src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	2005-11-12 16:41:40 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	2005-11-12 16:41:40 +0000
commit	00f56278cee20b2b166f3cb201425049ec7ca430 (patch)
tree	59136286212020392c46a9a8797a30603bbf624f /sbin/ipsecctl
parent	837c0ec1b08d23651a0ff96b717edca574e5d82f (diff)

spacing

Diffstat (limited to 'sbin/ipsecctl')

-rw-r--r--

sbin/ipsecctl/ike.c

-rw-r--r--

sbin/ipsecctl/ipsecctl.c

-rw-r--r--

sbin/ipsecctl/parse.y

154

-rw-r--r--

sbin/ipsecctl/pfkey.c

4 files changed, 90 insertions, 90 deletions

diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c
index 71c845d1d28..83a0c8af4e5 100644
--- a/sbin/ipsecctl/ike.c
+++ b/sbin/ipsecctl/ike.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ike.c,v 1.8 2005/11/06 22:51:51 hshoexer Exp $ */

+/* $OpenBSD: ike.c,v 1.9 2005/11/12 16:41:39 deraadt Exp $ */

@@ -106,7 +106,7 @@ ike_section_qm(struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst,

fprintf(fd, SET "[qm-%s-%s]:EXCHANGE_TYPE=QUICK_MODE force\n",

src->name, dst->name);

fprintf(fd, SET "[qm-%s-%s]:Suites=QM-", src->name, dst->name);

switch (proto) {

case IPSEC_ESP:

fprintf(fd, "ESP");

@@ -272,7 +272,7 @@ ike_section_qmids(struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst,

fprintf(fd, SET "[rid-%s]:Network=%s force\n", dst->name,

network);

fprintf(fd, SET "[rid-%s]:Netmask=%s force\n", dst->name, mask);

free(network);

} else {

fprintf(fd, SET "[rid-%s]:ID-type=IPV4_ADDR force\n",

diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index 5704e78dfc0..3209dc0528a 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ipsecctl.c,v 1.32 2005/11/12 12:00:53 hshoexer Exp $ */

+/* $OpenBSD: ipsecctl.c,v 1.33 2005/11/12 16:41:39 deraadt Exp $ */

@@ -392,7 +392,7 @@ ipsecctl_show_flows(int opts)

printf("No flows\n");

return;

}

while ((rp = TAILQ_FIRST(&ipsec.rule_queue))) {

TAILQ_REMOVE(&ipsec.rule_queue, rp, entries);

@@ -413,8 +413,6 @@ ipsecctl_show_flows(int opts)

}

free(rp);

}

- return;

}

void

diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 9c420ddfae1..9681d1e3d0a 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.35 2005/11/12 16:40:58 deraadt Exp $ */

+/* $OpenBSD: parse.y,v 1.36 2005/11/12 16:41:39 deraadt Exp $ */

@@ -51,38 +51,38 @@ static int errors = 0;

static int debug = 0;

const struct ipsec_xf authxfs[] = {

- {"unknown", AUTHXF_UNKNOWN, 0, 0},

- {"none", AUTHXF_NONE, 0, 0},

- {"hmac-md5", AUTHXF_HMAC_MD5, 16, 0},

- {"hmac-ripemd160", AUTHXF_HMAC_RIPEMD160, 20, 0},

- {"hmac-sha1", AUTHXF_HMAC_SHA1, 20, 0},

- {"hmac-sha2-256", AUTHXF_HMAC_SHA2_256, 32, 0},

- {"hmac-sha2-384", AUTHXF_HMAC_SHA2_384, 48, 0},

- {"hmac-sha2-512", AUTHXF_HMAC_SHA2_512, 64, 0},

- {"md5", AUTHXF_MD5, 16, 0},

- {"sha1", AUTHXF_SHA1, 20, 0},

- {NULL, 0, 0, 0},

+ { "unknown", AUTHXF_UNKNOWN, 0, 0 },

+ { "none", AUTHXF_NONE, 0, 0 },

+ { "hmac-md5", AUTHXF_HMAC_MD5, 16, 0 },

+ { "hmac-ripemd160", AUTHXF_HMAC_RIPEMD160, 20, 0 },

+ { "hmac-sha1", AUTHXF_HMAC_SHA1, 20, 0 },

+ { "hmac-sha2-256", AUTHXF_HMAC_SHA2_256, 32, 0 },

+ { "hmac-sha2-384", AUTHXF_HMAC_SHA2_384, 48, 0 },

+ { "hmac-sha2-512", AUTHXF_HMAC_SHA2_512, 64, 0 },

+ { "md5", AUTHXF_MD5, 16, 0 },

+ { "sha1", AUTHXF_SHA1, 20, 0 },

+ { NULL, 0, 0, 0 },

};

const struct ipsec_xf encxfs[] = {

- {"unknown", ENCXF_UNKNOWN, 0, 0},

- {"none", ENCXF_NONE, 0, 0},

- {"3des-cbc", ENCXF_3DES_CBC, 24, 24},

- {"des-cbc", ENCXF_DES_CBC, 8, 8},

- {"aes", ENCXF_AES, 16, 32},

- {"aesctr", ENCXF_AESCTR, 16+4, 32+4},

- {"blowfish", ENCXF_BLOWFISH, 5, 56},

- {"cast128", ENCXF_CAST128, 5, 16},

- {"null", ENCXF_NULL, 0, 0},

- {"skipjack", ENCXF_SKIPJACK, 10, 10},

- {NULL, 0, 0, 0},

+ { "unknown", ENCXF_UNKNOWN, 0, 0 },

+ { "none", ENCXF_NONE, 0, 0 },

+ { "3des-cbc", ENCXF_3DES_CBC, 24, 24 },

+ { "des-cbc", ENCXF_DES_CBC, 8, 8 },

+ { "aes", ENCXF_AES, 16, 32 },

+ { "aesctr", ENCXF_AESCTR, 16+4, 32+4 },

+ { "blowfish", ENCXF_BLOWFISH, 5, 56 },

+ { "cast128", ENCXF_CAST128, 5, 16 },

+ { "null", ENCXF_NULL, 0, 0 },

+ { "skipjack", ENCXF_SKIPJACK, 10, 10 },

+ { NULL, 0, 0, 0 },

};

const struct ipsec_xf compxfs[] = {

- {"unknown", COMPXF_UNKNOWN, 0, 0},

- {"deflate", COMPXF_DEFLATE, 0, 0},

- {"lzs", COMPXF_LZS, 0, 0},

- {NULL, 0, 0, 0},

+ { "unknown", COMPXF_UNKNOWN, 0, 0 },

+ { "deflate", COMPXF_DEFLATE, 0, 0 },

+ { "lzs", COMPXF_LZS, 0, 0 },

+ { NULL, 0, 0, 0 },

};

int yyerror(const char *, ...);

@@ -231,6 +231,7 @@ number : STRING {

$$ = (u_int32_t)ulval;

free($1);

}

+ ;

tcpmd5rule : TCPMD5 hosts spispec authkeyspec {

struct ipsec_rule *r;

@@ -298,7 +299,7 @@ flowrule : FLOW protocol dir hosts peer ids authtype {

/* Create and add reverse flow rule. */

if ($3 == IPSEC_INOUT) {

- r = reverse_rule(r);

+ r = reverse_rule(r);

r->nr = ipsec->rule_nr++;

if (ipsecctl_add_rule(ipsec, r))

@@ -318,7 +319,8 @@ ikerule : IKE ikemode protocol hosts peer mmxfs qmxfs ids {

if (ipsecctl_add_rule(ipsec, r))

errx(1, "ikerule: ipsecctl_add_rule");

- };

+ }

+ ;

protocol : /* empty */ { $$ = IPSEC_ESP; }

| ESP { $$ = IPSEC_ESP; }

@@ -496,7 +498,7 @@ mmxfs : /* empty */ {

$$ = xfs;

}

| MAIN transforms { $$ = $2; }

- ;

+ ;

qmxfs : /* empty */ {

struct ipsec_transforms *xfs;

@@ -533,7 +535,7 @@ enckeyspec : /* empty */ {

keyspec : STRING {

unsigned char *hex;

unsigned char *p = strchr($1, ':');

if (p != NULL ) {

*p++ = 0;

@@ -575,7 +577,7 @@ int

yyerror(const char *fmt, ...)

{

va_list ap;

- extern char *infile;

+ extern char *infile;

errors = 1;

va_start(ap, fmt);

@@ -597,35 +599,35 @@ lookup(char *s)

{

/* this has to be sorted always */

static const struct keywords keywords[] = {

- { "active", ACTIVE},

- { "ah", AH},

- { "any", ANY},

- { "auth", AUTHXF},

- { "authkey", AUTHKEY},

- { "comp", COMPXF},

- { "dstid", DSTID},

- { "enc", ENCXF},

- { "enckey", ENCKEY},

- { "esp", ESP},

- { "file", FILENAME},

- { "flow", FLOW},

- { "from", FROM},

- { "ike", IKE},

- { "in", IN},

- { "ipcomp", IPCOMP},

- { "main", MAIN},

- { "out", OUT},

- { "passive", PASSIVE},

- { "peer", PEER},

- { "psk", PSK},

- { "quick", QUICK},

- { "rsa", RSA},

- { "spi", SPI},

- { "srcid", SRCID},

- { "tcpmd5", TCPMD5},

- { "to", TO},

- { "transport", TRANSPORT},

- { "tunnel", TUNNEL},

+ { "active", ACTIVE },

+ { "ah", AH },

+ { "any", ANY },

+ { "auth", AUTHXF },

+ { "authkey", AUTHKEY },

+ { "comp", COMPXF },

+ { "dstid", DSTID },

+ { "enc", ENCXF },

+ { "enckey", ENCKEY },

+ { "esp", ESP },

+ { "file", FILENAME },

+ { "flow", FLOW },

+ { "from", FROM },

+ { "ike", IKE },

+ { "in", IN },

+ { "ipcomp", IPCOMP },

+ { "main", MAIN },

+ { "out", OUT },

+ { "passive", PASSIVE },

+ { "peer", PEER },

+ { "psk", PSK },

+ { "quick", QUICK },

+ { "rsa", RSA },

+ { "spi", SPI },

+ { "srcid", SRCID },

+ { "tcpmd5", TCPMD5 },

+ { "to", TO },

+ { "transport", TRANSPORT },

+ { "tunnel", TUNNEL },

};

const struct keywords *p;

@@ -1100,7 +1102,7 @@ host_v4(const char *s, int mask)

void

set_ipmask(struct ipsec_addr_wrap *address, u_int8_t b)

{

- struct ipsec_addr *ipa;

+ struct ipsec_addr *ipa;

int i, j = 0;

ipa = &address->mask;

@@ -1129,7 +1131,7 @@ copyhost(const struct ipsec_addr_wrap *src)

if ((dst->name = strdup(src->name)) == NULL)

err(1, "copyhost: strdup");

return dst;

}

@@ -1251,16 +1253,16 @@ validate_sa(u_int32_t spi, u_int8_t protocol, struct ipsec_transforms *xfs,

return (0);

}

if (enckey) {

- if (enckey->len < xfs->encxf->keymin) {

- yyerror("encryption key too short, minimum %d bits",

- xfs->encxf->keymin * 8);

- return (0);

- }

- if (xfs->encxf->keymax < enckey->len) {

- yyerror("encryption key too long, maximum %d bits",

- xfs->encxf->keymax * 8);

- return (0);

- }

+ if (enckey->len < xfs->encxf->keymin) {

+ yyerror("encryption key too short, minimum %d bits",

+ xfs->encxf->keymin * 8);

+ return (0);

+ }

+ if (xfs->encxf->keymax < enckey->len) {

+ yyerror("encryption key too long, maximum %d bits",

+ xfs->encxf->keymax * 8);

+ return (0);

+ }

}

@@ -1331,7 +1333,7 @@ create_flow(u_int8_t dir, struct ipsec_addr_wrap *src, struct ipsec_addr_wrap

r = calloc(1, sizeof(struct ipsec_rule));

if (r == NULL)

err(1, "create_flow: calloc");

r->type |= RULE_FLOW;

if (dir == IPSEC_INOUT)

@@ -1400,7 +1402,7 @@ reverse_rule(struct ipsec_rule *rule)

err(1, "reverse_rule: calloc");

reverse->type |= RULE_FLOW;

if (rule->direction == (u_int8_t)IPSEC_OUT) {

reverse->direction = (u_int8_t)IPSEC_IN;

reverse->flowtype = TYPE_USE;

@@ -1408,7 +1410,7 @@ reverse_rule(struct ipsec_rule *rule)

reverse->direction = (u_int8_t)IPSEC_OUT;

reverse->flowtype = TYPE_REQUIRE;

}

reverse->src = copyhost(rule->dst);

reverse->dst = copyhost(rule->src);

reverse->peer = copyhost(rule->peer);

diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c
index 86ba2bf5768..4a92e27cbbf 100644
--- a/sbin/ipsecctl/pfkey.c
+++ b/sbin/ipsecctl/pfkey.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pfkey.c,v 1.29 2005/11/12 12:00:53 hshoexer Exp $ */

+/* $OpenBSD: pfkey.c,v 1.30 2005/11/12 16:41:39 deraadt Exp $ */

@@ -64,8 +64,8 @@ pfkey_flow(int sd, u_int8_t satype, u_int8_t action, u_int8_t direction,

struct sadb_protocol sa_flowtype, sa_protocol;

struct sadb_ident *sa_srcid, *sa_dstid;

struct sockaddr_storage ssrc, sdst, speer, smask, dmask;

- struct iovec iov[IOV_CNT];

- ssize_t n;

+ struct iovec iov[IOV_CNT];

+ ssize_t n;

int iov_cnt, len, ret = 0;

sa_srcid = sa_dstid = NULL;

@@ -314,9 +314,9 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi,

struct sadb_address sa_src, sa_dst;

struct sadb_key sa_authkey, sa_enckey;

struct sockaddr_storage ssrc, sdst;

- struct iovec iov[IOV_CNT];

- ssize_t n;

- int iov_cnt, len, ret = 0;

+ struct iovec iov[IOV_CNT];

+ ssize_t n;

+ int iov_cnt, len, ret = 0;

bzero(&ssrc, sizeof(ssrc));

switch (src->af) {

@@ -815,7 +815,7 @@ pfkey_parse(struct sadb_msg *msg, struct ipsec_rule *rule)

return (1);

}

break;

default:

return (1);

}