(buf[i]), "%d.%d.%d.%d",
- ucp[0] & 0xff, ucp[1] & 0xff, ucp[2] & 0xff, ucp[3] & 0xff);
- return (buf[i]);
-}
-
/* Return a printable string for the address. */
const char *
-ipsec_address(const union sockaddr_union *sa)
+ipsec_address(const union sockaddr_union *sa, char *buf, size_t size)
{
-#if INET6
- static char ip6buf[INET6_ADDRSTRLEN]; /* XXX: NOMPSAFE */
-#endif
-
switch (sa->sa.sa_family) {
#if INET
case AF_INET:
- return inet_ntoa4(sa->sin.sin_addr);
+ in_print(buf, size, &sa->sin.sin_addr);
+ return buf;
#endif /* INET */
#if INET6
case AF_INET6:
- return IN6_PRINT(ip6buf, &sa->sin6.sin6_addr);
+ in6_print(buf, size, &sa->sin6.sin6_addr);
+ return buf;
#endif /* INET6 */
default:
@@ -2249,27 +2234,19 @@
}
const char *
-ipsec_logsastr(const struct secasvar *sav)
+ipsec_logsastr(const struct secasvar *sav, char *buf, size_t size)
{
- static char buf[256];
- char *p;
const struct secasindex *saidx = &sav->sah->saidx;
+ char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
KASSERTMSG(saidx->src.sa.sa_family == saidx->dst.sa.sa_family,
"af family mismatch, src %u, dst %u",
saidx->src.sa.sa_family, saidx->dst.sa.sa_family);
- p = buf;
- snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi));
- while (p && *p)
- p++;
- /* NB: only use ipsec_address on one address at a time */
- snprintf(p, sizeof (buf) - (p - buf), "src=%s ",
- ipsec_address(&saidx->src));
- while (p && *p)
- p++;
- snprintf(p, sizeof (buf) - (p - buf), "dst=%s)",
- ipsec_address(&saidx->dst));
+ snprintf(buf, size, "SA(SPI=%u src=%s dst=%s)",
+ (u_int32_t)ntohl(sav->spi),
+ ipsec_address(&saidx->src, sbuf, sizeof(sbuf)),
+ ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)));
return buf;
}
diff -r 3f0eaf68bbcb -r 2296e85087d0 sys/netipsec/ipsec.h
--- a/sys/netipsec/ipsec.h Thu May 11 04:33:14 2017 +0000
+++ b/sys/netipsec/ipsec.h Thu May 11 05:55:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.46 2017/05/10 09:34:52 ozaki-r Exp $ */
+/* $NetBSD: ipsec.h,v 1.47 2017/05/11 05:55:14 ryo Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
@@ -149,6 +149,11 @@
};
#endif /* _KERNEL */
+/* buffer size for formatted output of ipsec address (addr + '%' + scope_id?) */
+#define IPSEC_ADDRSTRLEN (INET6_ADDRSTRLEN + 11)
+/* buffer size for ipsec_logsastr() */
+#define IPSEC_LOGSASTRLEN 192
+
/* according to IANA assignment, port 0x0000 and proto 0xff are reserved. */
#define IPSEC_PORT_ANY 0
#define IPSEC_ULPROTO_ANY 255
@@ -307,8 +312,8 @@
#define ipsec4_getpolicybyaddr ipsec_getpolicybyaddr
union sockaddr_union;
-const char *ipsec_address(const union sockaddr_union* sa);
-const char *ipsec_logsastr (const struct secasvar *);
+const char *ipsec_address(const union sockaddr_union* sa, char *, size_t);
+const char *ipsec_logsastr(const struct secasvar *, char *, size_t);
void ipsec_dumpmbuf (struct mbuf *);
diff -r 3f0eaf68bbcb -r 2296e85087d0 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c Thu May 11 04:33:14 2017 +0000
+++ b/sys/netipsec/ipsec_input.c Thu May 11 05:55:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.42 2017/05/11 05:55:14 ryo Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.41 2017/04/19 03:39:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.42 2017/05/11 05:55:14 ryo Exp $");
/*
* IPsec input processing.
@@ -122,6 +122,7 @@
static int
ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
{
+ char buf[IPSEC_ADDRSTRLEN];
union sockaddr_union dst_address;
struct secasvar *sav;
u_int32_t spi;
@@ -213,7 +214,7 @@
if (sav == NULL) {
DPRINTF(("ipsec_common_input: no key association found for"
" SA %s/%08lx/%u/%u\n",
- ipsec_address(&dst_address),
+ ipsec_address(&dst_address, buf, sizeof(buf)),
(u_long) ntohl(spi), sproto, ntohs(dport)));
IPSEC_ISTAT(sproto, ESP_STAT_NOTDB, AH_STAT_NOTDB,
IPCOMP_STAT_NOTDB);
@@ -225,7 +226,7 @@
if (sav->tdb_xform == NULL) {
DPRINTF(("ipsec_common_input: attempted to use uninitialized"
" SA %s/%08lx/%u\n",
- ipsec_address(&dst_address),
+ ipsec_address(&dst_address, buf, sizeof(buf)),
(u_long) ntohl(spi), sproto));
IPSEC_ISTAT(sproto, ESP_STAT_NOXFORM, AH_STAT_NOXFORM,
IPCOMP_STAT_NOXFORM);
@@ -305,9 +306,10 @@
/* Fix IPv4 header */
if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
+ char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("ipsec4_common_input_cb: processing failed "
"for SA %s/%08lx\n",
- ipsec_address(&sav->sah->saidx.dst),
+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
(u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
@@ -340,10 +342,11 @@
(saidx->proxy.sa.sa_family != AF_INET &&
saidx->proxy.sa.sa_family != 0)) {
+ char ipbuf[INET_ADDRSTRLEN];
DPRINTF(("ipsec4_common_input_cb: inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
- inet_ntoa4(ipn.ip_src),
+ IN_PRINT(ipbuf, ipn.ip_src),
ipsp_address(saidx->proxy),
ipsp_address(saidx->dst),
(u_long) ntohl(sav->spi)));
@@ -377,12 +380,13 @@
saidx->proxy.sa.sa_family != 0)) {
char ip6buf[INET6_ADDRSTRLEN];
+ char pbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
DPRINTF(("ipsec4_common_input_cb: inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
ip6_sprintf(ip6buf, &ip6n.ip6_src),
- ipsec_address(&saidx->proxy),
- ipsec_address(&saidx->dst),
+ ipsec_address(&saidx->proxy, pbuf, sizeof(pbuf)),
+ ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)),
(u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
@@ -537,9 +541,10 @@
if (m->m_len < sizeof(struct ip6_hdr) &&
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
+ char buf[IPSEC_ADDRSTRLEN];
DPRINTF(("ipsec6_common_input_cb: processing failed "
- "for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst),
- (u_long) ntohl(sav->spi)));
+ "for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst,
+ buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
@@ -572,12 +577,14 @@
(saidx->proxy.sa.sa_family != AF_INET &&
saidx->proxy.sa.sa_family != 0)) {
+ char ipbuf[INET_ADDRSTRLEN];
+ char pbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
DPRINTF(("ipsec6_common_input_cb: inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
- inet_ntoa4(ipn.ip_src),
- ipsec_address(&saidx->proxy),
- ipsec_address(&saidx->dst),
+ IN_PRINT(ipbuf, ipn.ip_src),
+ ipsec_address(&saidx->proxy, pbuf, sizeof(pbuf)),
+ ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)),
(u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
@@ -609,12 +616,13 @@
saidx->proxy.sa.sa_family != 0)) {
char ip6buf[INET6_ADDRSTRLEN];
+ char pbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
DPRINTF(("ipsec6_common_input_cb: inner "
"source address %s doesn't correspond to "
"expected proxy source %s, SA %s/%08lx\n",
ip6_sprintf(ip6buf, &ip6n.ip6_src),
- ipsec_address(&saidx->proxy),
- ipsec_address(&saidx->dst),
+ ipsec_address(&saidx->proxy, pbuf, sizeof(pbuf)),
+ ipsec_address(&saidx->dst, dbuf, sizeof(dbuf)),
(u_long) ntohl(sav->spi)));
IPSEC_ISTAT(sproto, ESP_STAT_PDROPS,
diff -r 3f0eaf68bbcb -r 2296e85087d0 sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Thu May 11 04:33:14 2017 +0000
+++ b/sys/netipsec/ipsec_output.c Thu May 11 05:55:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.46 2017/05/08 06:39:23 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.47 2017/05/11 05:55:14 ryo Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.46 2017/05/08 06:39:23 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.47 2017/05/11 05:55:14 ryo Exp $");
/*
* IPsec output processing.
@@ -177,10 +177,11 @@
mo = m_makespace(m, sizeof(struct ip), hlen, &roff);
if (mo == NULL) {
- DPRINTF(("ipsec_process_done : failed to inject"
- "%u byte UDP for SA %s/%08lx\n",
Home |
Main Index |
Thread Index |
Old Index