author: Andrey V. Elsukov <ae@FreeBSD.org> 2017-05-29 09:30:38 +0000
committer: Andrey V. Elsukov <ae@FreeBSD.org> 2017-05-29 09:30:38 +0000
commit: 7f1f65918be93e48521f08f9c529efb5e0e0569d (patch)
tree: 44183224c5e4ac80a6c8912351763e6a03e001d1
parent: 631f8f40d313adb3446ade39537ec7cf1a1ab4b4 (diff)
7 files changed, 28 insertions, 26 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 49413e2b9ee7b..147412f980e0f 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -299,7 +299,13 @@ VNET_DECLARE(int, natt_cksum_policy);
 
 #define ipseclog(x)	do { if (V_ipsec_debug) log x; } while (0)
 /* for openbsd compatibility */
+#ifdef IPSEC_DEBUG
+#define	IPSEC_DEBUG_DECLARE(x)	x
 #define	DPRINTF(x)	do { if (V_ipsec_debug) printf x; } while (0)
+#else
+#define	IPSEC_DEBUG_DECLARE(x)
+#define	DPRINTF(x)
+#endif
 
 struct inpcb;
 struct m_tag;
diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c
index e253cc0a31d2d..f30a017be1466 100644
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@@ -117,7 +117,7 @@ __FBSDID("$FreeBSD$");
 static int
 ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	union sockaddr_union dst_address;
 	struct secasvar *sav;
 	uint32_t spi;
@@ -277,7 +277,7 @@ int
 ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
     int protoff)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	struct ipsec_ctx_data ctx;
 	struct xform_history *xh;
 	struct secasindex *saidx;
@@ -488,7 +488,7 @@ int
 ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
     int protoff)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	struct ipsec_ctx_data ctx;
 	struct xform_history *xh;
 	struct secasindex *saidx;
diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index 80b6ab8300b18..ee45ce2087443 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -183,7 +183,6 @@ next:
 static int
 ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 {
-	char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
 	struct ipsec_ctx_data ctx;
 	union sockaddr_union *dst;
 	struct secasvar *sav;
@@ -230,12 +229,9 @@ ipsec4_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 		ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
 		error = ipsec_encap(&m, &sav->sah->saidx);
 		if (error != 0) {
-			DPRINTF(("%s: encapsulation for SA %s->%s "
-			    "SPI 0x%08x failed with error %d\n", __func__,
-			    ipsec_address(&sav->sah->saidx.src, sbuf,
-				sizeof(sbuf)),
-			    ipsec_address(&sav->sah->saidx.dst, dbuf,
-				sizeof(dbuf)), ntohl(sav->spi), error));
+			DPRINTF(("%s: encapsulation for SPI 0x%08x failed "
+			    "with error %d\n", __func__, ntohl(sav->spi),
+			    error));
 			/* XXXAE: IPSEC_OSTAT_INC(tunnel); */
 			goto bad;
 		}
@@ -497,7 +493,6 @@ next:
 static int
 ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 {
-	char sbuf[IPSEC_ADDRSTRLEN], dbuf[IPSEC_ADDRSTRLEN];
 	struct ipsec_ctx_data ctx;
 	union sockaddr_union *dst;
 	struct secasvar *sav;
@@ -539,12 +534,9 @@ ipsec6_perform_request(struct mbuf *m, struct secpolicy *sp, u_int idx)
 		}
 		error = ipsec_encap(&m, &sav->sah->saidx);
 		if (error != 0) {
-			DPRINTF(("%s: encapsulation for SA %s->%s "
-			    "SPI 0x%08x failed with error %d\n", __func__,
-			    ipsec_address(&sav->sah->saidx.src, sbuf,
-				sizeof(sbuf)),
-			    ipsec_address(&sav->sah->saidx.dst, dbuf,
-				sizeof(dbuf)), ntohl(sav->spi), error));
+			DPRINTF(("%s: encapsulation for SPI 0x%08x failed "
+			    "with error %d\n", __func__, ntohl(sav->spi),
+			    error));
 			/* XXXAE: IPSEC_OSTAT_INC(tunnel); */
 			goto bad;
 		}
diff --git a/sys/netipsec/key_debug.h b/sys/netipsec/key_debug.h
index 18150b5379e5c..afb11cb1c357c 100644
--- a/sys/netipsec/key_debug.h
+++ b/sys/netipsec/key_debug.h
@@ -53,10 +53,14 @@
 #define KEYDEBUG_IPSEC_DATA	(KEYDEBUG_IPSEC | KEYDEBUG_DATA)
 #define KEYDEBUG_IPSEC_DUMP	(KEYDEBUG_IPSEC | KEYDEBUG_DUMP)
 
+#ifdef IPSEC_DEBUG
 #define KEYDBG(lev, arg)	\
     if ((V_key_debug_level & (KEYDEBUG_ ## lev)) == (KEYDEBUG_ ## lev)) { \
 	    arg;		\
     }
+#else
+#define	KEYDBG(lev, arg)
+#endif /* !IPSEC_DEBUG */
 
 VNET_DECLARE(uint32_t, key_debug_level);
 #define	V_key_debug_level	VNET(key_debug_level)
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 0bcab46373c58..fada7b7e005ff 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -544,7 +544,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
 static int
 ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 {
-	char buf[128];
+	IPSEC_DEBUG_DECLARE(char buf[128]);
 	const struct auth_hash *ahx;
 	struct cryptodesc *crda;
 	struct cryptop *crp;
@@ -681,7 +681,7 @@ bad:
 static int
 ah_input_cb(struct cryptop *crp)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	unsigned char calc[AH_ALEN_MAX];
 	const struct auth_hash *ahx;
 	struct mbuf *m;
@@ -831,7 +831,7 @@ static int
 ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
     u_int idx, int skip, int protoff)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	const struct auth_hash *ahx;
 	struct cryptodesc *crda;
 	struct xform_data *xd;
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 7eda6450bcbe2..39d5b8c79e023 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -263,7 +263,7 @@ esp_zeroize(struct secasvar *sav)
 static int
 esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 {
-	char buf[128];
+	IPSEC_DEBUG_DECLARE(char buf[128]);
 	const struct auth_hash *esph;
 	const struct enc_xform *espx;
 	struct xform_data *xd;
@@ -436,7 +436,7 @@ bad:
 static int
 esp_input_cb(struct cryptop *crp)
 {
-	char buf[128];
+	IPSEC_DEBUG_DECLARE(char buf[128]);
 	u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN];
 	const struct auth_hash *esph;
 	const struct enc_xform *espx;
@@ -622,7 +622,7 @@ static int
 esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
     u_int idx, int skip, int protoff)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	struct cryptodesc *crde = NULL, *crda = NULL;
 	struct cryptop *crp;
 	const struct auth_hash *esph;
diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c
index 061937d702289..1e8fc59ae105e 100644
--- a/sys/netipsec/xform_ipcomp.c
+++ b/sys/netipsec/xform_ipcomp.c
@@ -271,7 +271,7 @@ bad:
 static int
 ipcomp_input_cb(struct cryptop *crp)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	struct cryptodesc *crd;
 	struct xform_data *xd;
 	struct mbuf *m;
@@ -387,7 +387,7 @@ static int
 ipcomp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
     u_int idx, int skip, int protoff)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	const struct comp_algo *ipcompx;
 	struct cryptodesc *crdc;
 	struct cryptop *crp;
@@ -521,7 +521,7 @@ bad:
 static int
 ipcomp_output_cb(struct cryptop *crp)
 {
-	char buf[IPSEC_ADDRSTRLEN];
+	IPSEC_DEBUG_DECLARE(char buf[IPSEC_ADDRSTRLEN]);
 	struct xform_data *xd;
 	struct secpolicy *sp;
 	struct secasvar *sav;
author	Andrey V. Elsukov <ae@FreeBSD.org>	2017-05-29 09:30:38 +0000
committer	Andrey V. Elsukov <ae@FreeBSD.org>	2017-05-29 09:30:38 +0000
commit	7f1f65918be93e48521f08f9c529efb5e0e0569d (patch)
tree	44183224c5e4ac80a6c8912351763e6a03e001d1
parent	631f8f40d313adb3446ade39537ec7cf1a1ab4b4 (diff)