Module Name: src Committed By: maxv Date: Mon Feb 26 06:17:02 UTC 2018
Modified Files: src/sys/netipsec: ipsec.c ipsec_input.c ipsec_mbuf.c ipsec_netbsd.c ipsecif.c Log Message: Merge some minor (mostly stylistic) changes from last week. To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/sys/netipsec/ipsec.c cvs rdiff -u -r1.58 -r1.59 src/sys/netipsec/ipsec_input.c cvs rdiff -u -r1.19 -r1.20 src/sys/netipsec/ipsec_mbuf.c cvs rdiff -u -r1.46 -r1.47 src/sys/netipsec/ipsec_netbsd.c cvs rdiff -u -r1.1 -r1.2 src/sys/netipsec/ipsecif.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.134 src/sys/netipsec/ipsec.c:1.135 --- src/sys/netipsec/ipsec.c:1.134 Wed Feb 21 16:42:33 2018 +++ src/sys/netipsec/ipsec.c Mon Feb 26 06:17:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.134 2018/02/21 16:42:33 maxv Exp $ */ +/* $NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.134 2018/02/21 16:42:33 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $"); /* * IPsec controller part. @@ -594,6 +594,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int return NULL; } KASSERTMSG(*error == 0, "sp w/ error set to %u", *error); + switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: @@ -612,11 +613,13 @@ ipsec4_checkpolicy(struct mbuf *m, u_int KASSERT(sp->req != NULL); break; } + if (*error != 0) { KEY_SP_UNREF(&sp); sp = NULL; IPSECLOG(LOG_DEBUG, "done, error %d\n", *error); } + return sp; } @@ -697,6 +700,7 @@ ipsec4_output(struct mbuf *m, struct inp return 0; } } + /* * Preserve KAME behaviour: ENOENT can be returned * when an SA acquire is in progress. Don't propagate @@ -767,8 +771,8 @@ ipsec4_forward(struct mbuf *m, int *dest size_t ipsechdr; int error; - sp = ipsec_getpolicybyaddr(m, - IPSEC_DIR_OUTBOUND, IP_FORWARDING, &error); + sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING, + &error); if (sp == NULL) { return EINVAL; } @@ -940,6 +944,7 @@ ipsec_setspidx(struct mbuf *m, struct se KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP, "total of m_len(%d) != pkthdr.len(%d), ignored.\n", len, m->m_pkthdr.len); + KASSERTMSG(0, "impossible"); return EINVAL; } @@ -1474,7 +1479,6 @@ ipsec4_get_policy(struct inpcb *inp, con return ipsec_get_policy(policy, mp); } -/* delete policy in PCB */ int ipsec4_delete_pcbpolicy(struct inpcb *inp) { @@ -1590,8 +1594,7 @@ ipsec6_delete_pcbpolicy(struct in6pcb *i #endif /* - * return current level. - * Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned. + * Return the current level (either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE). */ u_int ipsec_get_reqlevel(const struct ipsecrequest *isr) @@ -1608,7 +1611,7 @@ ipsec_get_reqlevel(const struct ipsecreq isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family); /* XXX note that we have ipseclog() expanded here - code sync issue */ -#define IPSEC_CHECK_DEFAULT(lev) \ +#define IPSEC_CHECK_DEFAULT(lev) \ (((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \ && (lev) != IPSEC_LEVEL_UNIQUE) ? \ (ipsec_debug ? log(LOG_INFO, "fixed system default level " #lev \ @@ -2145,13 +2148,11 @@ ipsec_address(const union sockaddr_union in_print(buf, size, &sa->sin.sin_addr); return buf; #endif - #if INET6 case AF_INET6: in6_print(buf, size, &sa->sin6.sin6_addr); return buf; #endif - default: return "(unknown address family)"; } @@ -2216,7 +2217,8 @@ ipsec6_check_policy(struct mbuf *m, stru splx(s); goto skippolicycheck; } - sp = ipsec6_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error,in6p); + sp = ipsec6_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error, + in6p); /* * There are four return cases: @@ -2270,11 +2272,13 @@ ipsec6_input(struct mbuf *m) } #endif /* INET6 */ - +/* + * ----------------------------------------------------------------------------- + */ /* XXX this stuff doesn't belong here... */ -static struct xformsw *xforms = NULL; +static struct xformsw *xforms = NULL; /* * Register a transform; typically at system startup. Index: src/sys/netipsec/ipsec_input.c diff -u src/sys/netipsec/ipsec_input.c:1.58 src/sys/netipsec/ipsec_input.c:1.59 --- src/sys/netipsec/ipsec_input.c:1.58 Wed Feb 21 16:48:28 2018 +++ src/sys/netipsec/ipsec_input.c Mon Feb 26 06:17:01 2018 @@ -1,5 +1,5 @@ -/* $NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $ */ -/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ +/* $NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $ */ +/* $FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ /* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ /* @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $"); /* * IPsec input processing. @@ -136,7 +136,7 @@ ipsec4_fixup_checksum(struct mbuf *m) if (m == NULL) return NULL; } - ip = mtod(m, struct ip *); + ip = mtod(m, struct ip *); poff = ip->ip_hl << 2; plen = ntohs(ip->ip_len) - poff; @@ -157,8 +157,8 @@ ipsec4_fixup_checksum(struct mbuf *m) IP6_EXTHDR_GET(uh, struct udphdr *, m, poff, sizeof(*uh)); if (uh == NULL) return NULL; - off = sizeof(*uh); - if (off > plen) { + off = sizeof(*uh); + if (off > plen) { m_freem(m); return NULL; } @@ -166,7 +166,7 @@ ipsec4_fixup_checksum(struct mbuf *m) uh->uh_sum = in4_cksum(m, IPPROTO_UDP, poff, plen); break; default: - /* no checksum */ + /* no checksum */ return m; } @@ -204,7 +204,7 @@ ipsec_common_input(struct mbuf *m, int s return EOPNOTSUPP; } - if (m->m_pkthdr.len - skip < 2 * sizeof (u_int32_t)) { + if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t)) { m_freem(m); IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS, IPCOMP_STAT_HDROPS); @@ -213,19 +213,18 @@ ipsec_common_input(struct mbuf *m, int s } /* Retrieve the SPI from the relevant IPsec header */ - if (sproto == IPPROTO_ESP) + if (sproto == IPPROTO_ESP) { m_copydata(m, skip, sizeof(u_int32_t), &spi); - else if (sproto == IPPROTO_AH) + } else if (sproto == IPPROTO_AH) { m_copydata(m, skip + sizeof(u_int32_t), sizeof(u_int32_t), &spi); - else if (sproto == IPPROTO_IPCOMP) { + } else if (sproto == IPPROTO_IPCOMP) { u_int16_t cpi; m_copydata(m, skip + sizeof(u_int16_t), sizeof(u_int16_t), &cpi); spi = ntohl(htons(cpi)); } else { - panic("ipsec_common_input called with bad protocol number :" - "%d\n", sproto); + panic("%s called with bad protocol number: %d\n", __func__, + sproto); } - /* find the source port for NAT-T */ nat_t_ports_get(m, &dport, &sport); @@ -235,7 +234,7 @@ ipsec_common_input(struct mbuf *m, int s * kernel crypto routine. The resulting mbuf chain is a valid * IP packet ready to go through input processing. */ - memset(&dst_address, 0, sizeof (dst_address)); + memset(&dst_address, 0, sizeof(dst_address)); dst_address.sa.sa_family = af; switch (af) { #ifdef INET @@ -245,7 +244,7 @@ ipsec_common_input(struct mbuf *m, int s sizeof(struct in_addr), &dst_address.sin.sin_addr); break; -#endif /* INET */ +#endif #ifdef INET6 case AF_INET6: dst_address.sin6.sin6_len = sizeof(struct sockaddr_in6); @@ -257,7 +256,7 @@ ipsec_common_input(struct mbuf *m, int s return EINVAL; } break; -#endif /* INET6 */ +#endif default: IPSECLOG(LOG_DEBUG, "unsupported protocol family %u\n", af); m_freem(m); @@ -309,8 +308,8 @@ ipsec4_common_input(struct mbuf *m, ...) nxt = va_arg(ap, int); va_end(ap); - (void) ipsec_common_input(m, off, offsetof(struct ip, ip_p), - AF_INET, nxt); + (void)ipsec_common_input(m, off, offsetof(struct ip, ip_p), + AF_INET, nxt); } /* @@ -465,12 +464,13 @@ cantpull: key_sa_recordxfer(sav, m); /* record data transfer */ if ((inetsw[ip_protox[prot]].pr_flags & PR_LASTHDR) != 0 && - ipsec4_in_reject(m, NULL)) { + ipsec4_in_reject(m, NULL)) { error = EINVAL; goto bad; } (*inetsw[ip_protox[prot]].pr_input)(m, skip, prot); return 0; + bad: m_freem(m); return error; @@ -478,7 +478,6 @@ bad: #endif /* INET */ #ifdef INET6 -/* IPv6 AH wrapper. */ int ipsec6_common_input(struct mbuf **mp, int *offp, int proto) { @@ -531,8 +530,8 @@ ipsec6_common_input(struct mbuf **mp, in return IPPROTO_DONE; } -extern const struct ip6protosw inet6sw[]; -extern u_char ip6_protox[]; +extern const struct ip6protosw inet6sw[]; +extern u_char ip6_protox[]; /* * IPsec input callback, called by the transform callback. Takes care of @@ -571,12 +570,10 @@ ipsec6_common_input_cb(struct mbuf *m, s /* Fix IPv6 header */ if (m->m_len < sizeof(struct ip6_hdr) && (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { - char buf[IPSEC_ADDRSTRLEN]; IPSECLOG(LOG_DEBUG, "processing failed for SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); - IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS, IPCOMP_STAT_HDROPS); error = EACCES; @@ -688,10 +685,11 @@ ipsec6_common_input_cb(struct mbuf *m, s if (m->m_pkthdr.len < skip) { IP6_STATINC(IP6_STAT_TOOSHORT); in6_ifstat_inc(m_get_rcvif_NOMPSAFE(m), - ifs6_in_truncated); + ifs6_in_truncated); error = EINVAL; goto bad; } + /* * Enforce IPsec policy checking if we are seeing last header. * note that we do not visit this with protocols with pcb layer Index: src/sys/netipsec/ipsec_mbuf.c diff -u src/sys/netipsec/ipsec_mbuf.c:1.19 src/sys/netipsec/ipsec_mbuf.c:1.20 --- src/sys/netipsec/ipsec_mbuf.c:1.19 Wed Feb 14 14:19:53 2018 +++ src/sys/netipsec/ipsec_mbuf.c Mon Feb 26 06:17:01 2018 @@ -1,5 +1,6 @@ -/* $NetBSD: ipsec_mbuf.c,v 1.19 2018/02/14 14:19:53 maxv Exp $ */ -/*- +/* $NetBSD: ipsec_mbuf.c,v 1.20 2018/02/26 06:17:01 maxv Exp $ */ + +/* * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. * @@ -28,7 +29,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.19 2018/02/14 14:19:53 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.20 2018/02/26 06:17:01 maxv Exp $"); /* * IPsec-specific mbuf routines. @@ -223,7 +224,7 @@ m_makespace(struct mbuf *m0, int skip, i * At this point skip is the offset into the mbuf m * where the new header should be placed. Figure out * if there's space to insert the new header. If so, - * and copying the remainder makese sense then do so. + * and copying the remainder makes sense then do so. * Otherwise insert a new mbuf in the chain, splitting * the contents of m as needed. */ @@ -241,8 +242,7 @@ m_makespace(struct mbuf *m0, int skip, i if (todo > MHLEN) { n = m_getcl(M_DONTWAIT, m->m_type, 0); len = MCLBYTES; - } - else { + } else { n = m_get(M_DONTWAIT, m->m_type); len = MHLEN; } @@ -267,8 +267,7 @@ m_makespace(struct mbuf *m0, int skip, i *np = m->m_next; m->m_next = n0; } - } - else { + } else { n = m_get(M_DONTWAIT, m->m_type); if (n == NULL) { m_freem(n0); Index: src/sys/netipsec/ipsec_netbsd.c diff -u src/sys/netipsec/ipsec_netbsd.c:1.46 src/sys/netipsec/ipsec_netbsd.c:1.47 --- src/sys/netipsec/ipsec_netbsd.c:1.46 Fri Feb 16 09:24:55 2018 +++ src/sys/netipsec/ipsec_netbsd.c Mon Feb 26 06:17:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_netbsd.c,v 1.46 2018/02/16 09:24:55 maxv Exp $ */ +/* $NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $ */ /* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */ /* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.46 2018/02/16 09:24:55 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -64,7 +64,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd #include <netinet/ip_ecn.h> #include <netinet/ip_icmp.h> - #include <netipsec/ipsec.h> #include <netipsec/ipsec_var.h> #include <netipsec/ipsec_private.h> @@ -87,7 +86,7 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd #include <netipsec/key.h> /* assumes that ip header and ah header are contiguous on mbuf */ -void* +void * ah4_ctlinput(int cmd, const struct sockaddr *sa, void *v) { struct ip *ip = v; @@ -96,7 +95,7 @@ ah4_ctlinput(int cmd, const struct socka struct secasvar *sav; if (sa->sa_family != AF_INET || - sa->sa_len != sizeof(struct sockaddr_in)) + sa->sa_len != sizeof(struct sockaddr_in)) return NULL; if ((unsigned)cmd >= PRC_NCMDS) return NULL; @@ -108,18 +107,18 @@ ah4_ctlinput(int cmd, const struct socka */ ah = (struct ah *)((char *)ip + (ip->ip_hl << 2)); sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa, - IPPROTO_AH, ah->ah_spi, 0, 0); + IPPROTO_AH, ah->ah_spi, 0, 0); if (sav) { if (SADB_SASTATE_USABLE_P(sav)) { /* - * Now that we've validated that we are actually - * communicating with the host indicated in the - * ICMP message, locate the ICMP header, + * Now that we've validated that we are actually + * communicating with the host indicated in the + * ICMP message, locate the ICMP header, * recalculate the new MTU, and create the - * corresponding routing entry. - */ - icp = (struct icmp *)((char *)ip - + * corresponding routing entry. + */ + icp = (struct icmp *)((char *)ip - offsetof(struct icmp, icmp_ip)); icmp_mtudisc(icp, ip->ip_dst); } @@ -129,10 +128,8 @@ ah4_ctlinput(int cmd, const struct socka return NULL; } - - /* assumes that ip header and esp header are contiguous on mbuf */ -void* +void * esp4_ctlinput(int cmd, const struct sockaddr *sa, void *v) { struct ip *ip = v; @@ -153,18 +150,18 @@ esp4_ctlinput(int cmd, const struct sock */ esp = (struct esp *)((char *)ip + (ip->ip_hl << 2)); sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa, - IPPROTO_ESP, esp->esp_spi, 0, 0); + IPPROTO_ESP, esp->esp_spi, 0, 0); if (sav) { if (SADB_SASTATE_USABLE_P(sav)) { /* - * Now that we've validated that we are actually - * communicating with the host indicated in the - * ICMP message, locate the ICMP header, + * Now that we've validated that we are actually + * communicating with the host indicated in the + * ICMP message, locate the ICMP header, * recalculate the new MTU, and create the - * corresponding routing entry. - */ - icp = (struct icmp *)((char *)ip - + * corresponding routing entry. + */ + icp = (struct icmp *)((char *)ip - offsetof(struct icmp, icmp_ip)); icmp_mtudisc(icp, ip->ip_dst); } @@ -245,11 +242,11 @@ ah6_ctlinput(int cmd, const struct socka /* * Depending on the value of "valid" and routing * table size (mtudisc_{hi,lo}wat), we will: - * - recalcurate the new MTU and create the + * - recalculate the new MTU and create the * corresponding routing entry, or * - ignore the MTU change notification. */ - icmp6_mtudisc_update((struct ip6ctlparam *)d,valid); + icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); } /* we normally notify single pcb here */ @@ -259,8 +256,6 @@ ah6_ctlinput(int cmd, const struct socka return NULL; } - - void * esp6_ctlinput(int cmd, const struct sockaddr *sa, void *d) { @@ -337,7 +332,7 @@ esp6_ctlinput(int cmd, const struct sock */ sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa, - IPPROTO_ESP, espp->esp_spi, 0, 0); + IPPROTO_ESP, espp->esp_spi, 0, 0); if (sav) { if (SADB_SASTATE_USABLE_P(sav)) @@ -386,7 +381,7 @@ sysctl_ipsec(SYSCTLFN_ARGS) return (EINVAL); ipsec_invalpcbcacheall(); break; - case IPSECCTL_DEF_POLICY: + case IPSECCTL_DEF_POLICY: if (t != IPSEC_POLICY_DISCARD && t != IPSEC_POLICY_NONE) return (EINVAL); Index: src/sys/netipsec/ipsecif.c diff -u src/sys/netipsec/ipsecif.c:1.1 src/sys/netipsec/ipsecif.c:1.2 --- src/sys/netipsec/ipsecif.c:1.1 Wed Jan 10 10:56:30 2018 +++ src/sys/netipsec/ipsecif.c Mon Feb 26 06:17:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsecif.c,v 1.1 2018/01/10 10:56:30 knakahara Exp $ */ +/* $NetBSD: ipsecif.c,v 1.2 2018/02/26 06:17:01 maxv Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.1 2018/01/10 10:56:30 knakahara Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.2 2018/02/26 06:17:01 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -121,7 +121,7 @@ ipsecif4_prepend_hdr(struct ipsec_varian m->m_flags &= ~M_BCAST; if (IN_MULTICAST(src->sin_addr.s_addr) || - IN_MULTICAST(dst->sin_addr.s_addr)) { + IN_MULTICAST(dst->sin_addr.s_addr)) { m_freem(m); return NULL; } @@ -179,7 +179,6 @@ ipsecif4_needfrag(struct mbuf *m, struct if (m->m_len < sizeof(struct ip)) { m_copydata(m, 0, sizeof(ip0), &ip0); ip = &ip0; - } else { ip = mtod(m, struct ip *); } @@ -207,10 +206,10 @@ ipsecif4_flowinfo(struct mbuf *m, int fa proto = IPPROTO_IPV4; if (m->m_len < sizeof(*ip)) { m = m_pullup(m, sizeof(*ip)); - if (!m) { + if (m == NULL) { *tos0 = 0; *proto0 = 0; - return NULL; + return NULL; } } ip = mtod(m, const struct ip *); @@ -223,7 +222,7 @@ ipsecif4_flowinfo(struct mbuf *m, int fa proto = IPPROTO_IPV6; if (m->m_len < sizeof(*ip6)) { m = m_pullup(m, sizeof(*ip6)); - if (!m) { + if (m == NULL) { *tos0 = 0; *proto0 = 0; return NULL; @@ -356,7 +355,7 @@ ipsecif4_output(struct ipsec_variant *va KASSERT(sp->policy != IPSEC_POLICY_NONE); KASSERT(sp->policy != IPSEC_POLICY_ENTRUST); KASSERT(sp->policy != IPSEC_POLICY_BYPASS); - if(sp->policy != IPSEC_POLICY_IPSEC) { + if (sp->policy != IPSEC_POLICY_IPSEC) { struct ifnet *ifp = &var->iv_softc->ipsec_if; m_freem(m); IF_DROP(&ifp->if_snd); @@ -439,15 +438,12 @@ ipsecif6_output(struct ipsec_variant *va proto = IPPROTO_IPV4; if (m->m_len < sizeof(*ip)) { m = m_pullup(m, sizeof(*ip)); - if (!m) + if (m == NULL) return ENOBUFS; } ip = mtod(m, struct ip *); itos = ip->ip_tos; - /* - * TODO: - *support ALTQ for innner packet - */ + /* TODO: support ALTQ for innner packet */ break; } #endif /* INET */ @@ -457,14 +453,12 @@ ipsecif6_output(struct ipsec_variant *va proto = IPPROTO_IPV6; if (m->m_len < sizeof(*xip6)) { m = m_pullup(m, sizeof(*xip6)); - if (!m) + if (m == NULL) return ENOBUFS; } xip6 = mtod(m, struct ip6_hdr *); itos = (ntohl(xip6->ip6_flow) >> 20) & 0xff; - /* TODO: - * support ALTQ for innner packet - */ + /* TODO: support ALTQ for innner packet */ break; } default: @@ -605,7 +599,7 @@ ipsecif4_input(struct mbuf *m, int off, af = AF_INET; if (M_UNWRITABLE(m, sizeof(*xip))) { m = m_pullup(m, sizeof(*xip)); - if (!m) + if (m == NULL) return; } xip = mtod(m, struct ip *); @@ -625,7 +619,7 @@ ipsecif4_input(struct mbuf *m, int off, af = AF_INET6; if (M_UNWRITABLE(m, sizeof(*ip6))) { m = m_pullup(m, sizeof(*ip6)); - if (!m) + if (m == NULL) return; } ip6 = mtod(m, struct ip6_hdr *); @@ -730,7 +724,7 @@ ipsecif6_input(struct mbuf **mp, int *of if (M_UNWRITABLE(m, sizeof(*ip))) { m = m_pullup(m, sizeof(*ip)); - if (!m) + if (m == NULL) return IPPROTO_DONE; } ip = mtod(m, struct ip *); @@ -750,7 +744,7 @@ ipsecif6_input(struct mbuf **mp, int *of if (M_UNWRITABLE(m, sizeof(*xip6))) { m = m_pullup(m, sizeof(*xip6)); - if (!m) + if (m == NULL) return IPPROTO_DONE; } xip6 = mtod(m, struct ip6_hdr *);