svn commit: r186531 - head/sys/netipsec
Bjoern A. Zeeb
bz at FreeBSD.org
Sat Dec 27 22:58:17 UTC 2008
Author: bz
Date: Sat Dec 27 22:58:16 2008
New Revision: 186531
URL: http://svn.freebsd.org/changeset/base/186531
Log:
Non-functional (style) changes:
- Always use round brackets with return ().
- Add empty line to beginning of functions without local variables.
- Comments start with a capital letter and end in a '.'.
While there adapt a few comments.
Reviewed by: rwatson
MFC after: 4 weeks
Modified:
head/sys/netipsec/ipsec.c
Modified: head/sys/netipsec/ipsec.c
==============================================================================
--- head/sys/netipsec/ipsec.c Sat Dec 27 21:20:34 2008 (r186530)
+++ head/sys/netipsec/ipsec.c Sat Dec 27 22:58:16 2008 (r186531)
@@ -104,7 +104,7 @@ struct vnet_ipsec vnet_ipsec_0;
#endif
#ifdef VIMAGE_GLOBALS
-/* NB: name changed so netstat doesn't use it */
+/* NB: name changed so netstat doesn't use it. */
struct ipsecstat ipsec4stat;
struct secpolicy ip4_def_policy;
int ipsec_debug;
@@ -309,7 +309,7 @@ key_allocsp_default(const char* where, i
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP key_allocsp_default returns SP:%p (%u)\n",
sp, sp->refcnt));
- return sp;
+ return (sp);
}
#define KEY_ALLOCSP_DEFAULT() \
key_allocsp_default(__FILE__, __LINE__)
@@ -339,7 +339,7 @@ ipsec_getpolicy(struct tdb_ident *tdbi,
if (sp == NULL) /*XXX????*/
sp = KEY_ALLOCSP_DEFAULT();
IPSEC_ASSERT(sp != NULL, ("null SP"));
- return sp;
+ return (sp);
}
/*
@@ -359,7 +359,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
{
INIT_VNET_IPSEC(curvnet);
struct inpcbpolicy *pcbsp = NULL;
- struct secpolicy *currsp = NULL; /* policy on socket */
+ struct secpolicy *currsp = NULL; /* Policy on socket. */
struct secpolicy *sp;
IPSEC_ASSERT(m != NULL, ("null mbuf"));
@@ -368,20 +368,20 @@ ipsec_getpolicybysock(struct mbuf *m, u_
IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
("invalid direction %u", dir));
- /* set spidx in pcb */
+ /* Set spidx in pcb. */
if (inp->inp_vflag & INP_IPV6PROTO) {
#ifdef INET6
*error = ipsec6_setspidx_inpcb(m, inp);
pcbsp = inp->inp_sp;
#else
- *error = EINVAL; /* should not happen */
+ *error = EINVAL; /* Should not happen. */
#endif
} else {
*error = ipsec4_setspidx_inpcb(m, inp);
pcbsp = inp->inp_sp;
}
if (*error)
- return NULL;
+ return (NULL);
IPSEC_ASSERT(pcbsp != NULL, ("null pcbsp"));
switch (dir) {
@@ -394,7 +394,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
}
IPSEC_ASSERT(currsp != NULL, ("null currsp"));
- if (pcbsp->priv) { /* when privilieged socket */
+ if (pcbsp->priv) { /* When privilieged socket. */
switch (currsp->policy) {
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_IPSEC:
@@ -403,9 +403,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_
break;
case IPSEC_POLICY_ENTRUST:
- /* look for a policy in SPD */
+ /* Look for a policy in SPD. */
sp = KEY_ALLOCSP(&currsp->spidx, dir);
- if (sp == NULL) /* no SP found */
+ if (sp == NULL) /* No SP found. */
sp = KEY_ALLOCSP_DEFAULT();
break;
@@ -413,18 +413,18 @@ ipsec_getpolicybysock(struct mbuf *m, u_
ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n",
__func__, currsp->policy));
*error = EINVAL;
- return NULL;
+ return (NULL);
}
- } else { /* unpriv, SPD has policy */
+ } else { /* Unpriv, SPD has policy. */
sp = KEY_ALLOCSP(&currsp->spidx, dir);
- if (sp == NULL) { /* no SP found */
+ if (sp == NULL) { /* No SP found. */
switch (currsp->policy) {
case IPSEC_POLICY_BYPASS:
ipseclog((LOG_ERR, "%s: Illegal policy for "
"non-priviliged defined %d\n",
__func__, currsp->policy));
*error = EINVAL;
- return NULL;
+ return (NULL);
case IPSEC_POLICY_ENTRUST:
sp = KEY_ALLOCSP_DEFAULT();
@@ -439,7 +439,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
ipseclog((LOG_ERR, "%s: Invalid policy for "
"PCB %d\n", __func__, currsp->policy));
*error = EINVAL;
- return NULL;
+ return (NULL);
}
}
}
@@ -448,7 +448,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP %s (priv %u policy %u) allocate SP:%p (refcnt %u)\n",
__func__, pcbsp->priv, currsp->policy, sp, sp->refcnt));
- return sp;
+ return (sp);
}
/*
@@ -481,16 +481,16 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_
if (*error != 0) {
DPRINTF(("%s: setpidx failed, dir %u flag %u\n",
__func__, dir, flag));
- return NULL;
+ return (NULL);
}
spidx.dir = dir;
sp = KEY_ALLOCSP(&spidx, dir);
}
- if (sp == NULL) /* no SP found, use system default */
+ if (sp == NULL) /* No SP found, use system default. */
sp = KEY_ALLOCSP_DEFAULT();
IPSEC_ASSERT(sp != NULL, ("null SP"));
- return sp;
+ return (sp);
}
struct secpolicy *
@@ -508,25 +508,25 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
if (sp == NULL) {
IPSEC_ASSERT(*error != 0, ("getpolicy failed w/o error"));
V_ipsec4stat.ips_out_inval++;
- return NULL;
+ return (NULL);
}
IPSEC_ASSERT(*error == 0, ("sp w/ error set to %u", *error));
switch (sp->policy) {
case IPSEC_POLICY_ENTRUST:
default:
printf("%s: invalid policy %u\n", __func__, sp->policy);
- /* fall thru... */
+ /* FALLTHROUGH */
case IPSEC_POLICY_DISCARD:
V_ipsec4stat.ips_out_polvio++;
- *error = -EINVAL; /* packet is discarded by caller */
+ *error = -EINVAL; /* Packet is discarded by caller. */
break;
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_NONE:
KEY_FREESP(&sp);
- sp = NULL; /* NB: force NULL result */
+ sp = NULL; /* NB: force NULL result. */
break;
case IPSEC_POLICY_IPSEC:
- if (sp->req == NULL) /* acquire an SA */
+ if (sp->req == NULL) /* Acquire a SA. */
*error = key_spdacquire(sp);
break;
}
@@ -534,7 +534,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int
KEY_FREESP(&sp);
sp = NULL;
}
- return sp;
+ return (sp);
}
static int
@@ -558,7 +558,7 @@ ipsec4_setspidx_inpcb(struct mbuf *m, st
bzero(&pcb->inp_sp->sp_out->spidx,
sizeof (pcb->inp_sp->sp_in->spidx));
}
- return error;
+ return (error);
}
#ifdef INET6
@@ -584,14 +584,14 @@ ipsec6_setspidx_inpcb(struct mbuf *m, st
sizeof(pcb->inp_sp->sp_in->spidx));
}
- return error;
+ return (error);
}
#endif
/*
- * configure security policy index (src/dst/proto/sport/dport)
+ * Configure security policy index (src/dst/proto/sport/dport)
* by looking at the content of mbuf.
- * the caller is responsible for error recovery (like clearing up spidx).
+ * The caller is responsible for error recovery (like clearing up spidx).
*/
static int
ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
@@ -607,9 +607,9 @@ ipsec_setspidx(struct mbuf *m, struct se
IPSEC_ASSERT(m != NULL, ("null mbuf"));
/*
- * validate m->m_pkthdr.len. we see incorrect length if we
+ * Validate m->m_pkthdr.len. We see incorrect length if we
* mistakenly call this function with inconsistent mbuf chain
- * (like 4.4BSD tcp/udp processing). XXX should we panic here?
+ * (like 4.4BSD tcp/udp processing). XXX Should we panic here?
*/
len = 0;
for (n = m; n; n = n->m_next)
@@ -618,14 +618,14 @@ ipsec_setspidx(struct mbuf *m, struct se
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: pkthdr len(%d) mismatch (%d), ignored.\n",
__func__, len, m->m_pkthdr.len));
- return EINVAL;
+ return (EINVAL);
}
if (m->m_pkthdr.len < sizeof(struct ip)) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: pkthdr len(%d) too small (v4), ignored.\n",
__func__, m->m_pkthdr.len));
- return EINVAL;
+ return (EINVAL);
}
if (m->m_len >= sizeof(*ip))
@@ -643,28 +643,28 @@ ipsec_setspidx(struct mbuf *m, struct se
case 4:
error = ipsec4_setspidx_ipaddr(m, spidx);
if (error)
- return error;
+ return (error);
ipsec4_get_ulp(m, spidx, needport);
- return 0;
+ return (0);
#ifdef INET6
case 6:
if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) {
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: pkthdr len(%d) too small (v6), "
"ignored\n", __func__, m->m_pkthdr.len));
- return EINVAL;
+ return (EINVAL);
}
error = ipsec6_setspidx_ipaddr(m, spidx);
if (error)
- return error;
+ return (error);
ipsec6_get_ulp(m, spidx, needport);
- return 0;
+ return (0);
#endif
default:
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: " "unknown IP version %u, ignored.\n",
__func__, v));
- return EINVAL;
+ return (EINVAL);
}
}
@@ -674,11 +674,11 @@ ipsec4_get_ulp(struct mbuf *m, struct se
u_int8_t nxt;
int off;
- /* sanity check */
+ /* Sanity check. */
IPSEC_ASSERT(m != NULL, ("null mbuf"));
IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short"));
- /* NB: ip_input() flips it into host endian XXX need more checking */
+ /* NB: ip_input() flips it into host endian. XXX Need more checking. */
if (m->m_len < sizeof (struct ip)) {
struct ip *ip = mtod(m, struct ip *);
if (ip->ip_off & (IP_MF | IP_OFFMASK))
@@ -732,14 +732,14 @@ ipsec4_get_ulp(struct mbuf *m, struct se
case IPPROTO_AH:
if (off + sizeof(ip6e) > m->m_pkthdr.len)
goto done;
- /* XXX sigh, this works but is totally bogus */
+ /* XXX Sigh, this works but is totally bogus. */
m_copydata(m, off, sizeof(ip6e), (caddr_t) &ip6e);
off += (ip6e.ip6e_len + 2) << 2;
nxt = ip6e.ip6e_nxt;
break;
case IPPROTO_ICMP:
default:
- /* XXX intermediate headers??? */
+ /* XXX Intermediate headers??? */
spidx->ul_proto = nxt;
goto done_proto;
}
@@ -751,7 +751,7 @@ done_proto:
spidx->dst.sin.sin_port = IPSEC_PORT_ANY;
}
-/* assumes that m is sane */
+/* Assumes that m is sane. */
static int
ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
{
@@ -780,7 +780,7 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, s
spidx->prefs = sizeof(struct in_addr) << 3;
spidx->prefd = sizeof(struct in_addr) << 3;
- return 0;
+ return (0);
}
#ifdef INET6
@@ -793,14 +793,14 @@ ipsec6_get_ulp(struct mbuf *m, struct se
struct udphdr uh;
struct icmp6_hdr ih;
- /* sanity check */
+ /* Sanity check. */
if (m == NULL)
panic("%s: NULL pointer was passed.\n", __func__);
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s:\n", __func__); kdebug_mbuf(m));
- /* set default */
+ /* Set default. */
spidx->ul_proto = IPSEC_ULPROTO_ANY;
((struct sockaddr_in6 *)&spidx->src)->sin6_port = IPSEC_PORT_ANY;
((struct sockaddr_in6 *)&spidx->dst)->sin6_port = IPSEC_PORT_ANY;
@@ -842,13 +842,13 @@ ipsec6_get_ulp(struct mbuf *m, struct se
htons((uint16_t)ih.icmp6_code);
break;
default:
- /* XXX intermediate headers??? */
+ /* XXX Intermediate headers??? */
spidx->ul_proto = nxt;
break;
}
}
-/* assumes that m is sane */
+/* Assumes that m is sane. */
static int
ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx)
{
@@ -885,24 +885,25 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
}
spidx->prefd = sizeof(struct in6_addr) << 3;
- return 0;
+ return (0);
}
#endif
static void
ipsec_delpcbpolicy(struct inpcbpolicy *p)
{
+
free(p, M_IPSEC_INPCB);
}
-/* initialize policy in PCB */
+/* Initialize policy in PCB. */
int
ipsec_init_policy(struct socket *so, struct inpcbpolicy **pcb_sp)
{
INIT_VNET_IPSEC(curvnet);
struct inpcbpolicy *new;
- /* sanity check. */
+ /* Sanity check. */
if (so == NULL || pcb_sp == NULL)
panic("%s: NULL pointer was passed.\n", __func__);
@@ -910,14 +911,14 @@ ipsec_init_policy(struct socket *so, str
M_IPSEC_INPCB, M_NOWAIT|M_ZERO);
if (new == NULL) {
ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
- return ENOBUFS;
+ return (ENOBUFS);
}
new->priv = IPSEC_IS_PRIVILEGED_SO(so);
if ((new->sp_in = KEY_NEWSP()) == NULL) {
ipsec_delpcbpolicy(new);
- return ENOBUFS;
+ return (ENOBUFS);
}
new->sp_in->state = IPSEC_SPSTATE_ALIVE;
new->sp_in->policy = IPSEC_POLICY_ENTRUST;
@@ -925,17 +926,17 @@ ipsec_init_policy(struct socket *so, str
if ((new->sp_out = KEY_NEWSP()) == NULL) {
KEY_FREESP(&new->sp_in);
ipsec_delpcbpolicy(new);
- return ENOBUFS;
+ return (ENOBUFS);
}
new->sp_out->state = IPSEC_SPSTATE_ALIVE;
new->sp_out->policy = IPSEC_POLICY_ENTRUST;
*pcb_sp = new;
- return 0;
+ return (0);
}
-/* copy old ipsec policy into new */
+/* Copy old IPsec policy into new. */
int
ipsec_copy_policy(struct inpcbpolicy *old, struct inpcbpolicy *new)
{
@@ -946,18 +947,18 @@ ipsec_copy_policy(struct inpcbpolicy *ol
KEY_FREESP(&new->sp_in);
new->sp_in = sp;
} else
- return ENOBUFS;
+ return (ENOBUFS);
sp = ipsec_deepcopy_policy(old->sp_out);
if (sp) {
KEY_FREESP(&new->sp_out);
new->sp_out = sp;
} else
- return ENOBUFS;
+ return (ENOBUFS);
new->priv = old->priv;
- return 0;
+ return (0);
}
struct ipsecrequest *
@@ -968,17 +969,18 @@ ipsec_newisr(void)
p = malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, M_NOWAIT|M_ZERO);
if (p != NULL)
IPSECREQUEST_LOCK_INIT(p);
- return p;
+ return (p);
}
void
ipsec_delisr(struct ipsecrequest *p)
{
+
IPSECREQUEST_LOCK_DESTROY(p);
free(p, M_IPSEC_SR);
}
-/* deep-copy a policy in PCB */
+/* Deep-copy a policy in PCB. */
static struct secpolicy *
ipsec_deepcopy_policy(struct secpolicy *src)
{
@@ -989,13 +991,13 @@ ipsec_deepcopy_policy(struct secpolicy *
struct secpolicy *dst;
if (src == NULL)
- return NULL;
+ return (NULL);
dst = KEY_NEWSP();
if (dst == NULL)
- return NULL;
+ return (NULL);
/*
- * deep-copy IPsec request chain. This is required since struct
+ * Deep-copy IPsec request chain. This is required since struct
* ipsecrequest is not reference counted.
*/
q = &newchain;
@@ -1019,9 +1021,9 @@ ipsec_deepcopy_policy(struct secpolicy *
dst->req = newchain;
dst->state = src->state;
dst->policy = src->policy;
- /* do not touch the refcnt fields */
+ /* Do not touch the refcnt fields. */
- return dst;
+ return (dst);
fail:
for (p = newchain; p; p = r) {
@@ -1029,10 +1031,10 @@ fail:
ipsec_delisr(p);
p = NULL;
}
- return NULL;
+ return (NULL);
}
-/* set policy and ipsec request if present. */
+/* Set policy and IPsec request if present. */
static int
ipsec_set_policy(struct secpolicy **pcb_sp, int optname, caddr_t request,
size_t len, struct ucred *cred)
@@ -1042,44 +1044,44 @@ ipsec_set_policy(struct secpolicy **pcb_
struct secpolicy *newsp = NULL;
int error;
- /* sanity check. */
+ /* Sanity check. */
if (pcb_sp == NULL || *pcb_sp == NULL || request == NULL)
- return EINVAL;
+ return (EINVAL);
if (len < sizeof(*xpl))
- return EINVAL;
+ return (EINVAL);
xpl = (struct sadb_x_policy *)request;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: passed policy\n", __func__);
kdebug_sadb_x_policy((struct sadb_ext *)xpl));
- /* check policy type */
+ /* Check policy type. */
/* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */
if (xpl->sadb_x_policy_type == IPSEC_POLICY_DISCARD
|| xpl->sadb_x_policy_type == IPSEC_POLICY_NONE)
- return EINVAL;
+ return (EINVAL);
- /* check privileged socket */
+ /* Check privileged socket. */
if (cred != NULL && xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
error = priv_check_cred(cred, PRIV_NETINET_IPSEC, 0);
if (error)
- return EACCES;
+ return (EACCES);
}
- /* allocation new SP entry */
+ /* Allocating new SP entry. */
if ((newsp = key_msg2sp(xpl, len, &error)) == NULL)
- return error;
+ return (error);
newsp->state = IPSEC_SPSTATE_ALIVE;
- /* clear old SP and set new SP */
+ /* Clear old SP and set new SP. */
KEY_FREESP(pcb_sp);
*pcb_sp = newsp;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: new policy\n", __func__);
kdebug_secpolicy(newsp));
- return 0;
+ return (0);
}
static int
@@ -1087,21 +1089,21 @@ ipsec_get_policy(struct secpolicy *pcb_s
{
INIT_VNET_IPSEC(curvnet);
- /* sanity check. */
+ /* Sanity check. */
if (pcb_sp == NULL || mp == NULL)
- return EINVAL;
+ return (EINVAL);
*mp = key_sp2msg(pcb_sp);
if (!*mp) {
ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
- return ENOBUFS;
+ return (ENOBUFS);
}
(*mp)->m_type = MT_DATA;
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s:\n", __func__); kdebug_mbuf(*mp));
- return 0;
+ return (0);
}
int
@@ -1112,14 +1114,14 @@ ipsec4_set_policy(struct inpcb *inp, int
struct sadb_x_policy *xpl;
struct secpolicy **pcb_sp;
- /* sanity check. */
+ /* Sanity check. */
if (inp == NULL || request == NULL)
- return EINVAL;
+ return (EINVAL);
if (len < sizeof(*xpl))
- return EINVAL;
+ return (EINVAL);
xpl = (struct sadb_x_policy *)request;
- /* select direction */
+ /* Select direction. */
switch (xpl->sadb_x_policy_dir) {
case IPSEC_DIR_INBOUND:
pcb_sp = &inp->inp_sp->sp_in;
@@ -1130,10 +1132,10 @@ ipsec4_set_policy(struct inpcb *inp, int
default:
ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
- return EINVAL;
+ return (EINVAL);
}
- return ipsec_set_policy(pcb_sp, optname, request, len, cred);
+ return (ipsec_set_policy(pcb_sp, optname, request, len, cred));
}
int
@@ -1144,15 +1146,15 @@ ipsec4_get_policy(struct inpcb *inp, cad
struct sadb_x_policy *xpl;
struct secpolicy *pcb_sp;
- /* sanity check. */
+ /* Sanity check. */
if (inp == NULL || request == NULL || mp == NULL)
- return EINVAL;
+ return (EINVAL);
IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp"));
if (len < sizeof(*xpl))
- return EINVAL;
+ return (EINVAL);
xpl = (struct sadb_x_policy *)request;
- /* select direction */
+ /* Select direction. */
switch (xpl->sadb_x_policy_dir) {
case IPSEC_DIR_INBOUND:
pcb_sp = inp->inp_sp->sp_in;
@@ -1163,20 +1165,20 @@ ipsec4_get_policy(struct inpcb *inp, cad
default:
ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
- return EINVAL;
+ return (EINVAL);
}
- return ipsec_get_policy(pcb_sp, mp);
+ return (ipsec_get_policy(pcb_sp, mp));
}
-/* delete policy in PCB */
+/* Delete policy in PCB. */
int
ipsec_delete_pcbpolicy(struct inpcb *inp)
{
IPSEC_ASSERT(inp != NULL, ("null inp"));
if (inp->inp_sp == NULL)
- return 0;
+ return (0);
if (inp->inp_sp->sp_in != NULL)
KEY_FREESP(&inp->inp_sp->sp_in);
@@ -1187,7 +1189,7 @@ ipsec_delete_pcbpolicy(struct inpcb *inp
ipsec_delpcbpolicy(inp->inp_sp);
inp->inp_sp = NULL;
- return 0;
+ return (0);
}
#ifdef INET6
@@ -1199,14 +1201,14 @@ ipsec6_set_policy(struct inpcb *inp, int
struct sadb_x_policy *xpl;
struct secpolicy **pcb_sp;
- /* sanity check. */
+ /* Sanity check. */
if (inp == NULL || request == NULL)
- return EINVAL;
+ return (EINVAL);
if (len < sizeof(*xpl))
- return EINVAL;
+ return (EINVAL);
xpl = (struct sadb_x_policy *)request;
- /* select direction */
+ /* Select direction. */
switch (xpl->sadb_x_policy_dir) {
case IPSEC_DIR_INBOUND:
pcb_sp = &inp->inp_sp->sp_in;
@@ -1217,10 +1219,10 @@ ipsec6_set_policy(struct inpcb *inp, int
default:
ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
- return EINVAL;
+ return (EINVAL);
}
- return ipsec_set_policy(pcb_sp, optname, request, len, cred);
+ return (ipsec_set_policy(pcb_sp, optname, request, len, cred));
}
int
@@ -1231,15 +1233,15 @@ ipsec6_get_policy(struct inpcb *inp, cad
struct sadb_x_policy *xpl;
struct secpolicy *pcb_sp;
- /* sanity check. */
+ /* Sanity check. */
if (inp == NULL || request == NULL || mp == NULL)
- return EINVAL;
+ return (EINVAL);
IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp"));
if (len < sizeof(*xpl))
- return EINVAL;
+ return (EINVAL);
xpl = (struct sadb_x_policy *)request;
- /* select direction */
+ /* Select direction. */
switch (xpl->sadb_x_policy_dir) {
case IPSEC_DIR_INBOUND:
pcb_sp = inp->inp_sp->sp_in;
@@ -1250,15 +1252,15 @@ ipsec6_get_policy(struct inpcb *inp, cad
default:
ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__,
xpl->sadb_x_policy_dir));
- return EINVAL;
+ return (EINVAL);
}
- return ipsec_get_policy(pcb_sp, mp);
+ return (ipsec_get_policy(pcb_sp, mp));
}
#endif
/*
- * return current level.
+ * Return current level.
* Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned.
*/
u_int
@@ -1275,7 +1277,7 @@ ipsec_get_reqlevel(struct ipsecrequest *
isr->sp->spidx.src.sa.sa_family,
isr->sp->spidx.dst.sa.sa_family));
-/* XXX note that we have ipseclog() expanded here - code sync issue */
+/* XXX Note that we have ipseclog() expanded here - code sync issue. */
#define IPSEC_CHECK_DEFAULT(lev) \
(((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \
&& (lev) != IPSEC_LEVEL_UNIQUE) \
@@ -1287,7 +1289,7 @@ ipsec_get_reqlevel(struct ipsecrequest *
(lev) \
: (lev))
- /* set default level */
+ /* Set default level. */
switch (((struct sockaddr *)&isr->sp->spidx.src)->sa_family) {
#ifdef INET
case AF_INET:
@@ -1312,7 +1314,7 @@ ipsec_get_reqlevel(struct ipsecrequest *
#undef IPSEC_CHECK_DEFAULT
- /* set level */
+ /* Set level. */
switch (isr->level) {
case IPSEC_LEVEL_DEFAULT:
switch (isr->saidx.proto) {
@@ -1330,8 +1332,8 @@ ipsec_get_reqlevel(struct ipsecrequest *
break;
case IPPROTO_IPCOMP:
/*
- * we don't really care, as IPcomp document says that
- * we shouldn't compress small packets
+ * We don't really care, as IPcomp document says that
+ * we shouldn't compress small packets.
*/
level = IPSEC_LEVEL_USE;
break;
@@ -1353,7 +1355,7 @@ ipsec_get_reqlevel(struct ipsecrequest *
panic("%s: Illegal IPsec level %u\n", __func__, isr->level);
}
- return level;
+ return (level);
}
/*
@@ -1376,19 +1378,19 @@ ipsec_in_reject(struct secpolicy *sp, st
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("%s: using SP\n", __func__); kdebug_secpolicy(sp));
- /* check policy */
+ /* Check policy. */
switch (sp->policy) {
case IPSEC_POLICY_DISCARD:
- return 1;
+ return (1);
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_NONE:
- return 0;
+ return (0);
}
IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
("invalid policy %u", sp->policy));
- /* XXX should compare policy against ipsec header history */
+ /* XXX Should compare policy against IPsec header history. */
need_auth = 0;
for (isr = sp->req; isr != NULL; isr = isr->next) {
@@ -1400,7 +1402,7 @@ ipsec_in_reject(struct secpolicy *sp, st
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: ESP m_flags:%x\n", __func__,
m->m_flags));
- return 1;
+ return (1);
}
if (!need_auth &&
@@ -1410,7 +1412,7 @@ ipsec_in_reject(struct secpolicy *sp, st
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: ESP/AH m_flags:%x\n", __func__,
m->m_flags));
- return 1;
+ return (1);
}
break;
case IPPROTO_AH:
@@ -1419,26 +1421,26 @@ ipsec_in_reject(struct secpolicy *sp, st
KEYDEBUG(KEYDEBUG_IPSEC_DUMP,
printf("%s: AH m_flags:%x\n", __func__,
m->m_flags));
- return 1;
+ return (1);
}
break;
case IPPROTO_IPCOMP:
/*
- * we don't really care, as IPcomp document
+ * We don't really care, as IPcomp document
* says that we shouldn't compress small
- * packets, IPComp policy should always be
+ * packets. IPComp policy should always be
* treated as being in "use" level.
*/
break;
}
}
- return 0; /* valid */
+ return (0); /* Valid. */
}
/*
* Check AH/ESP integrity.
* This function is called from tcp_input(), udp_input(),
- * and {ah,esp}4_input for tunnel mode
+ * and {ah,esp}4_input for tunnel mode.
*/
int
ipsec4_in_reject(struct mbuf *m, struct inpcb *inp)
@@ -1450,7 +1452,8 @@ ipsec4_in_reject(struct mbuf *m, struct
IPSEC_ASSERT(m != NULL, ("null mbuf"));
- /* get SP for this packet.
+ /*
+ * Get SP for this packet.
* When we are called from ip_forward(), we call
* ipsec_getpolicybyaddr() with IP_FORWARDING flag.
*/
@@ -1465,17 +1468,17 @@ ipsec4_in_reject(struct mbuf *m, struct
V_ipsec4stat.ips_in_polvio++;
KEY_FREESP(&sp);
} else {
- result = 0; /* XXX should be panic ?
+ result = 0; /* XXX Should be panic?
* -> No, there may be error. */
}
- return result;
+ return (result);
}
#ifdef INET6
/*
* Check AH/ESP integrity.
* This function is called from tcp6_input(), udp6_input(),
- * and {ah,esp}6_input for tunnel mode
+ * and {ah,esp}6_input for tunnel mode.
*/
int
ipsec6_in_reject(struct mbuf *m, struct inpcb *inp)
@@ -1485,11 +1488,11 @@ ipsec6_in_reject(struct mbuf *m, struct
int error;
int result;
- /* sanity check */
+ /* Sanity check. */
if (m == NULL)
- return 0; /* XXX should be panic ? */
+ return (0); /* XXX Should be panic? */
- /* get SP for this packet.
+ /* Get SP for this packet.
* When we are called from ip_forward(), we call
* ipsec_getpolicybyaddr() with IP_FORWARDING flag.
*/
@@ -1506,14 +1509,14 @@ ipsec6_in_reject(struct mbuf *m, struct
} else {
result = 0;
}
- return result;
+ return (result);
}
#endif
/*
- * compute the byte size to be occupied by IPsec header.
- * in case it is tunneled, it includes the size of outer IP header.
- * NOTE: SP passed is free in this function.
+ * Compute the byte size to be occupied by IPsec header.
+ * In case it is tunnelled, it includes the size of outer IP header.
+ * NOTE: SP passed is freed in this function.
*/
static size_t
ipsec_hdrsiz(struct secpolicy *sp)
@@ -1529,7 +1532,7 @@ ipsec_hdrsiz(struct secpolicy *sp)
case IPSEC_POLICY_DISCARD:
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_NONE:
- return 0;
+ return (0);
}
IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
@@ -1571,7 +1574,7 @@ ipsec_hdrsiz(struct secpolicy *sp)
siz += clen;
}
- return siz;
+ return (siz);
}
/* This function is called from ip_forward() and ipsec4_hdrsize_tcp(). */
@@ -1585,7 +1588,7 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir,
IPSEC_ASSERT(m != NULL, ("null mbuf"));
- /* get SP for this packet.
+ /* Get SP for this packet.
* When we are called from ip_forward(), we call
* ipsec_getpolicybyaddr() with IP_FORWARDING flag.
*/
@@ -1602,16 +1605,16 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir,
KEY_FREESP(&sp);
} else {
- size = 0; /* XXX should be panic ?
+ size = 0; /* XXX Should be panic?
* -> No, we are called w/o knowing if
* IPsec processing is needed. */
}
- return size;
+ return (size);
}
#ifdef INET6
/* This function is called from ipsec6_hdrsize_tcp(),
- * and maybe from ip6_forward.()
+ * and maybe from ip6_forward().
*/
size_t
ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
@@ -1625,7 +1628,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir,
IPSEC_ASSERT(inp == NULL || inp->inp_socket != NULL,
("socket w/o inpcb"));
- /* get SP for this packet */
+ /* Get SP for this packet. */
/* XXX Is it right to call with IP_FORWARDING. */
if (inp == NULL)
sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
@@ -1633,13 +1636,13 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir,
sp = ipsec_getpolicybysock(m, dir, inp, &error);
if (sp == NULL)
- return 0;
+ return (0);
size = ipsec_hdrsiz(sp);
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("%s: size:%lu.\n", __func__, (unsigned long)size));
KEY_FREESP(&sp);
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list