summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/isakmpd/conf.c6
-rw-r--r--sbin/isakmpd/connection.c6
-rw-r--r--sbin/isakmpd/dnssec.c4
-rw-r--r--sbin/isakmpd/dpd.c16
-rw-r--r--sbin/isakmpd/exchange.c48
-rw-r--r--sbin/isakmpd/if.c6
-rw-r--r--sbin/isakmpd/ike_phase_1.c6
-rw-r--r--sbin/isakmpd/ike_quick_mode.c109
-rw-r--r--sbin/isakmpd/ipsec.c56
-rw-r--r--sbin/isakmpd/isakmp_cfg.c4
-rw-r--r--sbin/isakmpd/isakmpd.c16
-rw-r--r--sbin/isakmpd/log.c4
-rw-r--r--sbin/isakmpd/math_2n.c4
-rw-r--r--sbin/isakmpd/message.c34
-rw-r--r--sbin/isakmpd/monitor.c14
-rw-r--r--sbin/isakmpd/nat_traversal.c10
-rw-r--r--sbin/isakmpd/pf_key_v2.c49
-rw-r--r--sbin/isakmpd/policy.c72
-rw-r--r--sbin/isakmpd/sa.c17
-rw-r--r--sbin/isakmpd/sa.h4
-rw-r--r--sbin/isakmpd/transport.c29
-rw-r--r--sbin/isakmpd/udp.c11
-rw-r--r--sbin/isakmpd/udp_encap.c4
-rw-r--r--sbin/isakmpd/ui.c5
-rw-r--r--sbin/isakmpd/util.c19
-rw-r--r--sbin/isakmpd/virtual.c5
26 files changed, 263 insertions, 295 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index d74f993f524..93f4f2278a8 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.76 2005/03/15 20:33:07 moritz Exp $ */
+/* $OpenBSD: conf.c,v 1.77 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -693,8 +693,8 @@ conf_get_str(char *section, char *tag)
return cb->value;
}
LOG_DBG((LOG_MISC, 95,
- "conf_get_str: configuration value not found [%s]:%s", section,
- tag));
+ "conf_get_str: configuration value not found [%s]:%s", section,
+ tag));
return 0;
}
diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c
index 94373ad25bc..9a0dad325e2 100644
--- a/sbin/isakmpd/connection.c
+++ b/sbin/isakmpd/connection.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: connection.c,v 1.29 2004/06/14 09:55:41 ho Exp $ */
+/* $OpenBSD: connection.c,v 1.30 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */
/*
@@ -110,7 +110,7 @@ connection_init(void)
* XXX This code (i.e. the attribute lookup) seems
* like a likely candidate for factoring out into a
* function of its own.
- */
+ */
attrs = conf_get_list(conn->field, "Flags");
if (attrs)
for (attr = TAILQ_FIRST(&attrs->fields); attr;
@@ -220,7 +220,7 @@ connection_passive_lookup_by_ids(u_int8_t *id1, u_int8_t *id2)
/*
* If both IDs match what we have saved, return the name.
* Don't bother in which order they are.
- */
+ */
if ((compare_ids(id1, conn->local_id, conn->local_sz) == 0 &&
compare_ids(id2, conn->remote_id, conn->remote_sz) == 0) ||
(compare_ids(id1, conn->remote_id, conn->remote_sz) == 0 &&
diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c
index 95b721028ac..7b2a7c1c332 100644
--- a/sbin/isakmpd/dnssec.c
+++ b/sbin/isakmpd/dnssec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dnssec.c,v 1.21 2005/02/27 13:12:12 hshoexer Exp $ */
+/* $OpenBSD: dnssec.c,v 1.22 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 2001 Håkan Olsson. All rights reserved.
@@ -136,7 +136,7 @@ dns_get_key(int type, struct message *msg, int *keylen)
/*
* Some special handling here. We want to convert the ID
* 'user@host.domain' string into 'user._ipsec.host.domain.'.
- */
+ */
if ((id_len + sizeof(DNS_UFQDN_SEPARATOR)) >= sizeof name)
return 0;
/* Look for the '@' separator. */
diff --git a/sbin/isakmpd/dpd.c b/sbin/isakmpd/dpd.c
index 56b09d335d1..9b646822d7c 100644
--- a/sbin/isakmpd/dpd.c
+++ b/sbin/isakmpd/dpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dpd.c,v 1.9 2005/02/24 16:16:46 markus Exp $ */
+/* $OpenBSD: dpd.c,v 1.10 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -131,11 +131,10 @@ dpd_check_vendor_payload(struct message *msg, struct payload *p)
}
p->flags |= PL_MARK;
}
- return;
}
/*
- * All incoming DPD Notify messages enter here. Message has been validated.
+ * All incoming DPD Notify messages enter here. Message has been validated.
*/
void
dpd_handle_notify(struct message *msg, struct payload *p)
@@ -233,7 +232,7 @@ dpd_timer_reset(struct sa *sa, u_int32_t time_passed, enum dpd_tstate mode)
default:
break;
}
- if (!sa->dpd_event)
+ if (!sa->dpd_event)
log_print("dpd_timer_reset: timer_add_event failed");
}
@@ -257,7 +256,7 @@ struct dpd_args {
/* Helper function for dpd_event(). */
static int
-dpd_check_time(struct sa *sa, void *v_arg)
+dpd_check_time(struct sa *sa, void *v_arg)
{
struct dpd_args *args = v_arg;
struct sockaddr *dst;
@@ -289,10 +288,9 @@ dpd_check_time(struct sa *sa, void *v_arg)
args->interval = (u_int32_t)(tv.tv_sec - ksa->last_used);
return 1;
}
-
return 0;
}
-
+
/* Called by the timer. */
static void
dpd_event(void *v_sa)
@@ -365,8 +363,8 @@ dpd_check_event(void *v_sa)
dpd_timer_reset(isakmp_sa, 0, DPD_TIMER_CHECK);
return;
}
-
- /*
+
+ /*
* Peer is considered dead. Delete all SAs created under isakmp_sa.
*/
LOG_DBG((LOG_MESSAGE, 10, "dpd_check_event: peer is dead, "
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index a5298e37ca2..3749c1d72a3 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.111 2005/03/10 17:19:08 cloder Exp $ */
+/* $OpenBSD: exchange.c,v 1.112 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -190,7 +190,7 @@ exchange_script(struct exchange *exchange)
return script_transaction;
#endif
default:
- if (exchange->type >= ISAKMP_EXCH_DOI_MIN
+ if (exchange->type >= ISAKMP_EXCH_DOI_MIN
#if 0 /* always true; silence GCC3 warning */
&& exchange->type <= ISAKMP_EXCH_DOI_MAX
#endif
@@ -259,7 +259,7 @@ exchange_handle_leftover_payloads(struct message *msg)
i == ISAKMP_PAYLOAD_TRANSFORM)
continue;
for (p = payload_first(msg, i); p;
- p = TAILQ_NEXT(p, link)) {
+ p = TAILQ_NEXT(p, link)) {
if (p->flags & PL_MARK)
continue;
if (!doi->handle_leftover_payload ||
@@ -289,9 +289,9 @@ exchange_run(struct message *msg)
while (!done) {
/*
- * It's our turn if we're either the initiator on an even step,
- * or the responder on an odd step of the dialogue.
- */
+ * It's our turn if we're either the initiator on an even step,
+ * or the responder on an odd step of the dialogue.
+ */
if (exchange->initiator ^ (exchange->step % 2)) {
done = 1;
if (exchange->step)
@@ -308,7 +308,7 @@ exchange_run(struct message *msg)
* the SA at his side so we need to do that
* too, i.e. implement automatic SA teardown
* after a certain amount of inactivity.
- */
+ */
log_print("exchange_run: doi->%s (%p) failed",
exchange->initiator ? "initiator" :
"responder", msg);
@@ -323,7 +323,7 @@ exchange_run(struct message *msg)
* than "on-demand", i.e. if we see
* retransmits of the last message of the peer
* later.
- */
+ */
msg->flags |= MSG_LAST;
if (exchange->step > 0) {
if (exchange->last_sent)
@@ -336,7 +336,7 @@ exchange_run(struct message *msg)
* finalization, like telling our application
* the SA is ready to be used, or issuing a
* CONNECTED notify if we set the COMMIT bit.
- */
+ */
message_register_post_send(msg,
exchange_finalize);
@@ -362,17 +362,17 @@ exchange_run(struct message *msg)
/* Feed the message to the DOI. */
if (handler(msg)) {
/*
- * Trust the peer to retransmit.
+ * Trust the peer to retransmit.
* XXX We have to implement SA aging
* with automatic teardown.
- */
+ */
message_free(msg);
return;
}
/*
* Go over the yet unhandled payloads and feed
* them to DOI for handling.
- */
+ */
exchange_handle_leftover_payloads(msg);
/*
@@ -380,7 +380,7 @@ exchange_run(struct message *msg)
* been processing an incoming message, record
* that message as the one to do duplication
* tests against.
- */
+ */
if (exchange->last_received)
message_free(exchange->last_received);
exchange->last_received = msg;
@@ -460,7 +460,7 @@ exchange_lookup_from_icookie(u_int8_t *cookie)
for (i = 0; i <= bucket_mask; i++)
for (exchange = LIST_FIRST(&exchange_tab[i]); exchange;
- exchange = LIST_NEXT(exchange, link))
+ exchange = LIST_NEXT(exchange, link))
if (memcmp(exchange->cookies, cookie,
ISAKMP_HDR_ICOOKIE_LEN) == 0 &&
exchange->phase == 1)
@@ -481,7 +481,7 @@ exchange_lookup_by_name(char *name, int phase)
for (i = 0; i <= bucket_mask; i++)
for (exchange = LIST_FIRST(&exchange_tab[i]); exchange;
- exchange = LIST_NEXT(exchange, link)) {
+ exchange = LIST_NEXT(exchange, link)) {
LOG_DBG((LOG_EXCHANGE, 90,
"exchange_lookup_by_name: %s == %s && %d == %d?",
name, exchange->name ? exchange->name :
@@ -596,7 +596,7 @@ exchange_lookup(u_int8_t *msg, int phase2)
exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN) != 0) ||
(!phase2 && !zero_test(msg + ISAKMP_HDR_MESSAGE_ID_OFF,
ISAKMP_HDR_MESSAGE_ID_LEN)));
- exchange = LIST_NEXT(exchange, link))
+ exchange = LIST_NEXT(exchange, link))
;
return exchange;
@@ -859,7 +859,7 @@ exchange_establish_p1(struct transport *t, u_int8_t type, u_int32_t doi,
* Don't install a transport into this SA as it will be an
* INADDR_ANY address in the local end, which is not good at
* all. Let the reply packet install the transport instead.
- */
+ */
sa_create(exchange, 0);
msg->isakmp_sa = TAILQ_FIRST(&exchange->sa_list);
if (!msg->isakmp_sa) {
@@ -1011,8 +1011,8 @@ exchange_setup_p1(struct message *msg, u_int32_t doi)
type = GET_ISAKMP_HDR_EXCH_TYPE(msg->iov[0].iov_base);
if (type != ISAKMP_EXCH_INFO) {
/*
- * Find out our inbound phase 1 mode.
- */
+ * Find out our inbound phase 1 mode.
+ */
t->vtbl->get_dst(t, &dst);
if (sockaddr2text(dst, &str, 0) == -1)
return 0;
@@ -1024,7 +1024,7 @@ exchange_setup_p1(struct message *msg, u_int32_t doi)
* returning the call. However, we will need to
* continue responding if our phase 1 exchange is
* still waiting for step 1 (i.e still half-open).
- */
+ */
if (exchange_lookup_active(name, 1))
return 0;
} else {
@@ -1092,7 +1092,7 @@ exchange_setup_p1(struct message *msg, u_int32_t doi)
#ifdef USE_ISAKMP_CFG
if (name && (flags = conf_get_list(name, "Flags")) != NULL) {
for (flag = TAILQ_FIRST(&flags->fields); flag;
- flag = TAILQ_NEXT(flag, link))
+ flag = TAILQ_NEXT(flag, link))
if (strcasecmp(flag->field, "ikecfg") == 0) {
struct exchange_finalization_node *node;
@@ -1539,7 +1539,7 @@ exchange_nonce(struct exchange *exchange, int peer, size_t nonce_sz,
if (nonce_sz < 8 || nonce_sz > 256) {
/*
- * RFC2409, ch 5: The length of nonce payload MUST be
+ * RFC2409, ch 5: The length of nonce payload MUST be
* between 8 and 256 bytes inclusive.
* XXX I'm assuming the generic payload header is not included.
*/
@@ -1786,7 +1786,7 @@ exchange_establish(char *name, void (*finalize)(struct exchange *, void *,
* be application-specific information that won't get
* cleaned up, since no error signalling will be done.
* This is the case with dynamic SAs and PFKEY.
- */
+ */
exchange_establish(peer, exchange_establish_finalize,
name);
exchange = exchange_lookup_by_name(peer, 1);
@@ -1794,7 +1794,7 @@ exchange_establish(char *name, void (*finalize)(struct exchange *, void *,
* If the exchange was correctly initialized, add the
* original finalization routine; otherwise, call it
* directly.
- */
+ */
if (exchange)
exchange_add_finalization(exchange, finalize,
arg);
diff --git a/sbin/isakmpd/if.c b/sbin/isakmpd/if.c
index b9cf927478a..a54b60a4c77 100644
--- a/sbin/isakmpd/if.c
+++ b/sbin/isakmpd/if.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if.c,v 1.22 2004/06/14 09:55:41 ho Exp $ */
+/* $OpenBSD: if.c,v 1.23 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: if.c,v 1.12 1999/10/01 13:45:20 niklas Exp $ */
/*
@@ -77,7 +77,7 @@ siocgifconf(struct ifconf *ifcp)
/*
* Allocate a larger buffer each time around the loop and get
* the network interfaces configurations into it.
- */
+ */
new_buf = realloc(buf, len);
if (!new_buf) {
log_error("siocgifconf: realloc (%p, %d) failed", buf,
@@ -96,7 +96,7 @@ siocgifconf(struct ifconf *ifcp)
* If there is place for another ifreq we can be sure that the
* buffer was big enough, otherwise double the size and try
* again.
- */
+ */
if (len - ifcp->ifc_len >= sizeof(struct ifreq))
break;
len *= 2;
diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c
index e430ee5744d..cf2fd1440c2 100644
--- a/sbin/isakmpd/ike_phase_1.c
+++ b/sbin/isakmpd/ike_phase_1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_phase_1.c,v 1.58 2005/01/29 17:07:55 hshoexer Exp $ */
+/* $OpenBSD: ike_phase_1.c,v 1.59 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */
/*
@@ -734,7 +734,7 @@ ike_phase_1_post_exchange_KE_NONCE(struct message *msg)
prf->Final(key, prf->prfctx);
for (len = prf->blocksize, p = key; len < exchange->key_length;
- len += prf->blocksize, p += prf->blocksize) {
+ len += prf->blocksize, p += prf->blocksize) {
prf->Init(prf->prfctx);
prf->Update(prf->prfctx, p, prf->blocksize);
prf->Final(p + prf->blocksize, prf->prfctx);
@@ -1199,7 +1199,7 @@ ike_phase_1_validate_prop(struct exchange *exchange, struct sa *sa,
* we have, they do not provide?
*/
for (node = LIST_FIRST(&vs.attrs);
- node; node = next_node) {
+ node; node = next_node) {
next_node =
LIST_NEXT(node, link);
if (node->type ==
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index 3d719a6d69c..a40a54cb949 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.90 2005/03/22 12:43:39 hshoexer Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.91 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -168,7 +168,7 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa)
/*
* For shared keys, just duplicate the passphrase with the
* appropriate prefix tag.
- */
+ */
nprinc = 3;
principal = calloc(nprinc, sizeof *principal);
if (!principal) {
@@ -609,12 +609,11 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
/*
* Life durations are special, we should be
* able to specify several, one per type.
- */
+ */
life_conf = conf_get_list(xf->field, "Life");
if (life_conf) {
for (life = TAILQ_FIRST(&life_conf->fields);
- life;
- life = TAILQ_NEXT(life, link)) {
+ life; life = TAILQ_NEXT(life, link)) {
attribute_set_constant(
life->field, "LIFE_TYPE",
ipsec_duration_cst,
@@ -650,7 +649,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
}
attribute_set_constant(xf->field,
"ENCAPSULATION_MODE", ipsec_encap_cst,
- IPSEC_ATTR_ENCAPSULATION_MODE, &attr);
+ IPSEC_ATTR_ENCAPSULATION_MODE, &attr);
if (proto_id != IPSEC_PROTO_IPCOMP) {
attribute_set_constant(xf->field,
@@ -714,7 +713,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
* description is specified, it is
* specified for all transforms
* equally.
- */
+ */
attr =
(u_int8_t *)conf_get_str(xf->field,
"GROUP_DESCRIPTION");
@@ -736,7 +735,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
/*
* Get SPI from application.
* XXX Should we care about unknown constants?
- */
+ */
protocol_num = constant_value(ipsec_proto_cst,
protocol_id);
spi = doi->get_spi(&spi_sz, protocol_num, msg);
@@ -855,8 +854,8 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
saved_nextp_prop = msg->nextp;
for (xf_no = 0; xf_no < transform_cnt[i]; xf_no++) {
if (message_add_payload(msg, ISAKMP_PAYLOAD_TRANSFORM,
- transform[i][xf_no],
- transform_len[i][xf_no], update_nextp))
+ transform[i][xf_no],
+ transform_len[i][xf_no], update_nextp))
goto bail_out;
update_nextp = 1;
transform[i][xf_no] = 0;
@@ -959,7 +958,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg)
return -1;
}
memcpy(id + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src),
- sockaddr_addrlen(src));
+ sockaddr_addrlen(src));
LOG_DBG_BUF((LOG_NEGOTIATION, 90,
"initiator_send_HASH_SA_NONCE: IDic", id, sz));
@@ -1002,7 +1001,7 @@ bail_out:
free(proposal[i]);
if (transform[i]) {
for (xf_no = 0; xf_no < transform_cnt[i];
- xf_no++)
+ xf_no++)
if (transform[i][xf_no])
free(transform[i][xf_no]);
free(transform[i]);
@@ -1150,9 +1149,9 @@ initiator_recv_HASH_SA_NONCE(struct message *msg)
* peers, without any constraints on the protocol or port
* numbers allowed, unless client identifiers are specified
* in Quick Mode.
- *
+ *
* -- Michael Paddon (mwp@aba.net.au)
- */
+ */
ie->flags = IPSEC_EXCH_FLAG_NO_ID;
@@ -1209,19 +1208,19 @@ initiator_recv_HASH_SA_NONCE(struct message *msg)
return -1;
}
memcpy(ie->id_ci + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src),
- sockaddr_addrlen(src));
+ sockaddr_addrlen(src));
memcpy(ie->id_cr + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(dst),
- sockaddr_addrlen(dst));
+ sockaddr_addrlen(dst));
}
/* Build the protection suite in our SA. */
for (xf = payload_first(msg, ISAKMP_PAYLOAD_TRANSFORM); xf;
- xf = TAILQ_NEXT(xf, link)) {
+ xf = TAILQ_NEXT(xf, link)) {
/*
* XXX We could check that the proposal each transform
* belongs to is unique.
- */
+ */
if (sa_add_transform(sa, xf, exchange->initiator, &proto))
return -1;
@@ -1285,7 +1284,7 @@ initiator_send_HASH(struct message *msg)
buf = malloc(ISAKMP_HASH_SZ + hash->hashsize);
if (!buf) {
log_error("initiator_send_HASH: malloc (%lu) failed",
- ISAKMP_HASH_SZ + (unsigned long)hash->hashsize);
+ ISAKMP_HASH_SZ + (unsigned long)hash->hashsize);
return -1;
}
if (message_add_payload(msg, ISAKMP_PAYLOAD_HASH, buf,
@@ -1295,7 +1294,7 @@ initiator_send_HASH(struct message *msg)
}
/* Allocate the prf and start calculating our HASH(3). XXX Share? */
LOG_DBG_BUF((LOG_NEGOTIATION, 90, "initiator_send_HASH: SKEYID_a",
- isa->skeyid_a, isa->skeyid_len));
+ isa->skeyid_a, isa->skeyid_len));
prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_a,
isa->skeyid_len);
if (!prf)
@@ -1344,9 +1343,9 @@ post_quick_mode(struct message *msg)
* per protocol.
*/
for (sa = TAILQ_FIRST(&exchange->sa_list); sa;
- sa = TAILQ_NEXT(sa, next)) {
+ sa = TAILQ_NEXT(sa, next)) {
for (proto = TAILQ_FIRST(&sa->protos); proto;
- proto = TAILQ_NEXT(proto, link)) {
+ proto = TAILQ_NEXT(proto, link)) {
if (proto->proto == IPSEC_PROTO_IPCOMP)
continue;
@@ -1355,7 +1354,7 @@ post_quick_mode(struct message *msg)
/*
* There are two SAs for each SA negotiation,
* incoming and outcoing.
- */
+ */
for (i = 0; i < 2; i++) {
prf = prf_alloc(isa->prf_type, isa->hash,
isa->skeyid_d, isa->skeyid_len);
@@ -1370,7 +1369,7 @@ post_quick_mode(struct message *msg)
* material buffer to a multiple of the PRF's
* blocksize as it is generated in chunks of
* that blocksize.
- */
+ */
iproto->keymat[i]
= malloc(((ie->keymat_len + prf->blocksize - 1)
/ prf->blocksize) * prf->blocksize);
@@ -1386,7 +1385,7 @@ post_quick_mode(struct message *msg)
}
for (keymat = iproto->keymat[i];
keymat < iproto->keymat[i] + ie->keymat_len;
- keymat += prf->blocksize) {
+ keymat += prf->blocksize) {
prf->Init(prf->prfctx);
if (keymat != iproto->keymat[i]) {
@@ -1491,7 +1490,7 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
my_hash = malloc(hash_len - ISAKMP_GEN_SZ);
if (!my_hash) {
log_error("responder_recv_HASH_SA_NONCE: malloc (%lu) failed",
- (unsigned long)hash_len - ISAKMP_GEN_SZ);
+ (unsigned long)hash_len - ISAKMP_GEN_SZ);
goto cleanup;
}
/*
@@ -1506,21 +1505,21 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
goto cleanup;
prf->Init(prf->prfctx);
LOG_DBG_BUF((LOG_NEGOTIATION, 90,
- "responder_recv_HASH_SA_NONCE: message_id",
- exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
+ "responder_recv_HASH_SA_NONCE: message_id",
+ exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
prf->Update(prf->prfctx, exchange->message_id,
ISAKMP_HDR_MESSAGE_ID_LEN);
LOG_DBG_BUF((LOG_NEGOTIATION, 90,
- "responder_recv_HASH_SA_NONCE: message after HASH",
- hash + hash_len,
- msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len));
+ "responder_recv_HASH_SA_NONCE: message after HASH",
+ hash + hash_len,
+ msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len));
prf->Update(prf->prfctx, hash + hash_len,
- msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len);
+ msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len);
prf->Final(my_hash, prf->prfctx);
prf_free(prf);
LOG_DBG_BUF((LOG_NEGOTIATION, 90,
- "responder_recv_HASH_SA_NONCE: computed HASH(1)", my_hash,
- hash_len - ISAKMP_GEN_SZ));
+ "responder_recv_HASH_SA_NONCE: computed HASH(1)", my_hash,
+ hash_len - ISAKMP_GEN_SZ));
if (memcmp(hash + ISAKMP_GEN_SZ, my_hash, hash_len - ISAKMP_GEN_SZ)
!= 0) {
message_drop(msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0,
@@ -1584,9 +1583,9 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
* peers, without any constraints on the protocol or port
* numbers allowed, unless client identifiers are specified
* in Quick Mode.
- *
+ *
* -- Michael Paddon (mwp@aba.net.au)
- */
+ */
ie->flags = IPSEC_EXCH_FLAG_NO_ID;
@@ -1628,9 +1627,9 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
}
memcpy(ie->id_cr + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(src),
- sockaddr_addrlen(src));
+ sockaddr_addrlen(src));
memcpy(ie->id_ci + ISAKMP_ID_DATA_OFF, sockaddr_addrdata(dst),
- sockaddr_addrlen(dst));
+ sockaddr_addrlen(dst));
}
#ifdef USE_POLICY
@@ -1647,9 +1646,9 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
#endif /* USE_POLICY */
for (sa = TAILQ_FIRST(&exchange->sa_list); sa;
- sa = TAILQ_NEXT(sa, next)) {
+ sa = TAILQ_NEXT(sa, next)) {
for (proto = TAILQ_FIRST(&sa->protos); proto;
- proto = TAILQ_NEXT(proto, link)) {
+ proto = TAILQ_NEXT(proto, link)) {
/*
* XXX we need to have some attributes per proto, not
* all per SA.
@@ -1708,7 +1707,7 @@ next_sa:
* description we should notify our peer, but this
* should probably be done by the attribute
* validation. Is it?
- */
+ */
goto cleanup;
}
}
@@ -1746,9 +1745,9 @@ next_sa:
strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) {
log_print("responder_recv_HASH_SA_NONCE: peer proposed "
"invalid phase 2 IDs: %s",
- (exchange->doi->decode_ids("initiator id %s, responder"
- " id %s", ie->id_ci, ie->id_ci_sz, ie->id_cr,
- ie->id_cr_sz, 1)));
+ (exchange->doi->decode_ids("initiator id %s, responder"
+ " id %s", ie->id_ci, ie->id_ci_sz, ie->id_cr,
+ ie->id_cr_sz, 1)));
message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0);
goto cleanup;
}
@@ -1758,7 +1757,7 @@ next_sa:
cleanup:
/* Remove all potential protocols that have been added to the SAs. */
for (sa = TAILQ_FIRST(&exchange->sa_list); sa;
- sa = TAILQ_NEXT(sa, next))
+ sa = TAILQ_NEXT(sa, next))
while ((proto = TAILQ_FIRST(&sa->protos)) != 0)
proto_free(proto);
if (my_hash)
@@ -1864,8 +1863,8 @@ responder_send_HASH_SA_NONCE(struct message *msg)
return -1;
prf->Init(prf->prfctx);
LOG_DBG_BUF((LOG_NEGOTIATION, 90,
- "responder_send_HASH_SA_NONCE: message_id",
- exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
+ "responder_send_HASH_SA_NONCE: message_id",
+ exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
prf->Update(prf->prfctx, exchange->message_id,
ISAKMP_HDR_MESSAGE_ID_LEN);
LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_send_HASH_SA_NONCE: "
@@ -1879,7 +1878,7 @@ responder_send_HASH_SA_NONCE(struct message *msg)
"responder_send_HASH_SA_NONCE: payload %d after HASH(2)",
i - 1);
LOG_DBG_BUF((LOG_NEGOTIATION, 90, header, msg->iov[i].iov_base,
- msg->iov[i].iov_len));
+ msg->iov[i].iov_len));
prf->Update(prf->prfctx, msg->iov[i].iov_base,
msg->iov[i].iov_len);
}
@@ -1910,7 +1909,7 @@ gen_g_xy(struct message *msg)
return;
}
if (dh_create_shared(ie->group, ie->g_xy,
- exchange->initiator ? ie->g_xr : ie->g_xi)) {
+ exchange->initiator ? ie->g_xr : ie->g_xi)) {
log_print("gen_g_xy: dh_create_shared failed");
return;
}
@@ -1944,7 +1943,7 @@ responder_recv_HASH(struct message *msg)
LOG_DBG((LOG_NEGOTIATION, 90, "responder_recv_HASH: "
"isakmp_sa %p isa %p", isakmp_sa, isa));
LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: SKEYID_a",
- isa->skeyid_a, isa->skeyid_len));
+ isa->skeyid_a, isa->skeyid_len));
prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_a,
isa->skeyid_len);
if (!prf)
@@ -1952,20 +1951,20 @@ responder_recv_HASH(struct message *msg)
prf->Init(prf->prfctx);
prf->Update(prf->prfctx, (unsigned char *)"\0", 1);
LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: message_id",
- exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
+ exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN));
prf->Update(prf->prfctx, exchange->message_id,
ISAKMP_HDR_MESSAGE_ID_LEN);
LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: NONCE_I_b",
- exchange->nonce_i, exchange->nonce_i_len));
+ exchange->nonce_i, exchange->nonce_i_len));
prf->Update(prf->prfctx, exchange->nonce_i, exchange->nonce_i_len);
LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH: NONCE_R_b",
- exchange->nonce_r, exchange->nonce_r_len));
+ exchange->nonce_r, exchange->nonce_r_len));
prf->Update(prf->prfctx, exchange->nonce_r, exchange->nonce_r_len);
prf->Final(my_hash, prf->prfctx);
prf_free(prf);
LOG_DBG_BUF((LOG_NEGOTIATION, 90,
- "responder_recv_HASH: computed HASH(3)", my_hash,
- hash_len - ISAKMP_GEN_SZ));
+ "responder_recv_HASH: computed HASH(3)", my_hash,
+ hash_len - ISAKMP_GEN_SZ));
if (memcmp(hash + ISAKMP_GEN_SZ, my_hash, hash_len - ISAKMP_GEN_SZ)
!= 0) {
message_drop(msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0,
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index 724640c373c..1475fba5f70 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.109 2005/04/04 18:40:45 hshoexer Exp $ */
+/* $OpenBSD: ipsec.c,v 1.110 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@@ -337,7 +337,7 @@ ipsec_finalize_exchange(struct message *msg)
/*
* Tell the application(s) about the SPIs and key
* material.
- */
+ */
for (sa = TAILQ_FIRST(&exchange->sa_list); sa;
sa = TAILQ_NEXT(sa, next)) {
isa = sa->data;
@@ -426,7 +426,7 @@ ipsec_finalize_exchange(struct message *msg)
* If this is not an SA acquired by the
* kernel, it needs to have a SPD entry
* (a.k.a. flow) set up.
- */
+ */
if (!(sa->flags & SA_FLAG_ONDEMAND ||
conf_get_str("General", "Acquire-Only")
|| acquire_only)
@@ -871,15 +871,15 @@ ipsec_validate_key_information(u_int8_t *buf, size_t sz)
static int
ipsec_validate_notification(u_int16_t type)
{
- return type < IPSEC_NOTIFY_RESPONDER_LIFETIME
- || type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0;
+ return type < IPSEC_NOTIFY_RESPONDER_LIFETIME ||
+ type > IPSEC_NOTIFY_INITIAL_CONTACT ? -1 : 0;
}
static int
ipsec_validate_proto(u_int8_t proto)
{
- return proto < IPSEC_PROTO_IPSEC_AH
- || proto > IPSEC_PROTO_IPCOMP ? -1 : 0;
+ return proto < IPSEC_PROTO_IPSEC_AH ||
+ proto > IPSEC_PROTO_IPCOMP ? -1 : 0;
}
static int
@@ -907,21 +907,21 @@ ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id)
* As no unexpected protocols can occur, we just tie the
* default case to the first case, in orer to silence a GCC
* warning.
- */
+ */
default:
case ISAKMP_PROTO_ISAKMP:
return transform_id != IPSEC_TRANSFORM_KEY_IKE;
case IPSEC_PROTO_IPSEC_AH:
- return transform_id < IPSEC_AH_MD5
- || transform_id > IPSEC_AH_DES ? -1 : 0;
+ return transform_id < IPSEC_AH_MD5 ||
+ transform_id > IPSEC_AH_DES ? -1 : 0;
case IPSEC_PROTO_IPSEC_ESP:
- return transform_id < IPSEC_ESP_DES_IV64
- || (transform_id > IPSEC_ESP_AES_128_CTR
- && transform_id < IPSEC_ESP_AES_MARS)
- || transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
+ return transform_id < IPSEC_ESP_DES_IV64 ||
+ (transform_id > IPSEC_ESP_AES_128_CTR &&
+ transform_id < IPSEC_ESP_AES_MARS) ||
+ transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
case IPSEC_PROTO_IPCOMP:
- return transform_id < IPSEC_IPCOMP_OUI
- || transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0;
+ return transform_id < IPSEC_IPCOMP_OUI ||
+ transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0;
}
}
@@ -934,12 +934,12 @@ ipsec_initiator(struct message *msg)
/* Check that the SA is coherent with the IKE rules. */
if (exchange->type != ISAKMP_EXCH_TRANSACTION
&& ((exchange->phase == 1 &&
- exchange->type != ISAKMP_EXCH_ID_PROT &&
- exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
- exchange->type != ISAKMP_EXCH_INFO)
- || (exchange->phase == 2 &&
- exchange->type != IKE_EXCH_QUICK_MODE &&
- exchange->type != ISAKMP_EXCH_INFO))) {
+ exchange->type != ISAKMP_EXCH_ID_PROT &&
+ exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
+ exchange->type != ISAKMP_EXCH_INFO)
+ || (exchange->phase == 2 &&
+ exchange->type != IKE_EXCH_QUICK_MODE &&
+ exchange->type != ISAKMP_EXCH_INFO))) {
log_print("ipsec_initiator: unsupported exchange type %d "
"in phase %d", exchange->type, exchange->phase);
return -1;
@@ -1086,7 +1086,7 @@ ipsec_responder(struct message *msg)
/*
* If any DELETEs are in here, let the logic of leftover
* payloads deal with them.
- */
+ */
return 0;
case IKE_EXCH_QUICK_MODE:
@@ -1181,7 +1181,7 @@ ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
/*
* Our crypto routines only allows key-lengths which
* are multiples of an octet.
- */
+ */
return dv % 8 != 0;
case IKE_ATTR_FIELD_SIZE:
return 1;
@@ -1631,14 +1631,14 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type,
* Permit INITIAL-CONTACT if
* - this is not an AGGRESSIVE mode exchange
* - it is protected by an ISAKMP SA
- *
+ *
* XXX Instead of the first condition above, we could
* XXX permit this only for phase 2. In the last
* XXX packet of main-mode, this payload, while
* XXX encrypted, is not part of the hash digest. As
* XXX we currently send our own INITIAL-CONTACTs at
* XXX this point, this too would need to be changed.
- */
+ */
if (msg->exchange->type == ISAKMP_EXCH_AGGRESSIVE) {
log_print("ipsec_handle_leftover_payload: got "
"INITIAL-CONTACT in AGGRESSIVE mode");
@@ -1661,7 +1661,7 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type,
* SA that is ready. Exchanges will timeout
* themselves and then the non-ready SAs will
* disappear too.
- */
+ */
msg->transport->vtbl->get_dst(msg->transport, &dst);
while ((sa = sa_lookup_by_peer(dst,
sysdep_sa_len(dst))) != 0) {
@@ -1672,7 +1672,7 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type,
* the SA from the list to avoid an endless
* loop, but keep a reference so it won't
* disappear meanwhile.
- */
+ */
if (sa == msg->isakmp_sa) {
sa_reference(sa);
sa_remove(sa);
diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c
index 222d0c679a2..e19ded0def4 100644
--- a/sbin/isakmpd/isakmp_cfg.c
+++ b/sbin/isakmpd/isakmp_cfg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmp_cfg.c,v 1.34 2004/08/08 19:11:06 deraadt Exp $ */
+/* $OpenBSD: isakmp_cfg.c,v 1.35 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 2001 Niklas Hallqvist. All rights reserved.
@@ -239,7 +239,7 @@ cfg_initiator_send_ATTR(struct message *msg)
/*
* We can continue, but this indicates a configuration error
* that the user probably will want to correct.
- */
+ */
free(id_string);
return 0;
}
diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c
index 72f8e489ff6..2e889b9770f 100644
--- a/sbin/isakmpd/isakmpd.c
+++ b/sbin/isakmpd/isakmpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmpd.c,v 1.74 2005/03/22 17:27:59 cloder Exp $ */
+/* $OpenBSD: isakmpd.c,v 1.75 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */
/*
@@ -163,7 +163,7 @@ parse_args(int argc, char *argv[])
if (sscanf(optarg, "%d=%d", &cls, &level) != 2) {
if (sscanf(optarg, "A=%d", &level) == 1) {
for (cls = 0; cls < LOG_ENDCLASS;
- cls++)
+ cls++)
log_debug_cmd(cls, level);
} else
log_print("parse_args: -D argument "
@@ -317,7 +317,7 @@ daemon_shutdown(void)
log_print("isakmpd: shutting down...");
/*
- * Delete all active SAs. First IPsec SAs, then ISAKMPD.
+ * Delete all active SAs. First IPsec SAs, then ISAKMPD.
* Each DELETE is another (outgoing) message.
*/
while ((sa = sa_find(phase2_sa_check, NULL)))
@@ -331,7 +331,7 @@ daemon_shutdown(void)
/*
* When the prioritized transport sendq:s are empty, i.e all
* the DELETE notifications have been sent, we can shutdown.
- */
+ */
#ifdef USE_DEBUG
log_packet_stop();
@@ -490,7 +490,7 @@ main(int argc, char *argv[])
* and if someone set 'sigtermed' (SIGTERM, SIGINT or via the
* UI), this indicates we should start a controlled shutdown
* of the daemon.
- *
+ *
* Note: Since _one_ message is sent per iteration of this
* enclosing while-loop, and we want to send a number of
* DELETE notifications, we must loop atleast this number of
@@ -498,7 +498,7 @@ main(int argc, char *argv[])
* the DELETEs, all other calls just increments the
* 'sigtermed' variable until it reaches a "safe" value, and
* the daemon exits.
- */
+ */
if (sigtermed)
daemon_shutdown();
@@ -513,7 +513,7 @@ main(int argc, char *argv[])
* XXX Some day we might want to deal with an abstract
* application class instead, with many instantiations
* possible.
- */
+ */
if (!app_none && app_socket >= 0) {
FD_SET(app_socket, rfds);
if (app_socket + 1 > n)
@@ -539,7 +539,7 @@ main(int argc, char *argv[])
* condition time to resolve without letting
* this process eat up all available CPU
* we sleep for a short while.
- */
+ */
sleep(1);
}
} else if (n) {
diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c
index b4abd320148..aeffda7d569 100644
--- a/sbin/isakmpd/log.c
+++ b/sbin/isakmpd/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.51 2005/02/27 13:12:12 hshoexer Exp $ */
+/* $OpenBSD: log.c,v 1.52 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */
/*
@@ -424,7 +424,7 @@ log_packet_init(char *newname)
/* Sanity checks. */
if ((st.st_mode & S_IFMT) != S_IFREG) {
log_print("log_packet_init: existing capture file is "
- "not a regular file");
+ "not a regular file");
return;
}
if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c
index 47efd79ce5f..9f416cd5d43 100644
--- a/sbin/isakmpd/math_2n.c
+++ b/sbin/isakmpd/math_2n.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_2n.c,v 1.17 2005/02/27 13:12:12 hshoexer Exp $ */
+/* $OpenBSD: math_2n.c,v 1.18 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */
/*
@@ -219,7 +219,7 @@ b2n_set_str(b2n_ptr n, char *str)
tmp = 0;
for (j = (i == 0 ?
((len - 1) % CHUNK_BYTES) + 1 : CHUNK_BYTES);
- j > 0; j--) {
+ j > 0; j--) {
tmp <<= 8;
tmp |= (hex2int(str[w]) << 4) | hex2int(str[w + 1]);
w += 2;
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index cd313a2a54f..d5087c2cc20 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.98 2005/03/05 12:35:03 ho Exp $ */
+/* $OpenBSD: message.c,v 1.99 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */
/*
@@ -241,7 +241,7 @@ message_free(struct message *msg)
if (msg->payload) {
for (i = 0; i < payload_index_max; i++)
for (payload = payload_first(msg, i); payload;
- payload = next) {
+ payload = next) {
next = TAILQ_NEXT(payload, link);
free(payload);
}
@@ -321,7 +321,7 @@ message_parse_payloads(struct message *msg, struct payload *p, u_int8_t next,
}
/*
* Decode and validate the payload length field.
- */
+ */
len = GET_ISAKMP_GEN_LENGTH(buf);
if (message_payload_sz(payload) == 0) {
@@ -360,7 +360,7 @@ message_parse_payloads(struct message *msg, struct payload *p, u_int8_t next,
/*
* Check if the current payload is one of the accepted ones at
* this stage.
- */
+ */
if (!ISSET(payload, accepted_payloads)) {
log_print("message_parse_payloads: payload type %s "
"unexpected", constant_name(isakmp_payload_cst,
@@ -680,7 +680,7 @@ message_validate_hash(struct message *msg, struct payload *p)
/* If no SKEYID_a, we can not do anything (should not happen). */
if (!isa->skeyid_a)
goto invalid;
-
+
/* Allocate the prf and start calculating our HASH(1). */
LOG_DBG_BUF((LOG_MISC, 90, "message_validate_hash: SKEYID_a",
isa->skeyid_a, isa->skeyid_len));
@@ -870,7 +870,7 @@ message_validate_notify(struct message *msg, struct payload *p)
}
/* Validate the SPI. XXX Just ISAKMP for now. */
- if (proto == ISAKMP_PROTO_ISAKMP &&
+ if (proto == ISAKMP_PROTO_ISAKMP &&
GET_ISAKMP_NOTIFY_SPI_SZ(p->p) == ISAKMP_HDR_COOKIES_LEN &&
msg->isakmp_sa &&
memcmp(p->p + ISAKMP_NOTIFY_SPI_OFF, msg->isakmp_sa->cookies,
@@ -1234,13 +1234,13 @@ message_recv(struct message *msg)
* This might be a retransmission of a former ISAKMP SA setup
* message. If so, just drop it.
* XXX Must we really look in both the SA and exchange pools?
- */
+ */
if (exchange_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF)
|| sa_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF)) {
/*
* XXX Later we should differentiate between
* retransmissions and potential replay attacks.
- */
+ */
LOG_DBG((LOG_MESSAGE, 90,
"message_recv: dropping setup for existing SA"));
message_free(msg);
@@ -1255,7 +1255,7 @@ message_recv(struct message *msg)
* If we cannot find an ISAKMP SA out of the cookies, this is
* either a responder's first reply, and we need to upgrade
* our exchange, or it's just plain invalid cookies.
- */
+ */
if (!msg->isakmp_sa) {
msg->exchange = exchange_lookup_from_icookie(buf +
ISAKMP_HDR_ICOOKIE_OFF);
@@ -1359,7 +1359,7 @@ message_recv(struct message *msg)
/*
* XXX Very likely redundant, look at the else clause of the
* if (setup_isakmp_sa) statement above.
- */
+ */
msg->exchange = exchange_lookup(buf, 0);
if (!msg->exchange) {
log_print("message_recv: phase 1 message after "
@@ -1715,7 +1715,7 @@ message_send_delete(struct sa *sa)
/*
* XXX We ought to setup an ISAKMP SA with our peer here and
* send the DELETE over that one.
- */
+ */
return;
}
args.discr = 'D';
@@ -1782,7 +1782,7 @@ message_send_info(struct message *msg)
sz = ISAKMP_DELETE_SPI_OFF + args->u.d.nspis * args->spi_sz;
break;
}
-
+
buf = calloc(1, sz);
if (!buf) {
log_error("message_send_info: calloc (1, %lu) failed",
@@ -2031,7 +2031,7 @@ message_check_duplicate(struct message *msg)
* Retransmit if the previos sent message was the last
* of an exchange, otherwise just wait for the
* ordinary retransmission.
- */
+ */
if (exchange->last_sent && (exchange->last_sent->flags
& MSG_LAST))
message_send(exchange->last_sent);
@@ -2140,7 +2140,7 @@ retry_transform:
/*
* Figure out if we will be looking at a new protocol proposal
* inside the current protection suite.
- */
+ */
if (next_tp && propp != next_propp && sap == next_sap
&& (GET_ISAKMP_PROP_NO(propp->p)
== GET_ISAKMP_PROP_NO(next_propp->p))) {
@@ -2182,7 +2182,7 @@ retry_transform:
/*
* Check if the suite we just considered was OK, if so
* we check it against the accepted ones.
- */
+ */
if (suite_ok_so_far) {
if (!validate || validate(exchange, sa,
msg->isakmp_sa)) {
@@ -2230,7 +2230,7 @@ retry_transform:
* seeing we just turn down one of the offers,
* can we? I suggest renaming message_drop to
* something else.
- */
+ */
log_print("message_negotiate_sa: no "
"compatible proposal found");
message_drop(msg,
@@ -2373,7 +2373,7 @@ message_add_sa_payload(struct message *msg)
* Add the payloads. As this is a SA, we need to recompute the
* lengths of the payloads containing others. We also need to
* reset these payload's "next payload type" field.
- */
+ */
if (message_add_payload(msg, ISAKMP_PAYLOAD_SA, sa_buf,
sa_len, 1))
goto cleanup;
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c
index 873de7ee643..ba14f16ba0e 100644
--- a/sbin/isakmpd/monitor.c
+++ b/sbin/isakmpd/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.36 2005/03/11 12:39:55 hshoexer Exp $ */
+/* $OpenBSD: monitor.c,v 1.37 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 2003 Håkan Olsson. All rights reserved.
@@ -181,7 +181,6 @@ monitor_ui_init(void)
errout:
log_error("monitor_ui_init: problem talking to privileged process");
- return;
}
int
@@ -491,8 +490,6 @@ monitor_init_done(void)
{
if (m_write_int32(m_state.s, MONITOR_INIT_DONE))
log_print("monitor_init_done: read/write error");
-
- return;
}
/*
@@ -552,7 +549,7 @@ monitor_loop(int debug)
/*
* Currently, there is no need for us to hang around if the
* child is in the process of shutting down.
- */
+ */
if (sigtermed) {
m_priv_increase_state(STATE_QUIT);
kill(m_state.pid, SIGTERM);
@@ -680,7 +677,6 @@ m_priv_ui_init(int s)
errout:
log_error("m_priv_ui_init: read/write operation failed");
- return;
}
/* Privileged: called by monitor_loop. */
@@ -710,7 +706,6 @@ m_priv_pfkey_open(int s)
errout:
log_error("m_priv_pfkey_open: read/write operation failed");
- return;
}
/* Privileged: called by monitor_loop. */
@@ -763,7 +758,6 @@ m_priv_getfd(int s)
errout:
log_error("m_priv_getfd: read/write operation failed");
- return;
}
/* Privileged: called by monitor_loop. */
@@ -802,7 +796,6 @@ m_priv_getsocket(int s)
errout:
log_error("m_priv_getsocket: read/write operation failed");
- return;
}
/* Privileged: called by monitor_loop. */
@@ -862,7 +855,6 @@ errout:
free(optval);
if (sock >= 0)
close(sock);
- return;
}
/* Privileged: called by monitor_loop. */
@@ -920,7 +912,6 @@ errout:
free(name);
if (sock >= 0)
close(sock);
- return;
}
/*
@@ -1123,5 +1114,4 @@ m_priv_test_state(int state)
if (cur_state != state)
log_print("m_priv_test_state: Illegal state: %d != %d",
(int)cur_state, state);
- return;
}
diff --git a/sbin/isakmpd/nat_traversal.c b/sbin/isakmpd/nat_traversal.c
index 53cd1ad77f2..db4aebc12bc 100644
--- a/sbin/isakmpd/nat_traversal.c
+++ b/sbin/isakmpd/nat_traversal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nat_traversal.c,v 1.10 2005/03/05 12:22:40 ho Exp $ */
+/* $OpenBSD: nat_traversal.c,v 1.11 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -159,7 +159,6 @@ nat_t_add_vendor_payload(struct message *msg, char *hash)
free(buf);
return -1;
}
-
return 0;
}
@@ -172,11 +171,9 @@ nat_t_add_vendor_payloads(struct message *msg)
if (!nat_t_hashes)
if (nat_t_setup_hashes())
return 0; /* XXX should this be an error? */
-
while (nat_t_hashes[i])
if (nat_t_add_vendor_payload(msg, nat_t_hashes[i++]))
return -1;
-
return 0;
}
@@ -218,8 +215,6 @@ nat_t_check_vendor_payload(struct message *msg, struct payload *p)
p->flags |= PL_MARK;
return;
}
-
- return;
}
/* Generate the NAT-D payload hash : HASH(CKY-I | CKY-R | IP | Port). */
@@ -257,7 +252,6 @@ nat_t_generate_nat_d_hash(struct message *msg, struct sockaddr *sa,
hash->Update(hash->ctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa));
hash->Update(hash->ctx, (unsigned char *)&port, sizeof port);
hash->Final(res, hash->ctx);
-
return res;
}
@@ -291,7 +285,6 @@ nat_t_add_nat_d(struct message *msg, struct sockaddr *sa)
free(buf);
return -1;
}
-
return 0;
}
@@ -309,7 +302,6 @@ nat_t_exchange_add_nat_d(struct message *msg)
msg->transport->vtbl->get_src(msg->transport, &sa);
if (nat_t_add_nat_d(msg, sa))
return -1;
-
return 0;
}
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 9271c69f64a..9dc78bce4ed 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.155 2005/03/02 12:49:51 hshoexer Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.156 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -135,7 +135,7 @@ static u_int8_t *pf_key_v2_convert_id(u_int8_t *, int, size_t *, int *);
#endif
static struct pf_key_v2_msg *pf_key_v2_call(struct pf_key_v2_msg *);
static struct pf_key_v2_node *pf_key_v2_find_ext(struct pf_key_v2_msg *,
- u_int16_t);
+ u_int16_t);
static void pf_key_v2_notify(struct pf_key_v2_msg *);
static struct pf_key_v2_msg *pf_key_v2_read(u_int32_t);
static u_int32_t pf_key_v2_seq(void);
@@ -827,7 +827,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,
(unsigned long)sizeof *ssa);
goto cleanup;
}
-
+
ssa->sadb_sa_exttype = SADB_EXT_SA;
ssa->sadb_sa_len = sizeof *ssa / PF_KEY_V2_CHUNK;
memcpy(&ssa->sadb_sa_spi, spi, sizeof ssa->sadb_sa_spi);
@@ -884,7 +884,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,
ext = pf_key_v2_find_ext(ret, SADB_EXT_SA);
if (!ext)
goto cleanup;
-
+
ssa = (struct sadb_sa *)ext;
ksa.spi = ssa->sadb_sa_spi;
ksa.wnd = ssa->sadb_sa_replay;
@@ -907,7 +907,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,
ksa.soft_timeout = life->sadb_lifetime_addtime;
ksa.soft_first_use = life->sadb_lifetime_usetime;
}
-
+
ext = pf_key_v2_find_ext(ret, SADB_EXT_LIFETIME_HARD);
if (ext) {
life = (struct sadb_lifetime *)ext->seg;
@@ -917,7 +917,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,
ksa.exp_first_use = life->sadb_lifetime_usetime;
}
-#if defined (SADB_X_EXT_LIFETIME_LASTUSE)
+#if defined (SADB_X_EXT_LIFETIME_LASTUSE)
ext = pf_key_v2_find_ext(ret, SADB_X_EXT_LIFETIME_LASTUSE);
if (ext) {
life = (struct sadb_lifetime *)ext->seg;
@@ -932,7 +932,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,
sa->sa_family == AF_INET ? sizeof(struct sockaddr_in) :
sizeof(struct sockaddr_in6));
}
-
+
ext = pf_key_v2_find_ext(ret, SADB_EXT_ADDRESS_DST);
if (ext) {
sa = (struct sockaddr *)ext->seg;
@@ -963,7 +963,7 @@ pf_key_v2_get_kernel_sa(u_int8_t *spi, size_t spi_sz, u_int8_t proto,
spi_sz));
return &ksa;
-
+
cleanup:
if (addr)
free (addr);
@@ -1361,7 +1361,7 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,
life->sadb_lifetime_usetime = 0;
#endif
if (pf_key_v2_msg_add(update, (struct sadb_ext *) life,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
life = 0;
@@ -2043,7 +2043,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
pf_key_v2_setup_sockaddr(addr + 1, dst, 0, 0, 0);
#endif
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
}
@@ -2056,7 +2056,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_reserved = 0;
pf_key_v2_setup_sockaddr(addr + 1, laddr, 0, sport, 0);
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
@@ -2068,7 +2068,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_reserved = 0;
pf_key_v2_setup_sockaddr(addr + 1, lmask, 0, sport ? 0xffff : 0, 0);
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
@@ -2080,7 +2080,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_reserved = 0;
pf_key_v2_setup_sockaddr(addr + 1, raddr, 0, dport, 0);
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
@@ -2092,7 +2092,7 @@ pf_key_v2_flow(struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_reserved = 0;
pf_key_v2_setup_sockaddr(addr + 1, rmask, 0, dport ? 0xffff : 0, 0);
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
@@ -2228,7 +2228,7 @@ cleanup:
break;
}
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
@@ -2262,7 +2262,7 @@ cleanup:
break;
}
if (pf_key_v2_msg_add(flow, (struct sadb_ext *) addr,
- PF_KEY_V2_NODE_MALLOCED) == -1)
+ PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
addr = 0;
@@ -2401,7 +2401,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype)
switch (id[0]) {
case IPSEC_ID_FQDN:
res = calloc(idlen - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ,
- sizeof(u_int8_t));
+ sizeof(u_int8_t));
if (!res)
return 0;
@@ -2414,7 +2414,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype)
case IPSEC_ID_USER_FQDN:
res = calloc(idlen - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ,
- sizeof(u_int8_t));
+ sizeof(u_int8_t));
if (!res)
return 0;
@@ -2427,7 +2427,7 @@ pf_key_v2_convert_id(u_int8_t *id, int idlen, size_t *reslen, int *idtype)
case IPSEC_ID_IPV4_ADDR: /* XXX CONNECTION ? */
if (inet_ntop(AF_INET, id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ,
- addrbuf, ADDRESS_MAX) == NULL)
+ addrbuf, ADDRESS_MAX) == NULL)
return 0;
*reslen = strlen(addrbuf) + 3;
strlcat(addrbuf, "/32", ADDRESS_MAX + 5);
@@ -3098,9 +3098,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
struct sadb_comb *scmb = 0;
struct sadb_prop *sprp = 0;
struct sadb_ident *srcident = 0, *dstident = 0;
- char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0,
- *conn = 0;
- char confname[120];
+ char dstbuf[ADDRESS_MAX], srcbuf[ADDRESS_MAX], *peer = 0;
+ char confname[120], *conn = 0;
char *srcid = 0, *dstid = 0, *prefstring = 0;
int slen, af, afamily, masklen, buflen;
struct sockaddr *smask, *sflow, *dmask, *dflow;
@@ -3551,8 +3550,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
default:
LOG_DBG((LOG_SYSDEP, 20,
- "pf_key_v2_acquire: invalid source ID type %d",
- srcident->sadb_ident_type));
+ "pf_key_v2_acquire: invalid source ID type %d",
+ srcident->sadb_ident_type));
goto fail;
}
@@ -4211,7 +4210,7 @@ pf_key_v2_handler(int fd)
*/
if (ioctl(pf_key_v2_socket, FIONREAD, &n) == -1) {
log_error("pf_key_v2_handler: ioctl (%d, FIONREAD, &n) failed",
- pf_key_v2_socket);
+ pf_key_v2_socket);
return;
}
if (!n)
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 01d7a59200f..a38348427b4 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.80 2005/03/03 15:06:55 hshoexer Exp $ */
+/* $OpenBSD: policy.c,v 1.81 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -428,7 +428,7 @@ policy_callback(char *name)
if (len == 2)
snprintf(esp_life_kbytes,
sizeof esp_life_kbytes, "%u",
- decode_16(value));
+ decode_16(value));
else
snprintf(esp_life_kbytes,
sizeof esp_life_kbytes, "%u",
@@ -713,9 +713,9 @@ policy_callback(char *name)
net = decode_32(id + ISAKMP_ID_DATA_OFF -
ISAKMP_GEN_SZ);
my_inet_ntop4(&net, remote_id_addr_upper,
- sizeof remote_id_addr_upper - 1, 1);
+ sizeof remote_id_addr_upper - 1, 1);
my_inet_ntop4(&net, remote_id_addr_lower,
- sizeof remote_id_addr_lower - 1, 1);
+ sizeof remote_id_addr_lower - 1, 1);
remote_id = strdup(remote_id_addr_upper);
if (!remote_id) {
log_error("policy_callback: "
@@ -922,8 +922,8 @@ policy_callback(char *name)
}
/* Does it contain any non-printable characters ? */
for (i = 0;
- i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ;
- i++)
+ i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ;
+ i++)
if (!isprint(*(id + ISAKMP_ID_DATA_OFF -
ISAKMP_GEN_SZ + i)))
break;
@@ -937,7 +937,7 @@ policy_callback(char *name)
/* Non-printable characters, convert to hex */
for (i = 0;
i < id_sz - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ;
- i++) {
+ i++) {
remote_id[2 * i] = hextab[*(id +
ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ) >> 4];
remote_id[2 * i + 1] = hextab[*(id +
@@ -1231,7 +1231,7 @@ policy_callback(char *name)
* characters ?
*/
for (i = 0;
- i < idremotesz - ISAKMP_ID_DATA_OFF; i++)
+ i < idremotesz - ISAKMP_ID_DATA_OFF; i++)
if (!isprint(*(idremote +
ISAKMP_ID_DATA_OFF + i)))
break;
@@ -1243,8 +1243,8 @@ policy_callback(char *name)
}
/* Non-printable characters, convert to hex */
for (i = 0;
- i < idremotesz - ISAKMP_ID_DATA_OFF;
- i++) {
+ i < idremotesz - ISAKMP_ID_DATA_OFF;
+ i++) {
remote_filter[2 * i]
= hextab[*(idremote +
ISAKMP_ID_DATA_OFF) >> 4];
@@ -1307,9 +1307,9 @@ policy_callback(char *name)
goto bad;
}
memcpy(remote_filter_addr_upper, addr,
- sizeof remote_filter_addr_upper);
+ sizeof remote_filter_addr_upper);
memcpy(remote_filter_addr_lower, addr,
- sizeof remote_filter_addr_lower);
+ sizeof remote_filter_addr_lower);
free(addr);
remote_filter = strdup(remote_filter_addr_upper);
if (!remote_filter) {
@@ -1327,9 +1327,9 @@ policy_callback(char *name)
net = decode_32(idlocal + ISAKMP_ID_DATA_OFF);
my_inet_ntop4(&net, local_filter_addr_upper,
- sizeof local_filter_addr_upper - 1, 1);
+ sizeof local_filter_addr_upper - 1, 1);
my_inet_ntop4(&net, local_filter_addr_lower,
- sizeof local_filter_addr_upper - 1, 1);
+ sizeof local_filter_addr_upper - 1, 1);
local_filter = strdup(local_filter_addr_upper);
if (!local_filter) {
log_error("policy_callback: "
@@ -1344,11 +1344,11 @@ policy_callback(char *name)
net = decode_32(idlocal + ISAKMP_ID_DATA_OFF);
my_inet_ntop4(&net, local_filter_addr_lower,
- sizeof local_filter_addr_lower - 1, 1);
+ sizeof local_filter_addr_lower - 1, 1);
net = decode_32(idlocal + ISAKMP_ID_DATA_OFF +
4);
my_inet_ntop4(&net, local_filter_addr_upper,
- sizeof local_filter_addr_upper - 1, 1);
+ sizeof local_filter_addr_upper - 1, 1);
len = strlen(local_filter_addr_upper)
+ strlen(local_filter_addr_lower) + 2;
local_filter = calloc(len, sizeof(char));
@@ -1373,12 +1373,12 @@ policy_callback(char *name)
ISAKMP_ID_DATA_OFF + 4);
net &= subnet;
my_inet_ntop4(&net, local_filter_addr_lower,
- sizeof local_filter_addr_lower - 1, 1);
+ sizeof local_filter_addr_lower - 1, 1);
net |= ~subnet;
my_inet_ntop4(&net, local_filter_addr_upper,
- sizeof local_filter_addr_upper - 1, 1);
- len = strlen(local_filter_addr_upper)
- + strlen(local_filter_addr_lower) + 2;
+ sizeof local_filter_addr_upper - 1, 1);
+ len = strlen(local_filter_addr_upper) +
+ strlen(local_filter_addr_lower) + 2;
local_filter = calloc(len, sizeof(char));
if (!local_filter) {
log_error("policy_callback: "
@@ -1396,8 +1396,8 @@ policy_callback(char *name)
case IPSEC_ID_IPV6_ADDR:
local_filter_type = "IPv6 address";
my_inet_ntop6(idlocal + ISAKMP_ID_DATA_OFF,
- local_filter_addr_upper,
- sizeof local_filter_addr_upper - 1);
+ local_filter_addr_upper,
+ sizeof local_filter_addr_upper - 1);
strlcpy(local_filter_addr_lower,
local_filter_addr_upper,
sizeof local_filter_addr_lower);
@@ -1414,8 +1414,8 @@ policy_callback(char *name)
local_filter_type = "IPv6 range";
my_inet_ntop6(idlocal + ISAKMP_ID_DATA_OFF,
- local_filter_addr_lower,
- sizeof local_filter_addr_lower - 1);
+ local_filter_addr_lower,
+ sizeof local_filter_addr_lower - 1);
my_inet_ntop6(idlocal + ISAKMP_ID_DATA_OFF +
16, local_filter_addr_upper,
@@ -1499,8 +1499,7 @@ policy_callback(char *name)
memcpy(local_filter,
idlocal + ISAKMP_ID_DATA_OFF,
idlocalsz - ISAKMP_ID_DATA_OFF);
- local_filter[idlocalsz - ISAKMP_ID_DATA_OFF]
- = '\0';
+ local_filter[idlocalsz - ISAKMP_ID_DATA_OFF] = '\0';
break;
case IPSEC_ID_USER_FQDN:
@@ -1517,8 +1516,7 @@ policy_callback(char *name)
memcpy(local_filter,
idlocal + ISAKMP_ID_DATA_OFF,
idlocalsz - ISAKMP_ID_DATA_OFF);
- local_filter[idlocalsz - ISAKMP_ID_DATA_OFF]
- = '\0';
+ local_filter[idlocalsz - ISAKMP_ID_DATA_OFF] = '\0';
break;
case IPSEC_ID_DER_ASN1_DN:
@@ -1549,7 +1547,7 @@ policy_callback(char *name)
log_error("policy_callback: "
"calloc (%lu, %lu) failed",
2 * ((unsigned long)idlocalsz -
- ISAKMP_ID_DATA_OFF) + 1,
+ ISAKMP_ID_DATA_OFF) + 1,
(unsigned long)sizeof(char));
goto bad;
}
@@ -1558,7 +1556,7 @@ policy_callback(char *name)
* characters ?
*/
for (i = 0;
- i < idlocalsz - ISAKMP_ID_DATA_OFF; i++)
+ i < idlocalsz - ISAKMP_ID_DATA_OFF; i++)
if (!isprint(*(idlocal +
ISAKMP_ID_DATA_OFF + i)))
break;
@@ -1570,13 +1568,13 @@ policy_callback(char *name)
}
/* Non-printable characters, convert to hex */
for (i = 0;
- i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) {
- local_filter[2 * i]
- = hextab[*(idlocal +
- ISAKMP_ID_DATA_OFF) >> 4];
- local_filter[2 * i + 1]
- = hextab[*(idlocal +
- ISAKMP_ID_DATA_OFF) & 0xF];
+ i < idlocalsz - ISAKMP_ID_DATA_OFF; i++) {
+ local_filter[2 * i] =
+ hextab[*(idlocal +
+ ISAKMP_ID_DATA_OFF) >> 4];
+ local_filter[2 * i + 1] =
+ hextab[*(idlocal +
+ ISAKMP_ID_DATA_OFF) & 0xF];
}
break;
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index ebc1b2e811e..0ac7b554bc1 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.90 2005/02/27 13:12:12 hshoexer Exp $ */
+/* $OpenBSD: sa.c,v 1.91 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -976,9 +976,9 @@ sa_add_transform(struct sa *sa, struct payload *xf, int initiator,
* selected proposal to make this lookup easier. Most vendors
* follow this. One noted exception is the CiscoPIX (and
* perhaps other Cisco products).
- *
+ *
* We start by matching on the proposal number, as before.
- */
+ */
for (proto = TAILQ_FIRST(&sa->protos);
proto && proto->no != GET_ISAKMP_PROP_NO(prop->p);
proto = TAILQ_NEXT(proto, link))
@@ -986,13 +986,12 @@ sa_add_transform(struct sa *sa, struct payload *xf, int initiator,
/*
* If we did not find a match, search through all proposals
* and xforms.
- */
+ */
if (!proto || sa_validate_proto_xf(proto, xf, sa->phase) != 0)
for (proto = TAILQ_FIRST(&sa->protos);
- proto && sa_validate_proto_xf(proto, xf,
- sa->phase) != 0;
- proto = TAILQ_NEXT(proto, link))
- ;
+ proto && sa_validate_proto_xf(proto, xf, sa->phase) != 0;
+ proto = TAILQ_NEXT(proto, link))
+ ;
}
if (!proto)
return -1;
@@ -1100,7 +1099,7 @@ sa_soft_expire(void *v_sa)
/*
* Start to watch the use of this SA, so a renegotiation can
* happen as soon as it is shown to be alive.
- */
+ */
sa->flags |= SA_FLAG_FADING;
}
diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h
index 9d5590027e7..d86123e357b 100644
--- a/sbin/isakmpd/sa.h
+++ b/sbin/isakmpd/sa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.h,v 1.43 2005/03/04 16:20:07 hshoexer Exp $ */
+/* $OpenBSD: sa.h,v 1.44 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */
/*
@@ -289,7 +289,7 @@ struct sa_kinfo {
u_int64_t exp_timeout;
u_int64_t soft_timeout;
-
+
u_int64_t first_use;
u_int64_t established;
u_int64_t soft_first_use;
diff --git a/sbin/isakmpd/transport.c b/sbin/isakmpd/transport.c
index 023e819f37c..49706b5fe1a 100644
--- a/sbin/isakmpd/transport.c
+++ b/sbin/isakmpd/transport.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: transport.c,v 1.30 2004/08/08 19:11:06 deraadt Exp $ */
+/* $OpenBSD: transport.c,v 1.31 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: transport.c,v 1.43 2000/10/10 12:36:39 provos Exp $ */
/*
@@ -58,7 +58,7 @@ transport_reinit(void)
struct transport_vtbl *method;
for (method = LIST_FIRST(&transport_method_list); method;
- method = LIST_NEXT(method, link))
+ method = LIST_NEXT(method, link))
if (method->reinit)
method->reinit();
}
@@ -127,8 +127,8 @@ transport_report(void)
for (t = LIST_FIRST(&transport_list); t; t = LIST_NEXT(t, link)) {
LOG_DBG((LOG_REPORT, 0,
- "transport_report: transport %p flags %x refcnt %d", t,
- t->flags, t->refcnt));
+ "transport_report: transport %p flags %x refcnt %d", t,
+ t->flags, t->refcnt));
/* XXX Report sth on the virtual transport? */
t->vtbl->report(t);
@@ -141,12 +141,12 @@ transport_report(void)
if ((v->encap_is_active && v->encap == t) ||
(!v->encap_is_active && v->main == t)) {
for (msg = TAILQ_FIRST(&t->virtual->prio_sendq); msg;
- msg = TAILQ_NEXT(msg, link))
+ msg = TAILQ_NEXT(msg, link))
message_dump_raw("udp_report(prio)", msg,
LOG_REPORT);
for (msg = TAILQ_FIRST(&t->virtual->sendq); msg;
- msg = TAILQ_NEXT(msg, link))
+ msg = TAILQ_NEXT(msg, link))
message_dump_raw("udp_report", msg,
LOG_REPORT);
}
@@ -302,7 +302,7 @@ transport_send_messages(fd_set * fds)
* We disregard the potential error message here,
* hoping that the retransmit will go better.
* XXX Consider a retry/fatal error discriminator.
- */
+ */
t->virtual->vtbl->send_message(msg, 0);
msg->xmits++;
@@ -310,16 +310,15 @@ transport_send_messages(fd_set * fds)
* This piece of code has been proven to be quite
* delicate. Think twice for before altering.
* Here's an outline:
- *
+ *
* If this message is not the one which finishes an
* exchange, check if we have reached the number of
* retransmit before queuing it up for another.
- *
+ *
* If it is a finishing message we still may have to
* keep it around for an on-demand retransmit when
* seeing a duplicate of our peer's previous message.
- *
- */
+ */
if ((msg->flags & MSG_LAST) == 0) {
if (msg->xmits > conf_get_num("General",
"retransmits", RETRANSMIT_DEFAULT)) {
@@ -357,7 +356,7 @@ transport_send_messages(fd_set * fds)
/*
* XXX Calculate from round trip
* timings and a backoff func.
- */
+ */
expiry = msg->xmits * 2 + 5;
expiration.tv_sec += expiry;
LOG_DBG((LOG_TRANSPORT, 30,
@@ -388,7 +387,7 @@ transport_send_messages(fd_set * fds)
* after the post-send function. But as the post-send
* function may remove the exchange, we need to
* remember this fact here.
- */
+ */
ok_to_drop_message = exchange->last_sent == 0;
/*
@@ -398,7 +397,7 @@ transport_send_messages(fd_set * fds)
* the job. Note that a post-send function may take
* away the exchange we belong to, but only if no
* retransmits are possible.
- */
+ */
if (msg->xmits == 1)
message_post_send(msg);
@@ -424,7 +423,7 @@ transport_create(char *name, char *addr)
struct transport_vtbl *method;
for (method = LIST_FIRST(&transport_method_list); method;
- method = LIST_NEXT(method, link))
+ method = LIST_NEXT(method, link))
if (strcmp(method->name, name) == 0)
return (*method->create) (addr);
return 0;
diff --git a/sbin/isakmpd/udp.c b/sbin/isakmpd/udp.c
index c0dd30f22be..75b27510b7a 100644
--- a/sbin/isakmpd/udp.c
+++ b/sbin/isakmpd/udp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp.c,v 1.84 2005/03/05 12:21:34 ho Exp $ */
+/* $OpenBSD: udp.c,v 1.85 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $ */
/*
@@ -316,10 +316,9 @@ udp_create(char *name)
if (addr_list) {
for (addr_node = TAILQ_FIRST(&addr_list->fields);
- addr_node; addr_node = TAILQ_NEXT(addr_node, link))
+ addr_node; addr_node = TAILQ_NEXT(addr_node, link))
if (text2sockaddr(addr_node->field,
- port_str, &addr, 0, 0)
- == 0) {
+ port_str, &addr, 0, 0) == 0) {
v = virtual_listen_lookup(addr);
free(addr);
if (v) {
@@ -428,7 +427,7 @@ udp_handle_message(struct transport *t)
/*
* Make a specialized UDP transport structure out of the incoming
* transport and the address information we got from recvfrom(2).
- */
+ */
t = t->virtual->vtbl->clone(t->virtual, (struct sockaddr *)&from);
if (!t)
return;
@@ -454,7 +453,7 @@ udp_send_message(struct message *msg, struct transport *t)
/*
* Sending on connected sockets requires that no destination address is
* given, or else EISCONN will occur.
- */
+ */
m.msg_name = (caddr_t) u->dst;
m.msg_namelen = sysdep_sa_len(u->dst);
m.msg_iov = msg->iov;
diff --git a/sbin/isakmpd/udp_encap.c b/sbin/isakmpd/udp_encap.c
index 806484e3fc9..4385af323e3 100644
--- a/sbin/isakmpd/udp_encap.c
+++ b/sbin/isakmpd/udp_encap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_encap.c,v 1.12 2005/03/05 12:21:35 ho Exp $ */
+/* $OpenBSD: udp_encap.c,v 1.13 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 1998, 1999, 2001 Niklas Hallqvist. All rights reserved.
@@ -277,7 +277,7 @@ udp_encap_create(char *name)
if (addr_list) {
for (addr_node = TAILQ_FIRST(&addr_list->fields);
- addr_node; addr_node = TAILQ_NEXT(addr_node, link))
+ addr_node; addr_node = TAILQ_NEXT(addr_node, link))
if (text2sockaddr(addr_node->field, port_str,
&addr, 0, 0) == 0) {
v = virtual_listen_lookup(addr);
diff --git a/sbin/isakmpd/ui.c b/sbin/isakmpd/ui.c
index 71678731cf1..33fb7546f61 100644
--- a/sbin/isakmpd/ui.c
+++ b/sbin/isakmpd/ui.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui.c,v 1.42 2004/08/08 19:11:06 deraadt Exp $ */
+/* $OpenBSD: ui.c,v 1.43 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: ui.c,v 1.43 2000/10/05 09:25:12 niklas Exp $ */
/*
@@ -324,7 +324,6 @@ ui_debug(char *cmd)
}
}
log_print("ui_debug: command \"%s\" malformed", cmd);
- return;
}
static void
@@ -505,7 +504,7 @@ ui_handler(void)
/*
* When we find a newline, cut off the line and feed it to the
* command processor. Then move the rest up-front.
- */
+ */
if (*p == '\n') {
*p = '\0';
ui_handle_command(buf);
diff --git a/sbin/isakmpd/util.c b/sbin/isakmpd/util.c
index d621f9b61ba..4b8c40951bc 100644
--- a/sbin/isakmpd/util.c
+++ b/sbin/isakmpd/util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: util.c,v 1.52 2005/03/10 21:39:21 hshoexer Exp $ */
+/* $OpenBSD: util.c,v 1.53 2005/04/04 19:31:11 deraadt Exp $ */
/* $EOM: util.c,v 1.23 2000/11/23 12:22:08 niklas Exp $ */
/*
@@ -265,7 +265,7 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af,
*/
if (!strcmp(address, "default")) {
fd = socket(PF_ROUTE, SOCK_RAW, af);
-
+
bzero(buf, sizeof(buf));
rtm = (struct rt_msghdr *)buf;
@@ -273,7 +273,7 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af,
rtm->rtm_type = RTM_GET;
rtm->rtm_flags = RTF_UP;
rtm->rtm_addrs = RTA_DST;
- rtm->rtm_seq = seq = arc4random();
+ rtm->rtm_seq = seq = arc4random();
/* default destination */
sa2 = (struct sockaddr *)(rtm + 1);
@@ -327,10 +327,10 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af,
np = if_indextoname(rtm->rtm_index, ifname);
if (np == NULL)
return (-1);
- }
+ }
}
#endif /* USE_DEFAULT_ROUTE */
-
+
if (getifaddrs(&ifap) != 0)
return (-1);
@@ -339,18 +339,18 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af,
case AF_INET:
for (ifa = ifap; ifa; ifa = ifa->ifa_next)
if (!strcmp(ifa->ifa_name, np) &&
- ifa->ifa_addr != NULL &&
+ ifa->ifa_addr != NULL &&
ifa->ifa_addr->sa_family == AF_INET)
break;
break;
case AF_INET6:
for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
if (!strcmp(ifa->ifa_name, np) &&
- ifa->ifa_addr != NULL &&
+ ifa->ifa_addr != NULL &&
ifa->ifa_addr->sa_family == AF_INET6) {
if (IN6_IS_ADDR_LINKLOCAL(
&((struct sockaddr_in6 *)
- ifa->ifa_addr)->sin6_addr) &&
+ ifa->ifa_addr)->sin6_addr) &&
llifa == NULL)
llifa = ifa;
else
@@ -362,12 +362,11 @@ text2sockaddr(char *address, char *port, struct sockaddr **sa, sa_family_t af,
}
break;
}
-
+
if (ifa) {
if (netmask)
memcpy(&tmp_sas, ifa->ifa_netmask,
sysdep_sa_len(ifa->ifa_netmask));
-
else
memcpy(&tmp_sas, ifa->ifa_addr,
sysdep_sa_len(ifa->ifa_addr));
diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c
index 714a81c22f9..7653a3817b9 100644
--- a/sbin/isakmpd/virtual.c
+++ b/sbin/isakmpd/virtual.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: virtual.c,v 1.13 2005/03/05 12:21:35 ho Exp $ */
+/* $OpenBSD: virtual.c,v 1.14 2005/04/04 19:31:11 deraadt Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -136,8 +136,6 @@ virtual_init(void)
(struct virtual_transport *)default_transport6, link);
transport_reference(default_transport6);
}
-
- return;
}
struct virtual_transport *
@@ -601,7 +599,6 @@ virtual_remove(struct transport *t)
static void
virtual_report(struct transport *t)
{
- return;
}
static void