Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Merge some minor (mostly stylistic) changes fro...
details: https://anonhg.NetBSD.org/src/rev/33152b55aa28
branches: trunk
changeset: 359819:33152b55aa28
user: maxv <maxv%NetBSD.org@localhost>
date: Mon Feb 26 06:17:01 2018 +0000
description:
Merge some minor (mostly stylistic) changes from last week.
diffstat:
sys/netipsec/ipsec.c | 30 +++++++++++++++-----------
sys/netipsec/ipsec_input.c | 50 +++++++++++++++++++++----------------------
sys/netipsec/ipsec_mbuf.c | 15 ++++++-------
sys/netipsec/ipsec_netbsd.c | 51 ++++++++++++++++++++------------------------
sys/netipsec/ipsecif.c | 36 +++++++++++++------------------
5 files changed, 86 insertions(+), 96 deletions(-)
diffs (truncated from 651 to 300 lines):
diff -r de31984d4f50 -r 33152b55aa28 sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Mon Feb 26 05:52:50 2018 +0000
+++ b/sys/netipsec/ipsec.c Mon Feb 26 06:17:01 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.134 2018/02/21 16:42:33 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.134 2018/02/21 16:42:33 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $");
/*
* IPsec controller part.
@@ -594,6 +594,7 @@
return NULL;
}
KASSERTMSG(*error == 0, "sp w/ error set to %u", *error);
+
switch (sp->policy) {
case IPSEC_POLICY_ENTRUST:
default:
@@ -612,11 +613,13 @@
KASSERT(sp->req != NULL);
break;
}
+
if (*error != 0) {
KEY_SP_UNREF(&sp);
sp = NULL;
IPSECLOG(LOG_DEBUG, "done, error %d\n", *error);
}
+
return sp;
}
@@ -697,6 +700,7 @@
return 0;
}
}
+
/*
* Preserve KAME behaviour: ENOENT can be returned
* when an SA acquire is in progress. Don't propagate
@@ -767,8 +771,8 @@
size_t ipsechdr;
int error;
- sp = ipsec_getpolicybyaddr(m,
- IPSEC_DIR_OUTBOUND, IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING,
+ &error);
if (sp == NULL) {
return EINVAL;
}
@@ -940,6 +944,7 @@
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"total of m_len(%d) != pkthdr.len(%d), ignored.\n",
len, m->m_pkthdr.len);
+ KASSERTMSG(0, "impossible");
return EINVAL;
}
@@ -1474,7 +1479,6 @@
return ipsec_get_policy(policy, mp);
}
-/* delete policy in PCB */
int
ipsec4_delete_pcbpolicy(struct inpcb *inp)
{
@@ -1590,8 +1594,7 @@
#endif
/*
- * return current level.
- * Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned.
+ * Return the current level (either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE).
*/
u_int
ipsec_get_reqlevel(const struct ipsecrequest *isr)
@@ -1608,7 +1611,7 @@
isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family);
/* XXX note that we have ipseclog() expanded here - code sync issue */
-#define IPSEC_CHECK_DEFAULT(lev) \
+#define IPSEC_CHECK_DEFAULT(lev) \
(((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \
&& (lev) != IPSEC_LEVEL_UNIQUE) ? \
(ipsec_debug ? log(LOG_INFO, "fixed system default level " #lev \
@@ -2145,13 +2148,11 @@
in_print(buf, size, &sa->sin.sin_addr);
return buf;
#endif
-
#if INET6
case AF_INET6:
in6_print(buf, size, &sa->sin6.sin6_addr);
return buf;
#endif
-
default:
return "(unknown address family)";
}
@@ -2216,7 +2217,8 @@
splx(s);
goto skippolicycheck;
}
- sp = ipsec6_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error,in6p);
+ sp = ipsec6_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error,
+ in6p);
/*
* There are four return cases:
@@ -2270,11 +2272,13 @@
}
#endif /* INET6 */
-
+/*
+ * -----------------------------------------------------------------------------
+ */
/* XXX this stuff doesn't belong here... */
-static struct xformsw *xforms = NULL;
+static struct xformsw *xforms = NULL;
/*
* Register a transform; typically at system startup.
diff -r de31984d4f50 -r 33152b55aa28 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c Mon Feb 26 05:52:50 2018 +0000
+++ b/sys/netipsec/ipsec_input.c Mon Feb 26 06:17:01 2018 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $ */
-/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $ */
+/* $FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $");
/*
* IPsec input processing.
@@ -136,7 +136,7 @@
if (m == NULL)
return NULL;
}
- ip = mtod(m, struct ip *);
+ ip = mtod(m, struct ip *);
poff = ip->ip_hl << 2;
plen = ntohs(ip->ip_len) - poff;
@@ -157,8 +157,8 @@
IP6_EXTHDR_GET(uh, struct udphdr *, m, poff, sizeof(*uh));
if (uh == NULL)
return NULL;
- off = sizeof(*uh);
- if (off > plen) {
+ off = sizeof(*uh);
+ if (off > plen) {
m_freem(m);
return NULL;
}
@@ -166,7 +166,7 @@
uh->uh_sum = in4_cksum(m, IPPROTO_UDP, poff, plen);
break;
default:
- /* no checksum */
+ /* no checksum */
return m;
}
@@ -204,7 +204,7 @@
return EOPNOTSUPP;
}
- if (m->m_pkthdr.len - skip < 2 * sizeof (u_int32_t)) {
+ if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t)) {
m_freem(m);
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
@@ -213,19 +213,18 @@
}
/* Retrieve the SPI from the relevant IPsec header */
- if (sproto == IPPROTO_ESP)
+ if (sproto == IPPROTO_ESP) {
m_copydata(m, skip, sizeof(u_int32_t), &spi);
- else if (sproto == IPPROTO_AH)
+ } else if (sproto == IPPROTO_AH) {
m_copydata(m, skip + sizeof(u_int32_t), sizeof(u_int32_t), &spi);
- else if (sproto == IPPROTO_IPCOMP) {
+ } else if (sproto == IPPROTO_IPCOMP) {
u_int16_t cpi;
m_copydata(m, skip + sizeof(u_int16_t), sizeof(u_int16_t), &cpi);
spi = ntohl(htons(cpi));
} else {
- panic("ipsec_common_input called with bad protocol number :"
- "%d\n", sproto);
+ panic("%s called with bad protocol number: %d\n", __func__,
+ sproto);
}
-
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
@@ -235,7 +234,7 @@
* kernel crypto routine. The resulting mbuf chain is a valid
* IP packet ready to go through input processing.
*/
- memset(&dst_address, 0, sizeof (dst_address));
+ memset(&dst_address, 0, sizeof(dst_address));
dst_address.sa.sa_family = af;
switch (af) {
#ifdef INET
@@ -245,7 +244,7 @@
sizeof(struct in_addr),
&dst_address.sin.sin_addr);
break;
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
dst_address.sin6.sin6_len = sizeof(struct sockaddr_in6);
@@ -257,7 +256,7 @@
return EINVAL;
}
break;
-#endif /* INET6 */
+#endif
default:
IPSECLOG(LOG_DEBUG, "unsupported protocol family %u\n", af);
m_freem(m);
@@ -309,8 +308,8 @@
nxt = va_arg(ap, int);
va_end(ap);
- (void) ipsec_common_input(m, off, offsetof(struct ip, ip_p),
- AF_INET, nxt);
+ (void)ipsec_common_input(m, off, offsetof(struct ip, ip_p),
+ AF_INET, nxt);
}
/*
@@ -465,12 +464,13 @@
key_sa_recordxfer(sav, m); /* record data transfer */
if ((inetsw[ip_protox[prot]].pr_flags & PR_LASTHDR) != 0 &&
- ipsec4_in_reject(m, NULL)) {
+ ipsec4_in_reject(m, NULL)) {
error = EINVAL;
goto bad;
}
(*inetsw[ip_protox[prot]].pr_input)(m, skip, prot);
return 0;
+
bad:
m_freem(m);
return error;
@@ -478,7 +478,6 @@
#endif /* INET */
#ifdef INET6
-/* IPv6 AH wrapper. */
int
ipsec6_common_input(struct mbuf **mp, int *offp, int proto)
{
@@ -531,8 +530,8 @@
return IPPROTO_DONE;
}
-extern const struct ip6protosw inet6sw[];
-extern u_char ip6_protox[];
+extern const struct ip6protosw inet6sw[];
+extern u_char ip6_protox[];
/*
* IPsec input callback, called by the transform callback. Takes care of
@@ -571,12 +570,10 @@
/* Fix IPv6 header */
if (m->m_len < sizeof(struct ip6_hdr) &&
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
-
char buf[IPSEC_ADDRSTRLEN];
IPSECLOG(LOG_DEBUG, "processing failed for SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst,
buf, sizeof(buf)), (u_long) ntohl(sav->spi));
-
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
Home |
Main Index |
Thread Index |
Old Index