summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/conf.c6
-rw-r--r--sbin/isakmpd/exchange.c34
-rw-r--r--sbin/isakmpd/ike_quick_mode.c6
-rw-r--r--sbin/isakmpd/ipsec.c96
-rw-r--r--sbin/isakmpd/isakmp_cfg.c6
-rw-r--r--sbin/isakmpd/math_2n.c10
-rw-r--r--sbin/isakmpd/math_ec2n.c6
-rw-r--r--sbin/isakmpd/message.c97
-rw-r--r--sbin/isakmpd/pf_key_v2.c90
-rw-r--r--sbin/isakmpd/policy.c6
-rw-r--r--sbin/isakmpd/sa.c11
-rw-r--r--sbin/isakmpd/virtual.c30
12 files changed, 189 insertions, 209 deletions
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index ecde75a2773..9506f4bb7dc 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.78 2005/04/05 20:46:20 cloder Exp $ */
+/* $OpenBSD: conf.c,v 1.79 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -137,8 +137,8 @@ conf_remove_now(char *section, char *tag)
for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb;
cb = next) {
next = LIST_NEXT(cb, link);
- if (strcasecmp(cb->section, section) == 0
- && strcasecmp(cb->tag, tag) == 0) {
+ if (strcasecmp(cb->section, section) == 0 &&
+ strcasecmp(cb->tag, tag) == 0) {
LIST_REMOVE(cb, link);
LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section,
tag, cb->value));
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 3749c1d72a3..25a32058dbf 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.112 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: exchange.c,v 1.113 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -190,11 +190,7 @@ exchange_script(struct exchange *exchange)
return script_transaction;
#endif
default:
- if (exchange->type >= ISAKMP_EXCH_DOI_MIN
-#if 0 /* always true; silence GCC3 warning */
- && exchange->type <= ISAKMP_EXCH_DOI_MAX
-#endif
- )
+ if (exchange->type >= ISAKMP_EXCH_DOI_MIN)
return exchange->doi->exchange_script(exchange->type);
}
return 0;
@@ -219,15 +215,15 @@ exchange_validate(struct message *msg)
: constant_name(exchange_script_cst, *pc)));
/* Check for existence of the required payloads. */
- if ((*pc > 0 && !payload_first(msg, *pc))
- || (*pc == EXCHANGE_SCRIPT_AUTH
- && !payload_first(msg, ISAKMP_PAYLOAD_HASH)
- && !payload_first(msg, ISAKMP_PAYLOAD_SIG))
- || (*pc == EXCHANGE_SCRIPT_INFO
- && ((!payload_first(msg, ISAKMP_PAYLOAD_NOTIFY)
- && !payload_first(msg, ISAKMP_PAYLOAD_DELETE))
- || (payload_first(msg, ISAKMP_PAYLOAD_DELETE)
- && !payload_first(msg, ISAKMP_PAYLOAD_HASH))))) {
+ if ((*pc > 0 && !payload_first(msg, *pc)) ||
+ (*pc == EXCHANGE_SCRIPT_AUTH &&
+ !payload_first(msg, ISAKMP_PAYLOAD_HASH) &&
+ !payload_first(msg, ISAKMP_PAYLOAD_SIG)) ||
+ (*pc == EXCHANGE_SCRIPT_INFO &&
+ ((!payload_first(msg, ISAKMP_PAYLOAD_NOTIFY) &&
+ !payload_first(msg, ISAKMP_PAYLOAD_DELETE)) ||
+ (payload_first(msg, ISAKMP_PAYLOAD_DELETE) &&
+ !payload_first(msg, ISAKMP_PAYLOAD_HASH))))) {
/* Missing payload. */
LOG_DBG((LOG_MESSAGE, 70,
"exchange_validate: msg %p requires missing %s",
@@ -410,8 +406,8 @@ exchange_run(struct message *msg)
"exchange_run: exchange %p finished step %d, advancing...",
exchange, exchange->step));
exchange->step++;
- while (*exchange->exch_pc != EXCHANGE_SCRIPT_SWITCH
- && *exchange->exch_pc != EXCHANGE_SCRIPT_END)
+ while (*exchange->exch_pc != EXCHANGE_SCRIPT_SWITCH &&
+ *exchange->exch_pc != EXCHANGE_SCRIPT_END)
exchange->exch_pc++;
exchange->exch_pc++;
}
@@ -853,8 +849,8 @@ exchange_establish_p1(struct transport *t, u_int8_t type, u_int32_t doi,
msg->exchange = exchange;
/* Do not create SA for an information or transaction exchange. */
- if (exchange->type != ISAKMP_EXCH_INFO
- && exchange->type != ISAKMP_EXCH_TRANSACTION) {
+ if (exchange->type != ISAKMP_EXCH_INFO &&
+ exchange->type != ISAKMP_EXCH_TRANSACTION) {
/*
* Don't install a transport into this SA as it will be an
* INADDR_ANY address in the local end, which is not good at
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index caf26fe81a6..09ce2fab9c8 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.92 2005/04/05 20:46:20 cloder Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.93 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -1648,8 +1648,8 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
*/
ipsec_decode_transform(msg, sa, proto,
proto->chosen->p);
- if (proto->proto == IPSEC_PROTO_IPSEC_AH
- && !((struct ipsec_proto *)proto->data)->auth) {
+ if (proto->proto == IPSEC_PROTO_IPSEC_AH &&
+ !((struct ipsec_proto *)proto->data)->auth) {
log_print("responder_recv_HASH_SA_NONCE: "
"AH proposed without an algorithm "
"attribute");
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index a5a9c2b1f14..b1ca3a09050 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.111 2005/04/05 20:46:20 cloder Exp $ */
+/* $OpenBSD: ipsec.c,v 1.112 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@@ -426,9 +426,9 @@ ipsec_finalize_exchange(struct message *msg)
* (a.k.a. flow) set up.
*/
if (!(sa->flags & SA_FLAG_ONDEMAND ||
- conf_get_str("General", "Acquire-Only")
- || acquire_only)
- && sysdep_ipsec_enable_sa(sa, isakmp_sa))
+ conf_get_str("General", "Acquire-Only") ||
+ acquire_only) &&
+ sysdep_ipsec_enable_sa(sa, isakmp_sa))
/* XXX Tear down this exchange. */
return;
@@ -782,12 +782,11 @@ ipsec_validate_attribute(u_int16_t type, u_int8_t * value, u_int16_t len,
{
struct message *msg = vmsg;
- if ((msg->exchange->phase == 1
- && (type < IKE_ATTR_ENCRYPTION_ALGORITHM
- || type > IKE_ATTR_GROUP_ORDER))
- || (msg->exchange->phase == 2
- && (type < IPSEC_ATTR_SA_LIFE_TYPE
- || type > IPSEC_ATTR_ECN_TUNNEL)))
+ if (msg->exchange->phase == 1 &&
+ (type < IKE_ATTR_ENCRYPTION_ALGORITHM || type > IKE_ATTR_GROUP_ORDER))
+ return -1;
+ if (msg->exchange->phase == 2 &&
+ (type < IPSEC_ATTR_SA_LIFE_TYPE || type > IPSEC_ATTR_ECN_TUNNEL))
return -1;
return 0;
}
@@ -840,9 +839,9 @@ ipsec_validate_id_information(u_int8_t type, u_int8_t *extra, u_int8_t *buf,
break;
}
- if (exchange->phase == 1
- && (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT)
- && (proto != 0 || port != 0)) {
+ if (exchange->phase == 1 &&
+ (proto != IPPROTO_UDP || port != UDP_DEFAULT_PORT) &&
+ (proto != 0 || port != 0)) {
/*
* XXX SSH's ISAKMP tester fails this test (proto 17 - port
* 0).
@@ -930,13 +929,11 @@ ipsec_initiator(struct message *msg)
int (**script)(struct message *) = 0;
/* Check that the SA is coherent with the IKE rules. */
- if (exchange->type != ISAKMP_EXCH_TRANSACTION
- && ((exchange->phase == 1 &&
- exchange->type != ISAKMP_EXCH_ID_PROT &&
+ if (exchange->type != ISAKMP_EXCH_TRANSACTION &&
+ ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT &&
exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
- exchange->type != ISAKMP_EXCH_INFO)
- || (exchange->phase == 2 &&
- exchange->type != IKE_EXCH_QUICK_MODE &&
+ exchange->type != ISAKMP_EXCH_INFO) ||
+ (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE &&
exchange->type != ISAKMP_EXCH_INFO))) {
log_print("ipsec_initiator: unsupported exchange type %d "
"in phase %d", exchange->type, exchange->phase);
@@ -1027,14 +1024,12 @@ ipsec_responder(struct message *msg)
u_int16_t type;
/* Check that a new exchange is coherent with the IKE rules. */
- if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION
- && ((exchange->phase == 1 &&
- exchange->type != ISAKMP_EXCH_ID_PROT &&
- exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
- exchange->type != ISAKMP_EXCH_INFO)
- || (exchange->phase == 2 &&
- exchange->type != IKE_EXCH_QUICK_MODE &&
- exchange->type != ISAKMP_EXCH_INFO))) {
+ if (exchange->step == 0 && exchange->type != ISAKMP_EXCH_TRANSACTION &&
+ ((exchange->phase == 1 && exchange->type != ISAKMP_EXCH_ID_PROT &&
+ exchange->type != ISAKMP_EXCH_AGGRESSIVE &&
+ exchange->type != ISAKMP_EXCH_INFO) ||
+ (exchange->phase == 2 && exchange->type != IKE_EXCH_QUICK_MODE &&
+ exchange->type != ISAKMP_EXCH_INFO))) {
message_drop(msg, ISAKMP_NOTIFY_UNSUPPORTED_EXCHANGE_TYPE,
0, 1, 0);
return -1;
@@ -1152,10 +1147,10 @@ ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
case IKE_ATTR_AUTHENTICATION_METHOD:
return !ike_auth_get(dv);
case IKE_ATTR_GROUP_DESCRIPTION:
- return (dv < IKE_GROUP_DESC_MODP_768
- || dv > IKE_GROUP_DESC_MODP_1536)
- && (dv < IKE_GROUP_DESC_MODP_2048
- || dv > IKE_GROUP_DESC_MODP_8192);
+ return (dv < IKE_GROUP_DESC_MODP_768 ||
+ dv > IKE_GROUP_DESC_MODP_1536) &&
+ (dv < IKE_GROUP_DESC_MODP_2048 ||
+ dv > IKE_GROUP_DESC_MODP_8192);
case IKE_ATTR_GROUP_TYPE:
return 1;
case IKE_ATTR_GROUP_PRIME:
@@ -1169,8 +1164,8 @@ ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
case IKE_ATTR_GROUP_CURVE_B:
return 1;
case IKE_ATTR_LIFE_TYPE:
- return dv < IKE_DURATION_SECONDS
- || dv > IKE_DURATION_KILOBYTES;
+ return dv < IKE_DURATION_SECONDS ||
+ dv > IKE_DURATION_KILOBYTES;
case IKE_ATTR_LIFE_DURATION:
return len != 2 && len != 4;
case IKE_ATTR_PRF:
@@ -1189,28 +1184,28 @@ ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
} else {
switch (type) {
case IPSEC_ATTR_SA_LIFE_TYPE:
- return dv < IPSEC_DURATION_SECONDS
- || dv > IPSEC_DURATION_KILOBYTES;
+ return dv < IPSEC_DURATION_SECONDS ||
+ dv > IPSEC_DURATION_KILOBYTES;
case IPSEC_ATTR_SA_LIFE_DURATION:
return len != 2 && len != 4;
case IPSEC_ATTR_GROUP_DESCRIPTION:
- return (dv < IKE_GROUP_DESC_MODP_768
- || dv > IKE_GROUP_DESC_MODP_1536)
- && (dv < IKE_GROUP_DESC_MODP_2048
- || IKE_GROUP_DESC_MODP_8192 < dv);
+ return (dv < IKE_GROUP_DESC_MODP_768 ||
+ dv > IKE_GROUP_DESC_MODP_1536) &&
+ (dv < IKE_GROUP_DESC_MODP_2048 ||
+ IKE_GROUP_DESC_MODP_8192 < dv);
case IPSEC_ATTR_ENCAPSULATION_MODE:
#if defined (USE_NAT_TRAVERSAL)
- return dv != IPSEC_ENCAP_TUNNEL
- && dv != IPSEC_ENCAP_TRANSPORT
- && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL
- && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT;
+ return dv != IPSEC_ENCAP_TUNNEL &&
+ dv != IPSEC_ENCAP_TRANSPORT &&
+ dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL &&
+ dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT;
#else
- return dv < IPSEC_ENCAP_TUNNEL
- || dv > IPSEC_ENCAP_TRANSPORT;
+ return dv < IPSEC_ENCAP_TUNNEL ||
+ dv > IPSEC_ENCAP_TRANSPORT;
#endif /* USE_NAT_TRAVERSAL */
case IPSEC_ATTR_AUTHENTICATION_ALGORITHM:
- return dv < IPSEC_AUTH_HMAC_MD5
- || dv > IPSEC_AUTH_HMAC_RIPEMD;
+ return dv < IPSEC_AUTH_HMAC_MD5 ||
+ dv > IPSEC_AUTH_HMAC_RIPEMD;
case IPSEC_ATTR_KEY_LENGTH:
/*
* XXX Blowfish needs '0'. Others appear to disregard
@@ -1597,10 +1592,9 @@ ipsec_handle_leftover_payload(struct message *msg, u_int8_t type,
return -1;
}
/* verify proper SPI size */
- if ((proto == ISAKMP_PROTO_ISAKMP && spisz !=
- ISAKMP_HDR_COOKIES_LEN)
- || (proto != ISAKMP_PROTO_ISAKMP && spisz !=
- sizeof(u_int32_t))) {
+ if ((proto == ISAKMP_PROTO_ISAKMP &&
+ spisz != ISAKMP_HDR_COOKIES_LEN) ||
+ (proto != ISAKMP_PROTO_ISAKMP && spisz != sizeof(u_int32_t))) {
log_print("ipsec_handle_leftover_payload: invalid SPI "
"size %d for proto %d in DELETE payload",
spisz, proto);
diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c
index e19ded0def4..01730095bda 100644
--- a/sbin/isakmpd/isakmp_cfg.c
+++ b/sbin/isakmpd/isakmp_cfg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: isakmp_cfg.c,v 1.35 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: isakmp_cfg.c,v 1.36 2005/04/06 16:00:20 deraadt Exp $ */
/*
* Copyright (c) 2001 Niklas Hallqvist. All rights reserved.
@@ -700,8 +700,8 @@ cfg_decode_attribute(u_int16_t type, u_int8_t * value, u_int16_t len,
struct ipsec_exch *ie = vie;
struct isakmp_cfg_attr *attr;
- if (type >= ISAKMP_CFG_ATTR_PRIVATE_MIN
- && type <= ISAKMP_CFG_ATTR_PRIVATE_MAX)
+ if (type >= ISAKMP_CFG_ATTR_PRIVATE_MIN &&
+ type <= ISAKMP_CFG_ATTR_PRIVATE_MAX)
return 0;
if (type == 0 || type >= ISAKMP_CFG_ATTR_FUTURE_MIN) {
LOG_DBG((LOG_NEGOTIATION, 30,
diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c
index 9f416cd5d43..db534142341 100644
--- a/sbin/isakmpd/math_2n.c
+++ b/sbin/isakmpd/math_2n.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_2n.c,v 1.18 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: math_2n.c,v 1.19 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */
/*
@@ -283,8 +283,8 @@ b2n_snprint(char *buf, size_t sz, b2n_ptr n)
tmp >>= 8;
}
- for (j = (i == 0 ? left - 1 : CHUNK_BYTES - 1); j >= 0
- && k < sz - 3; j--)
+ for (j = (i == 0 ? left - 1 : CHUNK_BYTES - 1); j >= 0 &&
+ k < sz - 3; j--)
if (flag || (i == n->chunks - 1 && j == 0) ||
buffer[2 * j] != '0' || buffer[2 * j + 1] != '0') {
buf[k++] = buffer[2 * j];
@@ -656,8 +656,8 @@ b2n_div(b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m)
/* The first iteration is done over the relevant bits */
bits = (CHUNK_MASK + sn) & CHUNK_MASK;
for (i = len; i >= 0 && b2n_sigbit(nenn) >= sm; i--)
- for (j = (i == len ? bits : CHUNK_MASK); j >= 0
- && b2n_sigbit(nenn) >= sm; j--) {
+ for (j = (i == len ? bits : CHUNK_MASK); j >= 0 &&
+ b2n_sigbit(nenn) >= sm; j--) {
if (nenn->limp[i] & b2n_mask[j]) {
if (b2n_sub(nenn, nenn, shift))
goto fail;
diff --git a/sbin/isakmpd/math_ec2n.c b/sbin/isakmpd/math_ec2n.c
index c06b37cb311..49cea129b92 100644
--- a/sbin/isakmpd/math_ec2n.c
+++ b/sbin/isakmpd/math_ec2n.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: math_ec2n.c,v 1.11 2004/05/23 18:17:56 hshoexer Exp $ */
+/* $OpenBSD: math_ec2n.c,v 1.12 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: math_ec2n.c,v 1.9 1999/04/20 09:23:31 niklas Exp $ */
/*
@@ -360,8 +360,8 @@ ec2np_mul(ec2np_ptr d, ec2np_ptr a, b2n_ptr e, ec2ng_ptr g)
& b2n_mask[j])) {
if (ec2np_add(q, q, a, g))
goto fail;
- } else if (!(h->limp[i] & b2n_mask[j])
- && (k->limp[i] & b2n_mask[j]))
+ } else if (!(h->limp[i] & b2n_mask[j]) &&
+ (k->limp[i] & b2n_mask[j]))
if (ec2np_add(q, q, mina, g))
goto fail;
}
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index d5087c2cc20..40c9462f5c0 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.99 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: message.c,v 1.100 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $ */
/*
@@ -737,10 +737,10 @@ message_validate_id(struct message *msg, struct payload *p)
message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
return -1;
}
- if (exchange->doi
- && exchange->doi->validate_id_information(GET_ISAKMP_ID_TYPE(p->p),
- p->p + ISAKMP_ID_DOI_DATA_OFF, p->p + ISAKMP_ID_DATA_OFF, len -
- ISAKMP_ID_DATA_OFF, exchange)) {
+ if (exchange->doi &&
+ exchange->doi->validate_id_information(GET_ISAKMP_ID_TYPE(p->p),
+ p->p + ISAKMP_ID_DOI_DATA_OFF, p->p + ISAKMP_ID_DATA_OFF,
+ len - ISAKMP_ID_DATA_OFF, exchange)) {
message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION, 0, 1,
1);
return -1;
@@ -880,15 +880,15 @@ message_validate_notify(struct message *msg, struct payload *p)
return -1;
}
- if (type < ISAKMP_NOTIFY_INVALID_PAYLOAD_TYPE
- || (type >= ISAKMP_NOTIFY_RESERVED_MIN
- && type < ISAKMP_NOTIFY_PRIVATE_MIN)
- || (type >= ISAKMP_NOTIFY_STATUS_RESERVED1_MIN
- && type <= ISAKMP_NOTIFY_STATUS_RESERVED1_MAX)
- || (type >= ISAKMP_NOTIFY_STATUS_DOI_MIN
- && type <= ISAKMP_NOTIFY_STATUS_DOI_MAX
- && doi->validate_notification(type))
- || type >= ISAKMP_NOTIFY_STATUS_RESERVED2_MIN) {
+ if (type < ISAKMP_NOTIFY_INVALID_PAYLOAD_TYPE ||
+ (type >= ISAKMP_NOTIFY_RESERVED_MIN &&
+ type < ISAKMP_NOTIFY_PRIVATE_MIN) ||
+ (type >= ISAKMP_NOTIFY_STATUS_RESERVED1_MIN &&
+ type <= ISAKMP_NOTIFY_STATUS_RESERVED1_MAX) ||
+ (type >= ISAKMP_NOTIFY_STATUS_DOI_MIN &&
+ type <= ISAKMP_NOTIFY_STATUS_DOI_MAX &&
+ doi->validate_notification(type)) ||
+ type >= ISAKMP_NOTIFY_STATUS_RESERVED2_MIN) {
log_print("message_validate_notify: "
"message type not supported");
message_free(msg);
@@ -912,8 +912,8 @@ message_validate_proposal(struct message *msg, struct payload *p)
message_drop(msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
return -1;
}
- if (proto != ISAKMP_PROTO_ISAKMP
- && msg->exchange->doi->validate_proto(proto)) {
+ if (proto != ISAKMP_PROTO_ISAKMP &&
+ msg->exchange->doi->validate_proto(proto)) {
message_drop(msg, ISAKMP_NOTIFY_INVALID_PROTOCOL_ID, 0, 1, 1);
return -1;
}
@@ -1235,8 +1235,8 @@ message_recv(struct message *msg)
* message. If so, just drop it.
* XXX Must we really look in both the SA and exchange pools?
*/
- if (exchange_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF)
- || sa_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF)) {
+ if (exchange_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF) ||
+ sa_lookup_from_icookie(buf + ISAKMP_HDR_ICOOKIE_OFF)) {
/*
* XXX Later we should differentiate between
* retransmissions and potential replay attacks.
@@ -1259,8 +1259,8 @@ message_recv(struct message *msg)
if (!msg->isakmp_sa) {
msg->exchange = exchange_lookup_from_icookie(buf +
ISAKMP_HDR_ICOOKIE_OFF);
- if (msg->exchange && msg->exchange->phase == 1
- && zero_test(msg->exchange->cookies +
+ if (msg->exchange && msg->exchange->phase == 1 &&
+ zero_test(msg->exchange->cookies +
ISAKMP_HDR_RCOOKIE_OFF, ISAKMP_HDR_RCOOKIE_LEN))
exchange_upgrade_p1(msg);
else {
@@ -1322,10 +1322,10 @@ message_recv(struct message *msg)
* unknown.
*/
exch_type = GET_ISAKMP_HDR_EXCH_TYPE(buf);
- if (exch_type == ISAKMP_EXCH_NONE
- || (exch_type >= ISAKMP_EXCH_FUTURE_MIN &&
- exch_type <= ISAKMP_EXCH_FUTURE_MAX)
- || (setup_isakmp_sa && exch_type >= ISAKMP_EXCH_DOI_MIN)) {
+ if (exch_type == ISAKMP_EXCH_NONE ||
+ (exch_type >= ISAKMP_EXCH_FUTURE_MIN &&
+ exch_type <= ISAKMP_EXCH_FUTURE_MAX) ||
+ (setup_isakmp_sa && exch_type >= ISAKMP_EXCH_DOI_MIN)) {
log_print("message_recv: invalid exchange type %s",
constant_name(isakmp_exch_cst, exch_type));
message_drop(msg, ISAKMP_NOTIFY_INVALID_EXCHANGE_TYPE, 0, 1,
@@ -1404,8 +1404,8 @@ message_recv(struct message *msg)
* Check the overall payload structure at the same time as indexing
* them by type.
*/
- if (GET_ISAKMP_HDR_NEXT_PAYLOAD(buf) != ISAKMP_PAYLOAD_NONE
- && message_sort_payloads(msg, GET_ISAKMP_HDR_NEXT_PAYLOAD(buf))) {
+ if (GET_ISAKMP_HDR_NEXT_PAYLOAD(buf) != ISAKMP_PAYLOAD_NONE &&
+ message_sort_payloads(msg, GET_ISAKMP_HDR_NEXT_PAYLOAD(buf))) {
if (ks)
free(ks);
return -1;
@@ -1449,11 +1449,8 @@ message_recv(struct message *msg)
* Now we can validate DOI-specific exchange types. If we have no SA
* DOI-specific exchange types are definitely wrong.
*/
- if (exch_type >= ISAKMP_EXCH_DOI_MIN
-#if 0 /* always true; silence GCC3 warning */
- && exch_type <= ISAKMP_EXCH_DOI_MAX
-#endif
- && msg->exchange->doi->validate_exchange(exch_type)) {
+ if (exch_type >= ISAKMP_EXCH_DOI_MIN &&
+ msg->exchange->doi->validate_exchange(exch_type)) {
log_print("message_recv: invalid DOI exchange type %d",
exch_type);
message_drop(msg, ISAKMP_NOTIFY_INVALID_EXCHANGE_TYPE, 0, 1,
@@ -1473,8 +1470,8 @@ message_recv(struct message *msg)
/* Handle the flags. */
if (flags & ISAKMP_FLAGS_ENC)
msg->exchange->flags |= EXCHANGE_FLAG_ENCRYPT;
- if ((msg->exchange->flags & EXCHANGE_FLAG_COMMITTED) == 0
- && (flags & ISAKMP_FLAGS_COMMIT))
+ if ((msg->exchange->flags & EXCHANGE_FLAG_COMMITTED) == 0 &&
+ (flags & ISAKMP_FLAGS_COMMIT))
msg->exchange->flags |= EXCHANGE_FLAG_HE_COMMITTED;
/*
@@ -1525,8 +1522,8 @@ message_send(struct message *msg)
* If the ISAKMP SA has set up encryption, encrypt the message.
* However, in a retransmit, it is already encrypted.
*/
- if ((msg->flags & MSG_ENCRYPTED) == 0
- && exchange->flags & EXCHANGE_FLAG_ENCRYPT) {
+ if ((msg->flags & MSG_ENCRYPTED) == 0 &&
+ exchange->flags & EXCHANGE_FLAG_ENCRYPT) {
if (!exchange->keystate) {
exchange->keystate = exchange->doi->get_keystate(msg);
if (!exchange->keystate)
@@ -2022,8 +2019,8 @@ message_check_duplicate(struct message *msg)
exchange->last_received->orig,
exchange->last_received->orig_sz));
/* Is it a duplicate, lose the new one. */
- if (sz == exchange->last_received->orig_sz
- && memcmp(pkt, exchange->last_received->orig, sz) == 0) {
+ if (sz == exchange->last_received->orig_sz &&
+ memcmp(pkt, exchange->last_received->orig, sz) == 0) {
LOG_DBG((LOG_MESSAGE, 80,
"message_check_duplicate: dropping dup"));
@@ -2141,9 +2138,9 @@ retry_transform:
* Figure out if we will be looking at a new protocol proposal
* inside the current protection suite.
*/
- if (next_tp && propp != next_propp && sap == next_sap
- && (GET_ISAKMP_PROP_NO(propp->p)
- == GET_ISAKMP_PROP_NO(next_propp->p))) {
+ if (next_tp && propp != next_propp && sap == next_sap &&
+ (GET_ISAKMP_PROP_NO(propp->p) ==
+ GET_ISAKMP_PROP_NO(next_propp->p))) {
if (!suite_ok_so_far) {
LOG_DBG((LOG_NEGOTIATION, 30,
"message_negotiate_sa: proto %d proposal "
@@ -2163,10 +2160,10 @@ retry_transform:
* protection suite.
*/
while ((next_tp = step_transform(tp,
- &next_propp, &next_sap))
- && (GET_ISAKMP_PROP_NO(next_propp->p)
- == GET_ISAKMP_PROP_NO(propp->p))
- && next_sap == sap)
+ &next_propp, &next_sap)) &&
+ (GET_ISAKMP_PROP_NO(next_propp->p) ==
+ GET_ISAKMP_PROP_NO(propp->p)) &&
+ next_sap == sap)
tp = next_tp;
}
suite_ok_so_far = 0;
@@ -2175,10 +2172,10 @@ retry_transform:
* Figure out if we will be looking at a new protection
* suite.
*/
- if (!next_tp
- || (propp != next_propp && (GET_ISAKMP_PROP_NO(propp->p)
- != GET_ISAKMP_PROP_NO(next_propp->p)))
- || sap != next_sap) {
+ if (!next_tp ||
+ (propp != next_propp && (GET_ISAKMP_PROP_NO(propp->p) !=
+ GET_ISAKMP_PROP_NO(next_propp->p))) ||
+ sap != next_sap) {
/*
* Check if the suite we just considered was OK, if so
* we check it against the accepted ones.
@@ -2196,8 +2193,8 @@ retry_transform:
* SA.
*/
while ((next_tp = step_transform(tp,
- &next_propp, &next_sap))
- && next_sap == sap)
+ &next_propp, &next_sap)) &&
+ next_sap == sap)
tp = next_tp;
} else {
/* Backtrack. */
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index a2851817f9e..7c99d8ed63a 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.157 2005/04/05 20:46:20 cloder Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.158 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -3422,8 +3422,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
masklen = atoi(srcid + 1);
/* XXX We only support host addresses. */
- if ((afamily == AF_INET6 && masklen != 128)
- || (afamily == AF_INET && masklen != 32)) {
+ if ((afamily == AF_INET6 && masklen != 128) ||
+ (afamily == AF_INET && masklen != 32)) {
log_print("pf_key_v2_acquire: "
"non-host address specified in source "
"identity (mask length %d), ignoring "
@@ -3451,10 +3451,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
if (!conf_get_str(srcid, "ID-type")) {
if (conf_set(af, srcid, "ID-type",
afamily == AF_INET ? "IPV4_ADDR" :
- "IPV6_ADDR", 1, 0)
- || conf_set(af, srcid, "Refcount", "1", 1,
- 0)
- || conf_set(af, srcid, "Address",
+ "IPV6_ADDR", 1, 0) ||
+ conf_set(af, srcid, "Refcount", "1", 1, 0) ||
+ conf_set(af, srcid, "Address",
(char *) (srcident + 1), 1, 0)) {
conf_end(af, 0);
goto fail;
@@ -3534,10 +3533,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
af = conf_begin();
if (!conf_get_str(srcid, "ID-type")) {
if (conf_set(af, srcid, "ID-type", prefstring,
- 1, 0)
- || conf_set(af, srcid, "Refcount", "1", 1,
- 0)
- || conf_set(af, srcid, "Name",
+ 1, 0) ||
+ conf_set(af, srcid, "Refcount", "1", 1, 0) ||
+ conf_set(af, srcid, "Name",
srcid + sizeof "ID:/" - 1 +
strlen(prefstring), 1, 0)) {
conf_end(af, 0);
@@ -3589,8 +3587,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
masklen = atoi(dstid + 1);
/* XXX We only support host addresses. */
- if ((afamily == AF_INET6 && masklen != 128)
- || (afamily == AF_INET && masklen != 32)) {
+ if ((afamily == AF_INET6 && masklen != 128) ||
+ (afamily == AF_INET && masklen != 32)) {
log_print("pf_key_v2_acquire: "
"non-host address specified in "
"destination identity (mask length %d), "
@@ -3618,10 +3616,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
if (!conf_get_str(dstid, "ID-type")) {
if (conf_set(af, dstid, "ID-type",
afamily == AF_INET ? "IPV4_ADDR" :
- "IPV6_ADDR", 1, 0)
- || conf_set(af, dstid, "Refcount", "1", 1,
- 0)
- || conf_set(af, dstid, "Address",
+ "IPV6_ADDR", 1, 0) ||
+ conf_set(af, dstid, "Refcount", "1", 1, 0) ||
+ conf_set(af, dstid, "Address",
(char *) (dstident + 1), 1, 0)) {
conf_end(af, 0);
goto fail;
@@ -3701,10 +3698,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
af = conf_begin();
if (!conf_get_str(dstid, "ID-type")) {
if (conf_set(af, dstid, "ID-type", prefstring,
- 1, 0)
- || conf_set(af, dstid, "Refcount", "1", 1,
- 0)
- || conf_set(af, dstid, "Name",
+ 1, 0) ||
+ conf_set(af, dstid, "Refcount", "1", 1, 0) ||
+ conf_set(af, dstid, "Name",
dstid + sizeof "ID:/" - 1 +
strlen(prefstring), 1, 0)) {
conf_end(af, 0);
@@ -3735,8 +3731,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
connection_seq);
/* Does it exist ? */
- if (!conf_get_str(conn, "Phase")
- && !conf_get_str(configname, "Suites"))
+ if (!conf_get_str(conn, "Phase") &&
+ !conf_get_str(configname, "Suites"))
break;
}
@@ -3786,10 +3782,10 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
* it will be linked both to the incoming and the outgoing SA.
*/
af = conf_begin();
- if (conf_set(af, conn, "Phase", "2", 0, 0)
- || conf_set(af, conn, "Flags", "__ondemand", 0, 0)
- || conf_set(af, conn, "Refcount", "2", 0, 0)
- || conf_set(af, conn, "ISAKMP-peer", peer, 0, 0)) {
+ if (conf_set(af, conn, "Phase", "2", 0, 0) ||
+ conf_set(af, conn, "Flags", "__ondemand", 0, 0) ||
+ conf_set(af, conn, "Refcount", "2", 0, 0) ||
+ conf_set(af, conn, "ISAKMP-peer", peer, 0, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3812,15 +3808,15 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
goto fail;
}
if (shostflag) {
- if (conf_set(af, lname, "ID-type", sidtype, 0, 0)
- || conf_set(af, lname, "Address", ssflow, 0, 0)) {
+ if (conf_set(af, lname, "ID-type", sidtype, 0, 0) ||
+ conf_set(af, lname, "Address", ssflow, 0, 0)) {
conf_end(af, 0);
goto fail;
}
} else {
- if (conf_set(af, lname, "ID-type", sidtype, 0, 0)
- || conf_set(af, lname, "Network", ssflow, 0, 0)
- || conf_set(af, lname, "Netmask", ssmask, 0, 0)) {
+ if (conf_set(af, lname, "ID-type", sidtype, 0, 0) ||
+ conf_set(af, lname, "Network", ssflow, 0, 0) ||
+ conf_set(af, lname, "Netmask", ssmask, 0, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3856,15 +3852,15 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
goto fail;
}
if (dhostflag) {
- if (conf_set(af, dname, "ID-type", didtype, 0, 0)
- || conf_set(af, dname, "Address", sdflow, 0, 0)) {
+ if (conf_set(af, dname, "ID-type", didtype, 0, 0) ||
+ conf_set(af, dname, "Address", sdflow, 0, 0)) {
conf_end(af, 0);
goto fail;
}
} else {
- if (conf_set(af, dname, "ID-type", didtype, 0, 0)
- || conf_set(af, dname, "Network", sdflow, 0, 0)
- || conf_set(af, dname, "Netmask", sdmask, 0, 0)) {
+ if (conf_set(af, dname, "ID-type", didtype, 0, 0) ||
+ conf_set(af, dname, "Network", sdflow, 0, 0) ||
+ conf_set(af, dname, "Netmask", sdmask, 0, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3899,8 +3895,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
conf_end(af, 0);
goto fail;
}
- if (conf_set(af, configname, "Exchange_type", "Quick_mode", 0, 0)
- || conf_set(af, configname, "DOI", "IPSEC", 0, 0)) {
+ if (conf_set(af, configname, "Exchange_type", "Quick_mode", 0, 0) ||
+ conf_set(af, configname, "DOI", "IPSEC", 0, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3920,9 +3916,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
/* Set the ISAKMP-peer section. */
if (!conf_get_str(peer, "Phase")) {
- if (conf_set(af, peer, "Phase", "1", 0, 0)
- || conf_set(af, peer, "Refcount", "1", 0, 0)
- || conf_set(af, peer, "Address", dstbuf, 0, 0)) {
+ if (conf_set(af, peer, "Phase", "1", 0, 0) ||
+ conf_set(af, peer, "Refcount", "1", 0, 0) ||
+ conf_set(af, peer, "Address", dstbuf, 0, 0)) {
conf_end(af, 0);
goto fail;
}
@@ -3991,8 +3987,8 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
/* Now convert to printable format. */
certprint = handler->cert_printable(cert);
handler->cert_free(cert);
- if (!certprint
- || conf_set(af, peer, "Credentials", certprint, 0,
+ if (!certprint ||
+ conf_set(af, peer, "Credentials", certprint, 0,
0)) {
if (certprint)
free(certprint);
@@ -4127,9 +4123,9 @@ pf_key_v2_acquire(struct pf_key_v2_msg *pmsg)
}
if (conf_set(af, confname, "Exchange_Type", "ID_PROT",
- 0, 0)
- || conf_set(af, confname, "DOI", "IPSEC", 0, 0)
- || conf_set(af, confname, "Refcount", "1", 0, 0)) {
+ 0, 0) ||
+ conf_set(af, confname, "DOI", "IPSEC", 0, 0) ||
+ conf_set(af, confname, "Refcount", "1", 0, 0)) {
conf_end(af, 0);
goto fail;
}
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index a38348427b4..ea0ea5b05b9 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.81 2005/04/04 19:31:11 deraadt Exp $ */
+/* $OpenBSD: policy.c,v 1.82 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -178,8 +178,8 @@ policy_callback(char *name)
static int dirty = 1;
/* We only need to set dirty at initialization time really. */
- if (strcmp(name, KEYNOTE_CALLBACK_CLEANUP) == 0
- || strcmp(name, KEYNOTE_CALLBACK_INITIALIZE) == 0) {
+ if (strcmp(name, KEYNOTE_CALLBACK_CLEANUP) == 0 ||
+ strcmp(name, KEYNOTE_CALLBACK_INITIALIZE) == 0) {
esp_present = ah_present = comp_present = pfs = "no";
ah_hash_alg = ah_auth_alg = phase_1 = "";
esp_auth_alg = esp_enc_alg = comp_alg = ah_encapsulation = "";
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 55c5207838d..7a49fa9b098 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.92 2005/04/06 00:02:56 cloder Exp $ */
+/* $OpenBSD: sa.c,v 1.93 2005/04/06 16:00:20 deraadt Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -345,11 +345,10 @@ sa_lookup(u_int8_t *cookies, u_int8_t *message_id)
}
bucket &= bucket_mask;
for (sa = LIST_FIRST(&sa_tab[bucket]);
- sa && (memcmp(cookies, sa->cookies, ISAKMP_HDR_COOKIES_LEN) != 0
- || (message_id && memcmp(message_id, sa->message_id,
- ISAKMP_HDR_MESSAGE_ID_LEN) != 0)
- || (!message_id && !zero_test(sa->message_id,
- ISAKMP_HDR_MESSAGE_ID_LEN)));
+ sa && (memcmp(cookies, sa->cookies, ISAKMP_HDR_COOKIES_LEN) != 0 ||
+ (message_id && memcmp(message_id, sa->message_id,
+ ISAKMP_HDR_MESSAGE_ID_LEN) != 0) ||
+ (!message_id && !zero_test(sa->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)));
sa = LIST_NEXT(sa, link))
;
diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c
index f7fd328c7d3..09c2b7bffac 100644
--- a/sbin/isakmpd/virtual.c
+++ b/sbin/isakmpd/virtual.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: virtual.c,v 1.15 2005/04/05 18:06:06 cloder Exp $ */
+/* $OpenBSD: virtual.c,v 1.16 2005/04/06 16:00:20 deraadt Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -169,8 +169,8 @@ virtual_reinit(void)
/* Mark all UDP transports, except the default ones. */
for (v = LIST_FIRST(&virtual_listen_list); v; v = LIST_NEXT(v, link))
- if (&v->transport != default_transport
- && &v->transport != default_transport6)
+ if (&v->transport != default_transport &&
+ &v->transport != default_transport6)
v->transport.flags |= TRANSPORT_MARK;
/* Re-probe interface list. */
@@ -209,11 +209,10 @@ virtual_listen_lookup(struct sockaddr *addr)
continue;
}
- if (u->src->sa_family == addr->sa_family
- && sockaddr_addrlen(u->src) == sockaddr_addrlen(addr)
- && memcmp(sockaddr_addrdata (u->src),
- sockaddr_addrdata(addr),
- sockaddr_addrlen(addr)) == 0)
+ if (u->src->sa_family == addr->sa_family &&
+ sockaddr_addrlen(u->src) == sockaddr_addrlen(addr) &&
+ memcmp(sockaddr_addrdata (u->src), sockaddr_addrdata(addr),
+ sockaddr_addrlen(addr)) == 0)
return v;
}
@@ -360,10 +359,10 @@ virtual_bind_if(char *ifname, struct sockaddr *if_addr, void *arg)
/*
* Drop non-Internet stuff.
*/
- if ((if_addr->sa_family != AF_INET
- || sysdep_sa_len(if_addr) != sizeof (struct sockaddr_in))
- && (if_addr->sa_family != AF_INET6
- || sysdep_sa_len(if_addr) != sizeof (struct sockaddr_in6)))
+ if ((if_addr->sa_family != AF_INET ||
+ sysdep_sa_len(if_addr) != sizeof (struct sockaddr_in)) &&
+ (if_addr->sa_family != AF_INET6 ||
+ sysdep_sa_len(if_addr) != sizeof (struct sockaddr_in6)))
return 0;
/*
@@ -387,10 +386,9 @@ virtual_bind_if(char *ifname, struct sockaddr *if_addr, void *arg)
* These special addresses are not useable as they have special meaning
* in the IP stack.
*/
- if (if_addr->sa_family == AF_INET
- && (((struct sockaddr_in *)if_addr)->sin_addr.s_addr == INADDR_ANY
- || (((struct sockaddr_in *)if_addr)->sin_addr.s_addr
- == INADDR_NONE)))
+ if (if_addr->sa_family == AF_INET &&
+ (((struct sockaddr_in *)if_addr)->sin_addr.s_addr == INADDR_ANY ||
+ (((struct sockaddr_in *)if_addr)->sin_addr.s_addr == INADDR_NONE)))
return 0;
/*
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-24 14:49:39 +0000