Module Name: src
Committed By: maxv
Date: Mon Feb 26 06:17:02 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c ipsec_input.c ipsec_mbuf.c ipsec_netbsd.c
ipsecif.c
Log Message:
Merge some minor (mostly stylistic) changes from last week.
To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.58 -r1.59 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.19 -r1.20 src/sys/netipsec/ipsec_mbuf.c
cvs rdiff -u -r1.46 -r1.47 src/sys/netipsec/ipsec_netbsd.c
cvs rdiff -u -r1.1 -r1.2 src/sys/netipsec/ipsecif.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.134 src/sys/netipsec/ipsec.c:1.135
--- src/sys/netipsec/ipsec.c:1.134 Wed Feb 21 16:42:33 2018
+++ src/sys/netipsec/ipsec.c Mon Feb 26 06:17:01 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.134 2018/02/21 16:42:33 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.134 2018/02/21 16:42:33 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $");
/*
* IPsec controller part.
@@ -594,6 +594,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
return NULL;
}
KASSERTMSG(*error == 0, "sp w/ error set to %u", *error);
+
switch (sp->policy) {
case IPSEC_POLICY_ENTRUST:
default:
@@ -612,11 +613,13 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
KASSERT(sp->req != NULL);
break;
}
+
if (*error != 0) {
KEY_SP_UNREF(&sp);
sp = NULL;
IPSECLOG(LOG_DEBUG, "done, error %d\n", *error);
}
+
return sp;
}
@@ -697,6 +700,7 @@ ipsec4_output(struct mbuf *m, struct inp
return 0;
}
}
+
/*
* Preserve KAME behaviour: ENOENT can be returned
* when an SA acquire is in progress. Don't propagate
@@ -767,8 +771,8 @@ ipsec4_forward(struct mbuf *m, int *dest
size_t ipsechdr;
int error;
- sp = ipsec_getpolicybyaddr(m,
- IPSEC_DIR_OUTBOUND, IP_FORWARDING, &error);
+ sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING,
+ &error);
if (sp == NULL) {
return EINVAL;
}
@@ -940,6 +944,7 @@ ipsec_setspidx(struct mbuf *m, struct se
KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_DUMP,
"total of m_len(%d) != pkthdr.len(%d), ignored.\n",
len, m->m_pkthdr.len);
+ KASSERTMSG(0, "impossible");
return EINVAL;
}
@@ -1474,7 +1479,6 @@ ipsec4_get_policy(struct inpcb *inp, con
return ipsec_get_policy(policy, mp);
}
-/* delete policy in PCB */
int
ipsec4_delete_pcbpolicy(struct inpcb *inp)
{
@@ -1590,8 +1594,7 @@ ipsec6_delete_pcbpolicy(struct in6pcb *i
#endif
/*
- * return current level.
- * Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned.
+ * Return the current level (either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE).
*/
u_int
ipsec_get_reqlevel(const struct ipsecrequest *isr)
@@ -1608,7 +1611,7 @@ ipsec_get_reqlevel(const struct ipsecreq
isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family);
/* XXX note that we have ipseclog() expanded here - code sync issue */
-#define IPSEC_CHECK_DEFAULT(lev) \
+#define IPSEC_CHECK_DEFAULT(lev) \
(((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \
&& (lev) != IPSEC_LEVEL_UNIQUE) ? \
(ipsec_debug ? log(LOG_INFO, "fixed system default level " #lev \
@@ -2145,13 +2148,11 @@ ipsec_address(const union sockaddr_union
in_print(buf, size, &sa->sin.sin_addr);
return buf;
#endif
-
#if INET6
case AF_INET6:
in6_print(buf, size, &sa->sin6.sin6_addr);
return buf;
#endif
-
default:
return "(unknown address family)";
}
@@ -2216,7 +2217,8 @@ ipsec6_check_policy(struct mbuf *m, stru
splx(s);
goto skippolicycheck;
}
- sp = ipsec6_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error,in6p);
+ sp = ipsec6_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags, &error,
+ in6p);
/*
* There are four return cases:
@@ -2270,11 +2272,13 @@ ipsec6_input(struct mbuf *m)
}
#endif /* INET6 */
-
+/*
+ * -----------------------------------------------------------------------------
+ */
/* XXX this stuff doesn't belong here... */
-static struct xformsw *xforms = NULL;
+static struct xformsw *xforms = NULL;
/*
* Register a transform; typically at system startup.
Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.58 src/sys/netipsec/ipsec_input.c:1.59
--- src/sys/netipsec/ipsec_input.c:1.58 Wed Feb 21 16:48:28 2018
+++ src/sys/netipsec/ipsec_input.c Mon Feb 26 06:17:01 2018
@@ -1,5 +1,5 @@
-/* $NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $ */
-/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $ */
+/* $FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.58 2018/02/21 16:48:28 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $");
/*
* IPsec input processing.
@@ -136,7 +136,7 @@ ipsec4_fixup_checksum(struct mbuf *m)
if (m == NULL)
return NULL;
}
- ip = mtod(m, struct ip *);
+ ip = mtod(m, struct ip *);
poff = ip->ip_hl << 2;
plen = ntohs(ip->ip_len) - poff;
@@ -157,8 +157,8 @@ ipsec4_fixup_checksum(struct mbuf *m)
IP6_EXTHDR_GET(uh, struct udphdr *, m, poff, sizeof(*uh));
if (uh == NULL)
return NULL;
- off = sizeof(*uh);
- if (off > plen) {
+ off = sizeof(*uh);
+ if (off > plen) {
m_freem(m);
return NULL;
}
@@ -166,7 +166,7 @@ ipsec4_fixup_checksum(struct mbuf *m)
uh->uh_sum = in4_cksum(m, IPPROTO_UDP, poff, plen);
break;
default:
- /* no checksum */
+ /* no checksum */
return m;
}
@@ -204,7 +204,7 @@ ipsec_common_input(struct mbuf *m, int s
return EOPNOTSUPP;
}
- if (m->m_pkthdr.len - skip < 2 * sizeof (u_int32_t)) {
+ if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t)) {
m_freem(m);
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
@@ -213,19 +213,18 @@ ipsec_common_input(struct mbuf *m, int s
}
/* Retrieve the SPI from the relevant IPsec header */
- if (sproto == IPPROTO_ESP)
+ if (sproto == IPPROTO_ESP) {
m_copydata(m, skip, sizeof(u_int32_t), &spi);
- else if (sproto == IPPROTO_AH)
+ } else if (sproto == IPPROTO_AH) {
m_copydata(m, skip + sizeof(u_int32_t), sizeof(u_int32_t), &spi);
- else if (sproto == IPPROTO_IPCOMP) {
+ } else if (sproto == IPPROTO_IPCOMP) {
u_int16_t cpi;
m_copydata(m, skip + sizeof(u_int16_t), sizeof(u_int16_t), &cpi);
spi = ntohl(htons(cpi));
} else {
- panic("ipsec_common_input called with bad protocol number :"
- "%d\n", sproto);
+ panic("%s called with bad protocol number: %d\n", __func__,
+ sproto);
}
-
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
@@ -235,7 +234,7 @@ ipsec_common_input(struct mbuf *m, int s
* kernel crypto routine. The resulting mbuf chain is a valid
* IP packet ready to go through input processing.
*/
- memset(&dst_address, 0, sizeof (dst_address));
+ memset(&dst_address, 0, sizeof(dst_address));
dst_address.sa.sa_family = af;
switch (af) {
#ifdef INET
@@ -245,7 +244,7 @@ ipsec_common_input(struct mbuf *m, int s
sizeof(struct in_addr),
&dst_address.sin.sin_addr);
break;
-#endif /* INET */
+#endif
#ifdef INET6
case AF_INET6:
dst_address.sin6.sin6_len = sizeof(struct sockaddr_in6);
@@ -257,7 +256,7 @@ ipsec_common_input(struct mbuf *m, int s
return EINVAL;
}
break;
-#endif /* INET6 */
+#endif
default:
IPSECLOG(LOG_DEBUG, "unsupported protocol family %u\n", af);
m_freem(m);
@@ -309,8 +308,8 @@ ipsec4_common_input(struct mbuf *m, ...)
nxt = va_arg(ap, int);
va_end(ap);
- (void) ipsec_common_input(m, off, offsetof(struct ip, ip_p),
- AF_INET, nxt);
+ (void)ipsec_common_input(m, off, offsetof(struct ip, ip_p),
+ AF_INET, nxt);
}
/*
@@ -465,12 +464,13 @@ cantpull:
key_sa_recordxfer(sav, m); /* record data transfer */
if ((inetsw[ip_protox[prot]].pr_flags & PR_LASTHDR) != 0 &&
- ipsec4_in_reject(m, NULL)) {
+ ipsec4_in_reject(m, NULL)) {
error = EINVAL;
goto bad;
}
(*inetsw[ip_protox[prot]].pr_input)(m, skip, prot);
return 0;
+
bad:
m_freem(m);
return error;
@@ -478,7 +478,6 @@ bad:
#endif /* INET */
#ifdef INET6
-/* IPv6 AH wrapper. */
int
ipsec6_common_input(struct mbuf **mp, int *offp, int proto)
{
@@ -531,8 +530,8 @@ ipsec6_common_input(struct mbuf **mp, in
return IPPROTO_DONE;
}
-extern const struct ip6protosw inet6sw[];
-extern u_char ip6_protox[];
+extern const struct ip6protosw inet6sw[];
+extern u_char ip6_protox[];
/*
* IPsec input callback, called by the transform callback. Takes care of
@@ -571,12 +570,10 @@ ipsec6_common_input_cb(struct mbuf *m, s
/* Fix IPv6 header */
if (m->m_len < sizeof(struct ip6_hdr) &&
(m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
-
char buf[IPSEC_ADDRSTRLEN];
IPSECLOG(LOG_DEBUG, "processing failed for SA %s/%08lx\n",
ipsec_address(&sav->sah->saidx.dst,
buf, sizeof(buf)), (u_long) ntohl(sav->spi));
-
IPSEC_ISTAT(sproto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
IPCOMP_STAT_HDROPS);
error = EACCES;
@@ -688,10 +685,11 @@ ipsec6_common_input_cb(struct mbuf *m, s
if (m->m_pkthdr.len < skip) {
IP6_STATINC(IP6_STAT_TOOSHORT);
in6_ifstat_inc(m_get_rcvif_NOMPSAFE(m),
- ifs6_in_truncated);
+ ifs6_in_truncated);
error = EINVAL;
goto bad;
}
+
/*
* Enforce IPsec policy checking if we are seeing last header.
* note that we do not visit this with protocols with pcb layer
Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.19 src/sys/netipsec/ipsec_mbuf.c:1.20
--- src/sys/netipsec/ipsec_mbuf.c:1.19 Wed Feb 14 14:19:53 2018
+++ src/sys/netipsec/ipsec_mbuf.c Mon Feb 26 06:17:01 2018
@@ -1,5 +1,6 @@
-/* $NetBSD: ipsec_mbuf.c,v 1.19 2018/02/14 14:19:53 maxv Exp $ */
-/*-
+/* $NetBSD: ipsec_mbuf.c,v 1.20 2018/02/26 06:17:01 maxv Exp $ */
+
+/*
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
* All rights reserved.
*
@@ -28,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.19 2018/02/14 14:19:53 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.20 2018/02/26 06:17:01 maxv Exp $");
/*
* IPsec-specific mbuf routines.
@@ -223,7 +224,7 @@ m_makespace(struct mbuf *m0, int skip, i
* At this point skip is the offset into the mbuf m
* where the new header should be placed. Figure out
* if there's space to insert the new header. If so,
- * and copying the remainder makese sense then do so.
+ * and copying the remainder makes sense then do so.
* Otherwise insert a new mbuf in the chain, splitting
* the contents of m as needed.
*/
@@ -241,8 +242,7 @@ m_makespace(struct mbuf *m0, int skip, i
if (todo > MHLEN) {
n = m_getcl(M_DONTWAIT, m->m_type, 0);
len = MCLBYTES;
- }
- else {
+ } else {
n = m_get(M_DONTWAIT, m->m_type);
len = MHLEN;
}
@@ -267,8 +267,7 @@ m_makespace(struct mbuf *m0, int skip, i
*np = m->m_next;
m->m_next = n0;
}
- }
- else {
+ } else {
n = m_get(M_DONTWAIT, m->m_type);
if (n == NULL) {
m_freem(n0);
Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.46 src/sys/netipsec/ipsec_netbsd.c:1.47
--- src/sys/netipsec/ipsec_netbsd.c:1.46 Fri Feb 16 09:24:55 2018
+++ src/sys/netipsec/ipsec_netbsd.c Mon Feb 26 06:17:01 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_netbsd.c,v 1.46 2018/02/16 09:24:55 maxv Exp $ */
+/* $NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $ */
/* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */
/* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.46 2018/02/16 09:24:55 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -64,7 +64,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd
#include <netinet/ip_ecn.h>
#include <netinet/ip_icmp.h>
-
#include <netipsec/ipsec.h>
#include <netipsec/ipsec_var.h>
#include <netipsec/ipsec_private.h>
@@ -87,7 +86,7 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd
#include <netipsec/key.h>
/* assumes that ip header and ah header are contiguous on mbuf */
-void*
+void *
ah4_ctlinput(int cmd, const struct sockaddr *sa, void *v)
{
struct ip *ip = v;
@@ -96,7 +95,7 @@ ah4_ctlinput(int cmd, const struct socka
struct secasvar *sav;
if (sa->sa_family != AF_INET ||
- sa->sa_len != sizeof(struct sockaddr_in))
+ sa->sa_len != sizeof(struct sockaddr_in))
return NULL;
if ((unsigned)cmd >= PRC_NCMDS)
return NULL;
@@ -108,18 +107,18 @@ ah4_ctlinput(int cmd, const struct socka
*/
ah = (struct ah *)((char *)ip + (ip->ip_hl << 2));
sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa,
- IPPROTO_AH, ah->ah_spi, 0, 0);
+ IPPROTO_AH, ah->ah_spi, 0, 0);
if (sav) {
if (SADB_SASTATE_USABLE_P(sav)) {
/*
- * Now that we've validated that we are actually
- * communicating with the host indicated in the
- * ICMP message, locate the ICMP header,
+ * Now that we've validated that we are actually
+ * communicating with the host indicated in the
+ * ICMP message, locate the ICMP header,
* recalculate the new MTU, and create the
- * corresponding routing entry.
- */
- icp = (struct icmp *)((char *)ip -
+ * corresponding routing entry.
+ */
+ icp = (struct icmp *)((char *)ip -
offsetof(struct icmp, icmp_ip));
icmp_mtudisc(icp, ip->ip_dst);
}
@@ -129,10 +128,8 @@ ah4_ctlinput(int cmd, const struct socka
return NULL;
}
-
-
/* assumes that ip header and esp header are contiguous on mbuf */
-void*
+void *
esp4_ctlinput(int cmd, const struct sockaddr *sa, void *v)
{
struct ip *ip = v;
@@ -153,18 +150,18 @@ esp4_ctlinput(int cmd, const struct sock
*/
esp = (struct esp *)((char *)ip + (ip->ip_hl << 2));
sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa,
- IPPROTO_ESP, esp->esp_spi, 0, 0);
+ IPPROTO_ESP, esp->esp_spi, 0, 0);
if (sav) {
if (SADB_SASTATE_USABLE_P(sav)) {
/*
- * Now that we've validated that we are actually
- * communicating with the host indicated in the
- * ICMP message, locate the ICMP header,
+ * Now that we've validated that we are actually
+ * communicating with the host indicated in the
+ * ICMP message, locate the ICMP header,
* recalculate the new MTU, and create the
- * corresponding routing entry.
- */
- icp = (struct icmp *)((char *)ip -
+ * corresponding routing entry.
+ */
+ icp = (struct icmp *)((char *)ip -
offsetof(struct icmp, icmp_ip));
icmp_mtudisc(icp, ip->ip_dst);
}
@@ -245,11 +242,11 @@ ah6_ctlinput(int cmd, const struct socka
/*
* Depending on the value of "valid" and routing
* table size (mtudisc_{hi,lo}wat), we will:
- * - recalcurate the new MTU and create the
+ * - recalculate the new MTU and create the
* corresponding routing entry, or
* - ignore the MTU change notification.
*/
- icmp6_mtudisc_update((struct ip6ctlparam *)d,valid);
+ icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
}
/* we normally notify single pcb here */
@@ -259,8 +256,6 @@ ah6_ctlinput(int cmd, const struct socka
return NULL;
}
-
-
void *
esp6_ctlinput(int cmd, const struct sockaddr *sa, void *d)
{
@@ -337,7 +332,7 @@ esp6_ctlinput(int cmd, const struct sock
*/
sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa,
- IPPROTO_ESP, espp->esp_spi, 0, 0);
+ IPPROTO_ESP, espp->esp_spi, 0, 0);
if (sav) {
if (SADB_SASTATE_USABLE_P(sav))
@@ -386,7 +381,7 @@ sysctl_ipsec(SYSCTLFN_ARGS)
return (EINVAL);
ipsec_invalpcbcacheall();
break;
- case IPSECCTL_DEF_POLICY:
+ case IPSECCTL_DEF_POLICY:
if (t != IPSEC_POLICY_DISCARD &&
t != IPSEC_POLICY_NONE)
return (EINVAL);
Index: src/sys/netipsec/ipsecif.c
diff -u src/sys/netipsec/ipsecif.c:1.1 src/sys/netipsec/ipsecif.c:1.2
--- src/sys/netipsec/ipsecif.c:1.1 Wed Jan 10 10:56:30 2018
+++ src/sys/netipsec/ipsecif.c Mon Feb 26 06:17:01 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsecif.c,v 1.1 2018/01/10 10:56:30 knakahara Exp $ */
+/* $NetBSD: ipsecif.c,v 1.2 2018/02/26 06:17:01 maxv Exp $ */
/*
* Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.1 2018/01/10 10:56:30 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsecif.c,v 1.2 2018/02/26 06:17:01 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -121,7 +121,7 @@ ipsecif4_prepend_hdr(struct ipsec_varian
m->m_flags &= ~M_BCAST;
if (IN_MULTICAST(src->sin_addr.s_addr) ||
- IN_MULTICAST(dst->sin_addr.s_addr)) {
+ IN_MULTICAST(dst->sin_addr.s_addr)) {
m_freem(m);
return NULL;
}
@@ -179,7 +179,6 @@ ipsecif4_needfrag(struct mbuf *m, struct
if (m->m_len < sizeof(struct ip)) {
m_copydata(m, 0, sizeof(ip0), &ip0);
ip = &ip0;
-
} else {
ip = mtod(m, struct ip *);
}
@@ -207,10 +206,10 @@ ipsecif4_flowinfo(struct mbuf *m, int fa
proto = IPPROTO_IPV4;
if (m->m_len < sizeof(*ip)) {
m = m_pullup(m, sizeof(*ip));
- if (!m) {
+ if (m == NULL) {
*tos0 = 0;
*proto0 = 0;
- return NULL;
+ return NULL;
}
}
ip = mtod(m, const struct ip *);
@@ -223,7 +222,7 @@ ipsecif4_flowinfo(struct mbuf *m, int fa
proto = IPPROTO_IPV6;
if (m->m_len < sizeof(*ip6)) {
m = m_pullup(m, sizeof(*ip6));
- if (!m) {
+ if (m == NULL) {
*tos0 = 0;
*proto0 = 0;
return NULL;
@@ -356,7 +355,7 @@ ipsecif4_output(struct ipsec_variant *va
KASSERT(sp->policy != IPSEC_POLICY_NONE);
KASSERT(sp->policy != IPSEC_POLICY_ENTRUST);
KASSERT(sp->policy != IPSEC_POLICY_BYPASS);
- if(sp->policy != IPSEC_POLICY_IPSEC) {
+ if (sp->policy != IPSEC_POLICY_IPSEC) {
struct ifnet *ifp = &var->iv_softc->ipsec_if;
m_freem(m);
IF_DROP(&ifp->if_snd);
@@ -439,15 +438,12 @@ ipsecif6_output(struct ipsec_variant *va
proto = IPPROTO_IPV4;
if (m->m_len < sizeof(*ip)) {
m = m_pullup(m, sizeof(*ip));
- if (!m)
+ if (m == NULL)
return ENOBUFS;
}
ip = mtod(m, struct ip *);
itos = ip->ip_tos;
- /*
- * TODO:
- *support ALTQ for innner packet
- */
+ /* TODO: support ALTQ for innner packet */
break;
}
#endif /* INET */
@@ -457,14 +453,12 @@ ipsecif6_output(struct ipsec_variant *va
proto = IPPROTO_IPV6;
if (m->m_len < sizeof(*xip6)) {
m = m_pullup(m, sizeof(*xip6));
- if (!m)
+ if (m == NULL)
return ENOBUFS;
}
xip6 = mtod(m, struct ip6_hdr *);
itos = (ntohl(xip6->ip6_flow) >> 20) & 0xff;
- /* TODO:
- * support ALTQ for innner packet
- */
+ /* TODO: support ALTQ for innner packet */
break;
}
default:
@@ -605,7 +599,7 @@ ipsecif4_input(struct mbuf *m, int off,
af = AF_INET;
if (M_UNWRITABLE(m, sizeof(*xip))) {
m = m_pullup(m, sizeof(*xip));
- if (!m)
+ if (m == NULL)
return;
}
xip = mtod(m, struct ip *);
@@ -625,7 +619,7 @@ ipsecif4_input(struct mbuf *m, int off,
af = AF_INET6;
if (M_UNWRITABLE(m, sizeof(*ip6))) {
m = m_pullup(m, sizeof(*ip6));
- if (!m)
+ if (m == NULL)
return;
}
ip6 = mtod(m, struct ip6_hdr *);
@@ -730,7 +724,7 @@ ipsecif6_input(struct mbuf **mp, int *of
if (M_UNWRITABLE(m, sizeof(*ip))) {
m = m_pullup(m, sizeof(*ip));
- if (!m)
+ if (m == NULL)
return IPPROTO_DONE;
}
ip = mtod(m, struct ip *);
@@ -750,7 +744,7 @@ ipsecif6_input(struct mbuf **mp, int *of
if (M_UNWRITABLE(m, sizeof(*xip6))) {
m = m_pullup(m, sizeof(*xip6));
- if (!m)
+ if (m == NULL)
return IPPROTO_DONE;
}
xip6 = mtod(m, struct ip6_hdr *);
