Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Style, no functional change.
details: https://anonhg.NetBSD.org/src/rev/498ef67af04c
branches: trunk
changeset: 829998:498ef67af04c
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Feb 21 17:04:52 2018 +0000
description:
Style, no functional change.
diffstat:
sys/netipsec/ipsec_output.c | 121 +++++++++++++++++++++----------------------
1 files changed, 58 insertions(+), 63 deletions(-)
diffs (truncated from 384 to 300 lines):
diff -r a71b81901199 -r 498ef67af04c sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Wed Feb 21 16:55:53 2018 +0000
+++ b/sys/netipsec/ipsec_output.c Wed Feb 21 17:04:52 2018 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: ipsec_output.c,v 1.67 2018/02/21 16:55:53 maxv Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.68 2018/02/21 17:04:52 maxv Exp $ */
-/*-
+/*
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
* All rights reserved.
*
@@ -29,11 +29,8 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.67 2018/02/21 16:55:53 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.68 2018/02/21 17:04:52 maxv Exp $");
-/*
- * IPsec output processing.
- */
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
#include "opt_net_mpsafe.h"
@@ -88,7 +85,7 @@
/*
* Add a IPSEC_OUT_DONE tag to mark that we have finished the ipsec processing
- * It will be used by ip{,6}_output to check if we have already or not
+ * It will be used by ip{,6}_output to check if we have already or not
* processed this packet.
*/
static int
@@ -148,10 +145,10 @@
int error;
#ifdef INET
struct ip * ip;
-#endif /* INET */
+#endif
#ifdef INET6
struct ip6_hdr * ip6;
-#endif /* INET6 */
+#endif
struct mbuf * mo;
struct udphdr *udp = NULL;
uint64_t * data = NULL;
@@ -165,11 +162,11 @@
saidx = &sav->sah->saidx;
- if(sav->natt_type != 0) {
+ if (sav->natt_type != 0) {
ip = mtod(m, struct ip *);
hlen = sizeof(struct udphdr);
- if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE)
+ if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE)
hlen += sizeof(uint64_t);
mo = m_makespace(m, sizeof(struct ip), hlen, &roff);
@@ -182,9 +179,9 @@
error = ENOBUFS;
goto bad;
}
-
- udp = (struct udphdr*) (mtod(mo, char*) + roff);
- data = (uint64_t*) (udp + 1);
+
+ udp = (struct udphdr *)(mtod(mo, char *) + roff);
+ data = (uint64_t *)(udp + 1);
if (sav->natt_type == UDP_ENCAP_ESPINUDP_NON_IKE)
*data = 0; /* NON-IKE Marker */
@@ -193,12 +190,12 @@
udp->uh_sport = htons(UDP_ENCAP_ESPINUDP_PORT);
else
udp->uh_sport = key_portfromsaddr(&saidx->src);
-
+
udp->uh_dport = key_portfromsaddr(&saidx->dst);
udp->uh_sum = 0;
udp->uh_ulen = htons(m->m_pkthdr.len - (ip->ip_hl << 2));
}
-
+
switch (saidx->dst.sa.sa_family) {
#ifdef INET
case AF_INET:
@@ -208,15 +205,15 @@
if (sav->natt_type != 0)
ip->ip_p = IPPROTO_UDP;
break;
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
/* Fix the header length, for AH processing. */
- if (m->m_pkthdr.len < sizeof (struct ip6_hdr)) {
+ if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) {
error = ENXIO;
goto bad;
}
- if (m->m_pkthdr.len - sizeof (struct ip6_hdr) > IPV6_MAXPACKET) {
+ if (m->m_pkthdr.len - sizeof(struct ip6_hdr) > IPV6_MAXPACKET) {
/* No jumbogram support. */
error = ENXIO; /*?*/
goto bad;
@@ -226,7 +223,7 @@
if (sav->natt_type != 0)
ip6->ip6_nxt = IPPROTO_UDP;
break;
-#endif /* INET6 */
+#endif
default:
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n",
saidx->dst.sa.sa_family);
@@ -245,16 +242,16 @@
*/
if (isr->next) {
IPSEC_STATINC(IPSEC_STAT_OUT_BUNDLESA);
- switch ( saidx->dst.sa.sa_family ) {
+ switch (saidx->dst.sa.sa_family) {
#ifdef INET
case AF_INET:
return ipsec4_process_packet(m, isr->next, NULL);
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
- return ipsec6_process_packet(m,isr->next);
-#endif /* INET6 */
- default :
+ return ipsec6_process_packet(m, isr->next);
+#endif
+ default:
IPSECLOG(LOG_DEBUG, "unknown protocol family %u\n",
saidx->dst.sa.sa_family);
error = ENXIO;
@@ -263,18 +260,19 @@
}
/*
- * We're done with IPsec processing,
+ * We're done with IPsec processing,
* mark that we have already processed the packet
- * transmit it packet using the appropriate network protocol (IP or IPv6).
+ * transmit it packet using the appropriate network protocol (IP or IPv6).
*/
if (ipsec_register_done(m, &error) < 0)
goto bad;
return ipsec_reinject_ipstack(m, saidx->dst.sa.sa_family);
+
bad:
m_freem(m);
- return (error);
+ return error;
}
static void
@@ -351,18 +349,13 @@
* ipsec_nextisr can return :
* - isr == NULL and error != 0 => something is bad : the packet must be
* discarded
- * - isr == NULL and error == 0 => no more rules to apply, ipsec processing
+ * - isr == NULL and error == 0 => no more rules to apply, ipsec processing
* is done, reinject it in ip stack
* - isr != NULL (error == 0) => we need to apply one rule to the packet
*/
static const struct ipsecrequest *
-ipsec_nextisr(
- struct mbuf *m,
- const struct ipsecrequest *isr,
- int af,
- int *error,
- struct secasvar **ret
-)
+ipsec_nextisr(struct mbuf *m, const struct ipsecrequest *isr, int af,
+ int *error, struct secasvar **ret)
{
#define IPSEC_OSTAT(type) \
do { \
@@ -413,18 +406,18 @@
goto bad;
}
/* sav may be NULL here if we have an USE rule */
- if (sav == NULL) {
+ if (sav == NULL) {
KASSERTMSG(ipsec_get_reqlevel(isr) == IPSEC_LEVEL_USE,
"no SA found, but required; level %u",
ipsec_get_reqlevel(isr));
isr = isr->next;
- /*
- * No more rules to apply, return NULL isr and no error
+ /*
+ * No more rules to apply, return NULL isr and no error
* It can happen when the last rules are USE rules
- * */
+ */
if (isr == NULL) {
*ret = NULL;
- *error = 0;
+ *error = 0;
return isr;
}
goto again;
@@ -451,6 +444,7 @@
KASSERT(sav->tdb_xform != NULL);
*ret = sav;
return isr;
+
bad:
KASSERTMSG(*error != 0, "error return w/ no error code");
return NULL;
@@ -474,7 +468,7 @@
KASSERT(m != NULL);
KASSERT(isr != NULL);
- s = splsoftnet(); /* insure SA contents don't change */
+ s = splsoftnet(); /* insure SA contents don't change */
isr = ipsec_nextisr(m, isr, AF_INET, &error, &sav);
if (isr == NULL) {
@@ -488,8 +482,8 @@
return ipsec_reinject_ipstack(m, AF_INET);
}
}
+ KASSERT(sav != NULL);
- KASSERT(sav != NULL);
/*
* Check if we need to handle NAT-T fragmentation.
*/
@@ -514,8 +508,8 @@
* Collect IP_DF state from the outer header.
*/
if (dst->sa.sa_family == AF_INET) {
- if (m->m_len < sizeof (struct ip) &&
- (m = m_pullup(m, sizeof (struct ip))) == NULL) {
+ if (m->m_len < sizeof(struct ip) &&
+ (m = m_pullup(m, sizeof(struct ip))) == NULL) {
error = ENOBUFS;
goto unrefsav;
}
@@ -536,6 +530,7 @@
ip = NULL; /* keep compiler happy */
setdf = 0;
}
+
/* Do the appropriate encapsulation, if necessary */
if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */
dst->sa.sa_family != AF_INET || /* PF mismatch */
@@ -549,8 +544,8 @@
struct mbuf *mp;
/* Fix IPv4 header checksum and length */
- if (m->m_len < sizeof (struct ip) &&
- (m = m_pullup(m, sizeof (struct ip))) == NULL) {
+ if (m->m_len < sizeof(struct ip) &&
+ (m = m_pullup(m, sizeof(struct ip))) == NULL) {
error = ENOBUFS;
goto unrefsav;
}
@@ -576,6 +571,7 @@
goto unrefsav;
}
m = mp, mp = NULL;
+
/*
* ipip_output clears IP_DF in the new header. If
* we need to propagate IP_DF from the outer header,
@@ -584,8 +580,8 @@
* XXX shouldn't assume what ipip_output does.
*/
if (dst->sa.sa_family == AF_INET && setdf) {
- if (m->m_len < sizeof (struct ip) &&
- (m = m_pullup(m, sizeof (struct ip))) == NULL) {
+ if (m->m_len < sizeof(struct ip) &&
+ (m = m_pullup(m, sizeof(struct ip))) == NULL) {
error = ENOBUFS;
goto unrefsav;
}
@@ -620,6 +616,7 @@
KEY_SA_UNREF(&sav);
splx(s);
return error;
+
unrefsav:
KEY_SA_UNREF(&sav);
bad:
@@ -634,10 +631,10 @@
static void
compute_ipsec_pos(struct mbuf *m, int *i, int *off)
{
- int nxt;
- struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr*);
+ struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct ip6_ext ip6e;
Home |
Main Index |
Thread Index |
Old Index