From da67e76875824d7cb3bb8f68c984ee5b8a1c0b95 Mon Sep 17 00:00:00 2001 From: ozaki-r Date: Wed, 19 Apr 2017 09:22:17 +0000 Subject: [PATCH] Return early, reduce identation (NFCI) --- sys/netipsec/key.c | 344 +++++++++++++++++++++++---------------------- 1 file changed, 174 insertions(+), 170 deletions(-) diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 7c272aa6d161..e9628030b209 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.112 2017/04/19 07:19:46 ozaki-r Exp $ */ +/* $NetBSD: key.c,v 1.113 2017/04/19 09:22:17 ozaki-r Exp $ */ /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.112 2017/04/19 07:19:46 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.113 2017/04/19 09:22:17 ozaki-r Exp $"); /* * This code is referd to RFC 2367 @@ -1465,176 +1465,11 @@ key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) case IPSEC_POLICY_ENTRUST: case IPSEC_POLICY_BYPASS: newsp->req = NULL; - break; + *error = 0; + return newsp; case IPSEC_POLICY_IPSEC: - { - int tlen; - const struct sadb_x_ipsecrequest *xisr; - uint16_t xisr_reqid; - struct ipsecrequest **p_isr = &newsp->req; - - /* validity check */ - if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { - ipseclog((LOG_DEBUG, - "key_msg2sp: Invalid msg length.\n")); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - - tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); - xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1); - - while (tlen > 0) { - /* length check */ - if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { - ipseclog((LOG_DEBUG, "key_msg2sp: " - "invalid ipsecrequest length.\n")); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - - /* allocate request buffer */ - KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr)); - if ((*p_isr) == NULL) { - ipseclog((LOG_DEBUG, - "key_msg2sp: No more memory.\n")); - KEY_FREESP(&newsp); - *error = ENOBUFS; - return NULL; - } - memset(*p_isr, 0, sizeof(**p_isr)); - - /* set values */ - (*p_isr)->next = NULL; - - switch (xisr->sadb_x_ipsecrequest_proto) { - case IPPROTO_ESP: - case IPPROTO_AH: - case IPPROTO_IPCOMP: - break; - default: - ipseclog((LOG_DEBUG, - "key_msg2sp: invalid proto type=%u\n", - xisr->sadb_x_ipsecrequest_proto)); - KEY_FREESP(&newsp); - *error = EPROTONOSUPPORT; - return NULL; - } - (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; - - switch (xisr->sadb_x_ipsecrequest_mode) { - case IPSEC_MODE_TRANSPORT: - case IPSEC_MODE_TUNNEL: - break; - case IPSEC_MODE_ANY: - default: - ipseclog((LOG_DEBUG, - "key_msg2sp: invalid mode=%u\n", - xisr->sadb_x_ipsecrequest_mode)); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; - - switch (xisr->sadb_x_ipsecrequest_level) { - case IPSEC_LEVEL_DEFAULT: - case IPSEC_LEVEL_USE: - case IPSEC_LEVEL_REQUIRE: - break; - case IPSEC_LEVEL_UNIQUE: - xisr_reqid = xisr->sadb_x_ipsecrequest_reqid; - /* validity check */ - /* - * If range violation of reqid, kernel will - * update it, don't refuse it. - */ - if (xisr_reqid > IPSEC_MANUAL_REQID_MAX) { - ipseclog((LOG_DEBUG, - "key_msg2sp: reqid=%d range " - "violation, updated by kernel.\n", - xisr_reqid)); - xisr_reqid = 0; - } - - /* allocate new reqid id if reqid is zero. */ - if (xisr_reqid == 0) { - u_int16_t reqid; - if ((reqid = key_newreqid()) == 0) { - KEY_FREESP(&newsp); - *error = ENOBUFS; - return NULL; - } - (*p_isr)->saidx.reqid = reqid; - } else { - /* set it for manual keying. */ - (*p_isr)->saidx.reqid = xisr_reqid; - } - break; - - default: - ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n", - xisr->sadb_x_ipsecrequest_level)); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; - - /* set IP addresses if there */ - if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { - const struct sockaddr *paddr; - - paddr = (const struct sockaddr *)(xisr + 1); - - /* validity check */ - if (paddr->sa_len - > sizeof((*p_isr)->saidx.src)) { - ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " - "address length.\n")); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len); - - paddr = (const struct sockaddr *)((const char *)paddr - + paddr->sa_len); - - /* validity check */ - if (paddr->sa_len - > sizeof((*p_isr)->saidx.dst)) { - ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " - "address length.\n")); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len); - } - - (*p_isr)->sav = NULL; - (*p_isr)->sp = newsp; - - /* initialization for the next. */ - p_isr = &(*p_isr)->next; - tlen -= xisr->sadb_x_ipsecrequest_len; - - /* validity check */ - if (tlen < 0) { - ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n")); - KEY_FREESP(&newsp); - *error = EINVAL; - return NULL; - } - - xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr - + xisr->sadb_x_ipsecrequest_len); - } - } + /* Continued */ break; default: ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n")); @@ -1643,6 +1478,175 @@ key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) return NULL; } + /* IPSEC_POLICY_IPSEC */ + { + int tlen; + const struct sadb_x_ipsecrequest *xisr; + uint16_t xisr_reqid; + struct ipsecrequest **p_isr = &newsp->req; + + /* validity check */ + if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { + ipseclog((LOG_DEBUG, + "key_msg2sp: Invalid msg length.\n")); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + + tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); + xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1); + + while (tlen > 0) { + /* length check */ + if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { + ipseclog((LOG_DEBUG, "key_msg2sp: " + "invalid ipsecrequest length.\n")); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + + /* allocate request buffer */ + KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr)); + if ((*p_isr) == NULL) { + ipseclog((LOG_DEBUG, + "key_msg2sp: No more memory.\n")); + KEY_FREESP(&newsp); + *error = ENOBUFS; + return NULL; + } + memset(*p_isr, 0, sizeof(**p_isr)); + + /* set values */ + (*p_isr)->next = NULL; + + switch (xisr->sadb_x_ipsecrequest_proto) { + case IPPROTO_ESP: + case IPPROTO_AH: + case IPPROTO_IPCOMP: + break; + default: + ipseclog((LOG_DEBUG, + "key_msg2sp: invalid proto type=%u\n", + xisr->sadb_x_ipsecrequest_proto)); + KEY_FREESP(&newsp); + *error = EPROTONOSUPPORT; + return NULL; + } + (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; + + switch (xisr->sadb_x_ipsecrequest_mode) { + case IPSEC_MODE_TRANSPORT: + case IPSEC_MODE_TUNNEL: + break; + case IPSEC_MODE_ANY: + default: + ipseclog((LOG_DEBUG, + "key_msg2sp: invalid mode=%u\n", + xisr->sadb_x_ipsecrequest_mode)); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; + + switch (xisr->sadb_x_ipsecrequest_level) { + case IPSEC_LEVEL_DEFAULT: + case IPSEC_LEVEL_USE: + case IPSEC_LEVEL_REQUIRE: + break; + case IPSEC_LEVEL_UNIQUE: + xisr_reqid = xisr->sadb_x_ipsecrequest_reqid; + /* validity check */ + /* + * If range violation of reqid, kernel will + * update it, don't refuse it. + */ + if (xisr_reqid > IPSEC_MANUAL_REQID_MAX) { + ipseclog((LOG_DEBUG, + "key_msg2sp: reqid=%d range " + "violation, updated by kernel.\n", + xisr_reqid)); + xisr_reqid = 0; + } + + /* allocate new reqid id if reqid is zero. */ + if (xisr_reqid == 0) { + u_int16_t reqid; + if ((reqid = key_newreqid()) == 0) { + KEY_FREESP(&newsp); + *error = ENOBUFS; + return NULL; + } + (*p_isr)->saidx.reqid = reqid; + } else { + /* set it for manual keying. */ + (*p_isr)->saidx.reqid = xisr_reqid; + } + break; + + default: + ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n", + xisr->sadb_x_ipsecrequest_level)); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; + + /* set IP addresses if there */ + if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { + const struct sockaddr *paddr; + + paddr = (const struct sockaddr *)(xisr + 1); + + /* validity check */ + if (paddr->sa_len + > sizeof((*p_isr)->saidx.src)) { + ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " + "address length.\n")); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len); + + paddr = (const struct sockaddr *)((const char *)paddr + + paddr->sa_len); + + /* validity check */ + if (paddr->sa_len + > sizeof((*p_isr)->saidx.dst)) { + ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " + "address length.\n")); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len); + } + + (*p_isr)->sav = NULL; + (*p_isr)->sp = newsp; + + /* initialization for the next. */ + p_isr = &(*p_isr)->next; + tlen -= xisr->sadb_x_ipsecrequest_len; + + /* validity check */ + if (tlen < 0) { + ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n")); + KEY_FREESP(&newsp); + *error = EINVAL; + return NULL; + } + + xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr + + xisr->sadb_x_ipsecrequest_len); + } + } + *error = 0; return newsp; }