Date: Sat, 27 Dec 2008 22:58:17 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r186531 - head/sys/netipsec Message-ID: <200812272258.mBRMwHrd086017@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Sat Dec 27 22:58:16 2008 New Revision: 186531 URL: http://svn.freebsd.org/changeset/base/186531 Log: Non-functional (style) changes: - Always use round brackets with return (). - Add empty line to beginning of functions without local variables. - Comments start with a capital letter and end in a '.'. While there adapt a few comments. Reviewed by: rwatson MFC after: 4 weeks Modified: head/sys/netipsec/ipsec.c Modified: head/sys/netipsec/ipsec.c ============================================================================== --- head/sys/netipsec/ipsec.c Sat Dec 27 21:20:34 2008 (r186530) +++ head/sys/netipsec/ipsec.c Sat Dec 27 22:58:16 2008 (r186531) @@ -104,7 +104,7 @@ struct vnet_ipsec vnet_ipsec_0; #endif #ifdef VIMAGE_GLOBALS -/* NB: name changed so netstat doesn't use it */ +/* NB: name changed so netstat doesn't use it. */ struct ipsecstat ipsec4stat; struct secpolicy ip4_def_policy; int ipsec_debug; @@ -309,7 +309,7 @@ key_allocsp_default(const char* where, i KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP key_allocsp_default returns SP:%p (%u)\n", sp, sp->refcnt)); - return sp; + return (sp); } #define KEY_ALLOCSP_DEFAULT() \ key_allocsp_default(__FILE__, __LINE__) @@ -339,7 +339,7 @@ ipsec_getpolicy(struct tdb_ident *tdbi, if (sp == NULL) /*XXX????*/ sp = KEY_ALLOCSP_DEFAULT(); IPSEC_ASSERT(sp != NULL, ("null SP")); - return sp; + return (sp); } /* @@ -359,7 +359,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ { INIT_VNET_IPSEC(curvnet); struct inpcbpolicy *pcbsp = NULL; - struct secpolicy *currsp = NULL; /* policy on socket */ + struct secpolicy *currsp = NULL; /* Policy on socket. */ struct secpolicy *sp; IPSEC_ASSERT(m != NULL, ("null mbuf")); @@ -368,20 +368,20 @@ ipsec_getpolicybysock(struct mbuf *m, u_ IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, ("invalid direction %u", dir)); - /* set spidx in pcb */ + /* Set spidx in pcb. */ if (inp->inp_vflag & INP_IPV6PROTO) { #ifdef INET6 *error = ipsec6_setspidx_inpcb(m, inp); pcbsp = inp->inp_sp; #else - *error = EINVAL; /* should not happen */ + *error = EINVAL; /* Should not happen. */ #endif } else { *error = ipsec4_setspidx_inpcb(m, inp); pcbsp = inp->inp_sp; } if (*error) - return NULL; + return (NULL); IPSEC_ASSERT(pcbsp != NULL, ("null pcbsp")); switch (dir) { @@ -394,7 +394,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ } IPSEC_ASSERT(currsp != NULL, ("null currsp")); - if (pcbsp->priv) { /* when privilieged socket */ + if (pcbsp->priv) { /* When privilieged socket. */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_IPSEC: @@ -403,9 +403,9 @@ ipsec_getpolicybysock(struct mbuf *m, u_ break; case IPSEC_POLICY_ENTRUST: - /* look for a policy in SPD */ + /* Look for a policy in SPD. */ sp = KEY_ALLOCSP(&currsp->spidx, dir); - if (sp == NULL) /* no SP found */ + if (sp == NULL) /* No SP found. */ sp = KEY_ALLOCSP_DEFAULT(); break; @@ -413,18 +413,18 @@ ipsec_getpolicybysock(struct mbuf *m, u_ ipseclog((LOG_ERR, "%s: Invalid policy for PCB %d\n", __func__, currsp->policy)); *error = EINVAL; - return NULL; + return (NULL); } - } else { /* unpriv, SPD has policy */ + } else { /* Unpriv, SPD has policy. */ sp = KEY_ALLOCSP(&currsp->spidx, dir); - if (sp == NULL) { /* no SP found */ + if (sp == NULL) { /* No SP found. */ switch (currsp->policy) { case IPSEC_POLICY_BYPASS: ipseclog((LOG_ERR, "%s: Illegal policy for " "non-priviliged defined %d\n", __func__, currsp->policy)); *error = EINVAL; - return NULL; + return (NULL); case IPSEC_POLICY_ENTRUST: sp = KEY_ALLOCSP_DEFAULT(); @@ -439,7 +439,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ ipseclog((LOG_ERR, "%s: Invalid policy for " "PCB %d\n", __func__, currsp->policy)); *error = EINVAL; - return NULL; + return (NULL); } } } @@ -448,7 +448,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_ KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP %s (priv %u policy %u) allocate SP:%p (refcnt %u)\n", __func__, pcbsp->priv, currsp->policy, sp, sp->refcnt)); - return sp; + return (sp); } /* @@ -481,16 +481,16 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_ if (*error != 0) { DPRINTF(("%s: setpidx failed, dir %u flag %u\n", __func__, dir, flag)); - return NULL; + return (NULL); } spidx.dir = dir; sp = KEY_ALLOCSP(&spidx, dir); } - if (sp == NULL) /* no SP found, use system default */ + if (sp == NULL) /* No SP found, use system default. */ sp = KEY_ALLOCSP_DEFAULT(); IPSEC_ASSERT(sp != NULL, ("null SP")); - return sp; + return (sp); } struct secpolicy * @@ -508,25 +508,25 @@ ipsec4_checkpolicy(struct mbuf *m, u_int if (sp == NULL) { IPSEC_ASSERT(*error != 0, ("getpolicy failed w/o error")); V_ipsec4stat.ips_out_inval++; - return NULL; + return (NULL); } IPSEC_ASSERT(*error == 0, ("sp w/ error set to %u", *error)); switch (sp->policy) { case IPSEC_POLICY_ENTRUST: default: printf("%s: invalid policy %u\n", __func__, sp->policy); - /* fall thru... */ + /* FALLTHROUGH */ case IPSEC_POLICY_DISCARD: V_ipsec4stat.ips_out_polvio++; - *error = -EINVAL; /* packet is discarded by caller */ + *error = -EINVAL; /* Packet is discarded by caller. */ break; case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_NONE: KEY_FREESP(&sp); - sp = NULL; /* NB: force NULL result */ + sp = NULL; /* NB: force NULL result. */ break; case IPSEC_POLICY_IPSEC: - if (sp->req == NULL) /* acquire an SA */ + if (sp->req == NULL) /* Acquire a SA. */ *error = key_spdacquire(sp); break; } @@ -534,7 +534,7 @@ ipsec4_checkpolicy(struct mbuf *m, u_int KEY_FREESP(&sp); sp = NULL; } - return sp; + return (sp); } static int @@ -558,7 +558,7 @@ ipsec4_setspidx_inpcb(struct mbuf *m, st bzero(&pcb->inp_sp->sp_out->spidx, sizeof (pcb->inp_sp->sp_in->spidx)); } - return error; + return (error); } #ifdef INET6 @@ -584,14 +584,14 @@ ipsec6_setspidx_inpcb(struct mbuf *m, st sizeof(pcb->inp_sp->sp_in->spidx)); } - return error; + return (error); } #endif /* - * configure security policy index (src/dst/proto/sport/dport) + * Configure security policy index (src/dst/proto/sport/dport) * by looking at the content of mbuf. - * the caller is responsible for error recovery (like clearing up spidx). + * The caller is responsible for error recovery (like clearing up spidx). */ static int ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport) @@ -607,9 +607,9 @@ ipsec_setspidx(struct mbuf *m, struct se IPSEC_ASSERT(m != NULL, ("null mbuf")); /* - * validate m->m_pkthdr.len. we see incorrect length if we + * Validate m->m_pkthdr.len. We see incorrect length if we * mistakenly call this function with inconsistent mbuf chain - * (like 4.4BSD tcp/udp processing). XXX should we panic here? + * (like 4.4BSD tcp/udp processing). XXX Should we panic here? */ len = 0; for (n = m; n; n = n->m_next) @@ -618,14 +618,14 @@ ipsec_setspidx(struct mbuf *m, struct se KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: pkthdr len(%d) mismatch (%d), ignored.\n", __func__, len, m->m_pkthdr.len)); - return EINVAL; + return (EINVAL); } if (m->m_pkthdr.len < sizeof(struct ip)) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: pkthdr len(%d) too small (v4), ignored.\n", __func__, m->m_pkthdr.len)); - return EINVAL; + return (EINVAL); } if (m->m_len >= sizeof(*ip)) @@ -643,28 +643,28 @@ ipsec_setspidx(struct mbuf *m, struct se case 4: error = ipsec4_setspidx_ipaddr(m, spidx); if (error) - return error; + return (error); ipsec4_get_ulp(m, spidx, needport); - return 0; + return (0); #ifdef INET6 case 6: if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) { KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: pkthdr len(%d) too small (v6), " "ignored\n", __func__, m->m_pkthdr.len)); - return EINVAL; + return (EINVAL); } error = ipsec6_setspidx_ipaddr(m, spidx); if (error) - return error; + return (error); ipsec6_get_ulp(m, spidx, needport); - return 0; + return (0); #endif default: KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: " "unknown IP version %u, ignored.\n", __func__, v)); - return EINVAL; + return (EINVAL); } } @@ -674,11 +674,11 @@ ipsec4_get_ulp(struct mbuf *m, struct se u_int8_t nxt; int off; - /* sanity check */ + /* Sanity check. */ IPSEC_ASSERT(m != NULL, ("null mbuf")); IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short")); - /* NB: ip_input() flips it into host endian XXX need more checking */ + /* NB: ip_input() flips it into host endian. XXX Need more checking. */ if (m->m_len < sizeof (struct ip)) { struct ip *ip = mtod(m, struct ip *); if (ip->ip_off & (IP_MF | IP_OFFMASK)) @@ -732,14 +732,14 @@ ipsec4_get_ulp(struct mbuf *m, struct se case IPPROTO_AH: if (off + sizeof(ip6e) > m->m_pkthdr.len) goto done; - /* XXX sigh, this works but is totally bogus */ + /* XXX Sigh, this works but is totally bogus. */ m_copydata(m, off, sizeof(ip6e), (caddr_t) &ip6e); off += (ip6e.ip6e_len + 2) << 2; nxt = ip6e.ip6e_nxt; break; case IPPROTO_ICMP: default: - /* XXX intermediate headers??? */ + /* XXX Intermediate headers??? */ spidx->ul_proto = nxt; goto done_proto; } @@ -751,7 +751,7 @@ done_proto: spidx->dst.sin.sin_port = IPSEC_PORT_ANY; } -/* assumes that m is sane */ +/* Assumes that m is sane. */ static int ipsec4_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx) { @@ -780,7 +780,7 @@ ipsec4_setspidx_ipaddr(struct mbuf *m, s spidx->prefs = sizeof(struct in_addr) << 3; spidx->prefd = sizeof(struct in_addr) << 3; - return 0; + return (0); } #ifdef INET6 @@ -793,14 +793,14 @@ ipsec6_get_ulp(struct mbuf *m, struct se struct udphdr uh; struct icmp6_hdr ih; - /* sanity check */ + /* Sanity check. */ if (m == NULL) panic("%s: NULL pointer was passed.\n", __func__); KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__); kdebug_mbuf(m)); - /* set default */ + /* Set default. */ spidx->ul_proto = IPSEC_ULPROTO_ANY; ((struct sockaddr_in6 *)&spidx->src)->sin6_port = IPSEC_PORT_ANY; ((struct sockaddr_in6 *)&spidx->dst)->sin6_port = IPSEC_PORT_ANY; @@ -842,13 +842,13 @@ ipsec6_get_ulp(struct mbuf *m, struct se htons((uint16_t)ih.icmp6_code); break; default: - /* XXX intermediate headers??? */ + /* XXX Intermediate headers??? */ spidx->ul_proto = nxt; break; } } -/* assumes that m is sane */ +/* Assumes that m is sane. */ static int ipsec6_setspidx_ipaddr(struct mbuf *m, struct secpolicyindex *spidx) { @@ -885,24 +885,25 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s } spidx->prefd = sizeof(struct in6_addr) << 3; - return 0; + return (0); } #endif static void ipsec_delpcbpolicy(struct inpcbpolicy *p) { + free(p, M_IPSEC_INPCB); } -/* initialize policy in PCB */ +/* Initialize policy in PCB. */ int ipsec_init_policy(struct socket *so, struct inpcbpolicy **pcb_sp) { INIT_VNET_IPSEC(curvnet); struct inpcbpolicy *new; - /* sanity check. */ + /* Sanity check. */ if (so == NULL || pcb_sp == NULL) panic("%s: NULL pointer was passed.\n", __func__); @@ -910,14 +911,14 @@ ipsec_init_policy(struct socket *so, str M_IPSEC_INPCB, M_NOWAIT|M_ZERO); if (new == NULL) { ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); - return ENOBUFS; + return (ENOBUFS); } new->priv = IPSEC_IS_PRIVILEGED_SO(so); if ((new->sp_in = KEY_NEWSP()) == NULL) { ipsec_delpcbpolicy(new); - return ENOBUFS; + return (ENOBUFS); } new->sp_in->state = IPSEC_SPSTATE_ALIVE; new->sp_in->policy = IPSEC_POLICY_ENTRUST; @@ -925,17 +926,17 @@ ipsec_init_policy(struct socket *so, str if ((new->sp_out = KEY_NEWSP()) == NULL) { KEY_FREESP(&new->sp_in); ipsec_delpcbpolicy(new); - return ENOBUFS; + return (ENOBUFS); } new->sp_out->state = IPSEC_SPSTATE_ALIVE; new->sp_out->policy = IPSEC_POLICY_ENTRUST; *pcb_sp = new; - return 0; + return (0); } -/* copy old ipsec policy into new */ +/* Copy old IPsec policy into new. */ int ipsec_copy_policy(struct inpcbpolicy *old, struct inpcbpolicy *new) { @@ -946,18 +947,18 @@ ipsec_copy_policy(struct inpcbpolicy *ol KEY_FREESP(&new->sp_in); new->sp_in = sp; } else - return ENOBUFS; + return (ENOBUFS); sp = ipsec_deepcopy_policy(old->sp_out); if (sp) { KEY_FREESP(&new->sp_out); new->sp_out = sp; } else - return ENOBUFS; + return (ENOBUFS); new->priv = old->priv; - return 0; + return (0); } struct ipsecrequest * @@ -968,17 +969,18 @@ ipsec_newisr(void) p = malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, M_NOWAIT|M_ZERO); if (p != NULL) IPSECREQUEST_LOCK_INIT(p); - return p; + return (p); } void ipsec_delisr(struct ipsecrequest *p) { + IPSECREQUEST_LOCK_DESTROY(p); free(p, M_IPSEC_SR); } -/* deep-copy a policy in PCB */ +/* Deep-copy a policy in PCB. */ static struct secpolicy * ipsec_deepcopy_policy(struct secpolicy *src) { @@ -989,13 +991,13 @@ ipsec_deepcopy_policy(struct secpolicy * struct secpolicy *dst; if (src == NULL) - return NULL; + return (NULL); dst = KEY_NEWSP(); if (dst == NULL) - return NULL; + return (NULL); /* - * deep-copy IPsec request chain. This is required since struct + * Deep-copy IPsec request chain. This is required since struct * ipsecrequest is not reference counted. */ q = &newchain; @@ -1019,9 +1021,9 @@ ipsec_deepcopy_policy(struct secpolicy * dst->req = newchain; dst->state = src->state; dst->policy = src->policy; - /* do not touch the refcnt fields */ + /* Do not touch the refcnt fields. */ - return dst; + return (dst); fail: for (p = newchain; p; p = r) { @@ -1029,10 +1031,10 @@ fail: ipsec_delisr(p); p = NULL; } - return NULL; + return (NULL); } -/* set policy and ipsec request if present. */ +/* Set policy and IPsec request if present. */ static int ipsec_set_policy(struct secpolicy **pcb_sp, int optname, caddr_t request, size_t len, struct ucred *cred) @@ -1042,44 +1044,44 @@ ipsec_set_policy(struct secpolicy **pcb_ struct secpolicy *newsp = NULL; int error; - /* sanity check. */ + /* Sanity check. */ if (pcb_sp == NULL || *pcb_sp == NULL || request == NULL) - return EINVAL; + return (EINVAL); if (len < sizeof(*xpl)) - return EINVAL; + return (EINVAL); xpl = (struct sadb_x_policy *)request; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: passed policy\n", __func__); kdebug_sadb_x_policy((struct sadb_ext *)xpl)); - /* check policy type */ + /* Check policy type. */ /* ipsec_set_policy() accepts IPSEC, ENTRUST and BYPASS. */ if (xpl->sadb_x_policy_type == IPSEC_POLICY_DISCARD || xpl->sadb_x_policy_type == IPSEC_POLICY_NONE) - return EINVAL; + return (EINVAL); - /* check privileged socket */ + /* Check privileged socket. */ if (cred != NULL && xpl->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { error = priv_check_cred(cred, PRIV_NETINET_IPSEC, 0); if (error) - return EACCES; + return (EACCES); } - /* allocation new SP entry */ + /* Allocating new SP entry. */ if ((newsp = key_msg2sp(xpl, len, &error)) == NULL) - return error; + return (error); newsp->state = IPSEC_SPSTATE_ALIVE; - /* clear old SP and set new SP */ + /* Clear old SP and set new SP. */ KEY_FREESP(pcb_sp); *pcb_sp = newsp; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: new policy\n", __func__); kdebug_secpolicy(newsp)); - return 0; + return (0); } static int @@ -1087,21 +1089,21 @@ ipsec_get_policy(struct secpolicy *pcb_s { INIT_VNET_IPSEC(curvnet); - /* sanity check. */ + /* Sanity check. */ if (pcb_sp == NULL || mp == NULL) - return EINVAL; + return (EINVAL); *mp = key_sp2msg(pcb_sp); if (!*mp) { ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); - return ENOBUFS; + return (ENOBUFS); } (*mp)->m_type = MT_DATA; KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s:\n", __func__); kdebug_mbuf(*mp)); - return 0; + return (0); } int @@ -1112,14 +1114,14 @@ ipsec4_set_policy(struct inpcb *inp, int struct sadb_x_policy *xpl; struct secpolicy **pcb_sp; - /* sanity check. */ + /* Sanity check. */ if (inp == NULL || request == NULL) - return EINVAL; + return (EINVAL); if (len < sizeof(*xpl)) - return EINVAL; + return (EINVAL); xpl = (struct sadb_x_policy *)request; - /* select direction */ + /* Select direction. */ switch (xpl->sadb_x_policy_dir) { case IPSEC_DIR_INBOUND: pcb_sp = &inp->inp_sp->sp_in; @@ -1130,10 +1132,10 @@ ipsec4_set_policy(struct inpcb *inp, int default: ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); - return EINVAL; + return (EINVAL); } - return ipsec_set_policy(pcb_sp, optname, request, len, cred); + return (ipsec_set_policy(pcb_sp, optname, request, len, cred)); } int @@ -1144,15 +1146,15 @@ ipsec4_get_policy(struct inpcb *inp, cad struct sadb_x_policy *xpl; struct secpolicy *pcb_sp; - /* sanity check. */ + /* Sanity check. */ if (inp == NULL || request == NULL || mp == NULL) - return EINVAL; + return (EINVAL); IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp")); if (len < sizeof(*xpl)) - return EINVAL; + return (EINVAL); xpl = (struct sadb_x_policy *)request; - /* select direction */ + /* Select direction. */ switch (xpl->sadb_x_policy_dir) { case IPSEC_DIR_INBOUND: pcb_sp = inp->inp_sp->sp_in; @@ -1163,20 +1165,20 @@ ipsec4_get_policy(struct inpcb *inp, cad default: ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); - return EINVAL; + return (EINVAL); } - return ipsec_get_policy(pcb_sp, mp); + return (ipsec_get_policy(pcb_sp, mp)); } -/* delete policy in PCB */ +/* Delete policy in PCB. */ int ipsec_delete_pcbpolicy(struct inpcb *inp) { IPSEC_ASSERT(inp != NULL, ("null inp")); if (inp->inp_sp == NULL) - return 0; + return (0); if (inp->inp_sp->sp_in != NULL) KEY_FREESP(&inp->inp_sp->sp_in); @@ -1187,7 +1189,7 @@ ipsec_delete_pcbpolicy(struct inpcb *inp ipsec_delpcbpolicy(inp->inp_sp); inp->inp_sp = NULL; - return 0; + return (0); } #ifdef INET6 @@ -1199,14 +1201,14 @@ ipsec6_set_policy(struct inpcb *inp, int struct sadb_x_policy *xpl; struct secpolicy **pcb_sp; - /* sanity check. */ + /* Sanity check. */ if (inp == NULL || request == NULL) - return EINVAL; + return (EINVAL); if (len < sizeof(*xpl)) - return EINVAL; + return (EINVAL); xpl = (struct sadb_x_policy *)request; - /* select direction */ + /* Select direction. */ switch (xpl->sadb_x_policy_dir) { case IPSEC_DIR_INBOUND: pcb_sp = &inp->inp_sp->sp_in; @@ -1217,10 +1219,10 @@ ipsec6_set_policy(struct inpcb *inp, int default: ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); - return EINVAL; + return (EINVAL); } - return ipsec_set_policy(pcb_sp, optname, request, len, cred); + return (ipsec_set_policy(pcb_sp, optname, request, len, cred)); } int @@ -1231,15 +1233,15 @@ ipsec6_get_policy(struct inpcb *inp, cad struct sadb_x_policy *xpl; struct secpolicy *pcb_sp; - /* sanity check. */ + /* Sanity check. */ if (inp == NULL || request == NULL || mp == NULL) - return EINVAL; + return (EINVAL); IPSEC_ASSERT(inp->inp_sp != NULL, ("null inp_sp")); if (len < sizeof(*xpl)) - return EINVAL; + return (EINVAL); xpl = (struct sadb_x_policy *)request; - /* select direction */ + /* Select direction. */ switch (xpl->sadb_x_policy_dir) { case IPSEC_DIR_INBOUND: pcb_sp = inp->inp_sp->sp_in; @@ -1250,15 +1252,15 @@ ipsec6_get_policy(struct inpcb *inp, cad default: ipseclog((LOG_ERR, "%s: invalid direction=%u\n", __func__, xpl->sadb_x_policy_dir)); - return EINVAL; + return (EINVAL); } - return ipsec_get_policy(pcb_sp, mp); + return (ipsec_get_policy(pcb_sp, mp)); } #endif /* - * return current level. + * Return current level. * Either IPSEC_LEVEL_USE or IPSEC_LEVEL_REQUIRE are always returned. */ u_int @@ -1275,7 +1277,7 @@ ipsec_get_reqlevel(struct ipsecrequest * isr->sp->spidx.src.sa.sa_family, isr->sp->spidx.dst.sa.sa_family)); -/* XXX note that we have ipseclog() expanded here - code sync issue */ +/* XXX Note that we have ipseclog() expanded here - code sync issue. */ #define IPSEC_CHECK_DEFAULT(lev) \ (((lev) != IPSEC_LEVEL_USE && (lev) != IPSEC_LEVEL_REQUIRE \ && (lev) != IPSEC_LEVEL_UNIQUE) \ @@ -1287,7 +1289,7 @@ ipsec_get_reqlevel(struct ipsecrequest * (lev) \ : (lev)) - /* set default level */ + /* Set default level. */ switch (((struct sockaddr *)&isr->sp->spidx.src)->sa_family) { #ifdef INET case AF_INET: @@ -1312,7 +1314,7 @@ ipsec_get_reqlevel(struct ipsecrequest * #undef IPSEC_CHECK_DEFAULT - /* set level */ + /* Set level. */ switch (isr->level) { case IPSEC_LEVEL_DEFAULT: switch (isr->saidx.proto) { @@ -1330,8 +1332,8 @@ ipsec_get_reqlevel(struct ipsecrequest * break; case IPPROTO_IPCOMP: /* - * we don't really care, as IPcomp document says that - * we shouldn't compress small packets + * We don't really care, as IPcomp document says that + * we shouldn't compress small packets. */ level = IPSEC_LEVEL_USE; break; @@ -1353,7 +1355,7 @@ ipsec_get_reqlevel(struct ipsecrequest * panic("%s: Illegal IPsec level %u\n", __func__, isr->level); } - return level; + return (level); } /* @@ -1376,19 +1378,19 @@ ipsec_in_reject(struct secpolicy *sp, st KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: using SP\n", __func__); kdebug_secpolicy(sp)); - /* check policy */ + /* Check policy. */ switch (sp->policy) { case IPSEC_POLICY_DISCARD: - return 1; + return (1); case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_NONE: - return 0; + return (0); } IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, ("invalid policy %u", sp->policy)); - /* XXX should compare policy against ipsec header history */ + /* XXX Should compare policy against IPsec header history. */ need_auth = 0; for (isr = sp->req; isr != NULL; isr = isr->next) { @@ -1400,7 +1402,7 @@ ipsec_in_reject(struct secpolicy *sp, st KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: ESP m_flags:%x\n", __func__, m->m_flags)); - return 1; + return (1); } if (!need_auth && @@ -1410,7 +1412,7 @@ ipsec_in_reject(struct secpolicy *sp, st KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: ESP/AH m_flags:%x\n", __func__, m->m_flags)); - return 1; + return (1); } break; case IPPROTO_AH: @@ -1419,26 +1421,26 @@ ipsec_in_reject(struct secpolicy *sp, st KEYDEBUG(KEYDEBUG_IPSEC_DUMP, printf("%s: AH m_flags:%x\n", __func__, m->m_flags)); - return 1; + return (1); } break; case IPPROTO_IPCOMP: /* - * we don't really care, as IPcomp document + * We don't really care, as IPcomp document * says that we shouldn't compress small - * packets, IPComp policy should always be + * packets. IPComp policy should always be * treated as being in "use" level. */ break; } } - return 0; /* valid */ + return (0); /* Valid. */ } /* * Check AH/ESP integrity. * This function is called from tcp_input(), udp_input(), - * and {ah,esp}4_input for tunnel mode + * and {ah,esp}4_input for tunnel mode. */ int ipsec4_in_reject(struct mbuf *m, struct inpcb *inp) @@ -1450,7 +1452,8 @@ ipsec4_in_reject(struct mbuf *m, struct IPSEC_ASSERT(m != NULL, ("null mbuf")); - /* get SP for this packet. + /* + * Get SP for this packet. * When we are called from ip_forward(), we call * ipsec_getpolicybyaddr() with IP_FORWARDING flag. */ @@ -1465,17 +1468,17 @@ ipsec4_in_reject(struct mbuf *m, struct V_ipsec4stat.ips_in_polvio++; KEY_FREESP(&sp); } else { - result = 0; /* XXX should be panic ? + result = 0; /* XXX Should be panic? * -> No, there may be error. */ } - return result; + return (result); } #ifdef INET6 /* * Check AH/ESP integrity. * This function is called from tcp6_input(), udp6_input(), - * and {ah,esp}6_input for tunnel mode + * and {ah,esp}6_input for tunnel mode. */ int ipsec6_in_reject(struct mbuf *m, struct inpcb *inp) @@ -1485,11 +1488,11 @@ ipsec6_in_reject(struct mbuf *m, struct int error; int result; - /* sanity check */ + /* Sanity check. */ if (m == NULL) - return 0; /* XXX should be panic ? */ + return (0); /* XXX Should be panic? */ - /* get SP for this packet. + /* Get SP for this packet. * When we are called from ip_forward(), we call * ipsec_getpolicybyaddr() with IP_FORWARDING flag. */ @@ -1506,14 +1509,14 @@ ipsec6_in_reject(struct mbuf *m, struct } else { result = 0; } - return result; + return (result); } #endif /* - * compute the byte size to be occupied by IPsec header. - * in case it is tunneled, it includes the size of outer IP header. - * NOTE: SP passed is free in this function. + * Compute the byte size to be occupied by IPsec header. + * In case it is tunnelled, it includes the size of outer IP header. + * NOTE: SP passed is freed in this function. */ static size_t ipsec_hdrsiz(struct secpolicy *sp) @@ -1529,7 +1532,7 @@ ipsec_hdrsiz(struct secpolicy *sp) case IPSEC_POLICY_DISCARD: case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_NONE: - return 0; + return (0); } IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, @@ -1571,7 +1574,7 @@ ipsec_hdrsiz(struct secpolicy *sp) siz += clen; } - return siz; + return (siz); } /* This function is called from ip_forward() and ipsec4_hdrsize_tcp(). */ @@ -1585,7 +1588,7 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, IPSEC_ASSERT(m != NULL, ("null mbuf")); - /* get SP for this packet. + /* Get SP for this packet. * When we are called from ip_forward(), we call * ipsec_getpolicybyaddr() with IP_FORWARDING flag. */ @@ -1602,16 +1605,16 @@ ipsec4_hdrsiz(struct mbuf *m, u_int dir, KEY_FREESP(&sp); } else { - size = 0; /* XXX should be panic ? + size = 0; /* XXX Should be panic? * -> No, we are called w/o knowing if * IPsec processing is needed. */ } - return size; + return (size); } #ifdef INET6 /* This function is called from ipsec6_hdrsize_tcp(), - * and maybe from ip6_forward.() + * and maybe from ip6_forward(). */ size_t ipsec6_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp) @@ -1625,7 +1628,7 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, IPSEC_ASSERT(inp == NULL || inp->inp_socket != NULL, ("socket w/o inpcb")); - /* get SP for this packet */ + /* Get SP for this packet. */ /* XXX Is it right to call with IP_FORWARDING. */ if (inp == NULL) sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error); @@ -1633,13 +1636,13 @@ ipsec6_hdrsiz(struct mbuf *m, u_int dir, sp = ipsec_getpolicybysock(m, dir, inp, &error); if (sp == NULL) - return 0; + return (0); size = ipsec_hdrsiz(sp); KEYDEBUG(KEYDEBUG_IPSEC_DATA, printf("%s: size:%lu.\n", __func__, (unsigned long)size)); KEY_FREESP(&sp); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812272258.mBRMwHrd086017>