[hipl-commit] [trunk] Rev 3596: Reformatted lib/ipsec.

  • From: Tim Just <tim.just@xxxxxxxxxxxxxx>
  • To: hipl-commit@xxxxxxxxxxxxx
  • Date: Thu, 11 Feb 2010 02:21:36 +0200

Committer: Tim Just <tim.just@xxxxxxxxxxxxxx>
Date: Thu Feb 11 01:21:24 2010 +0100
Revision: 3596
Revision-id: tim.just@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  Reformatted lib/ipsec.

Modified:
  M  lib/ipsec/ipsec_strerror.c
  M  lib/ipsec/ipsec_strerror.h
  M  lib/ipsec/libpfkey.h
  M  lib/ipsec/pfkey.c
  M  lib/ipsec/policy_parse.h

=== modified file 'lib/ipsec/ipsec_strerror.c'
--- lib/ipsec/ipsec_strerror.c  2010-01-19 11:34:01 +0000
+++ lib/ipsec/ipsec_strerror.c  2010-02-11 00:21:24 +0000
@@ -46,51 +46,52 @@
 int __ipsec_errcode;
 
 static const char *ipsec_errlist[] = {
-"Success",                                     /*EIPSEC_NO_ERROR*/
-"Not supported",                               /*EIPSEC_NOT_SUPPORTED*/
-"Invalid argument",                            /*EIPSEC_INVAL_ARGUMENT*/
-"Invalid sadb message",                                /*EIPSEC_INVAL_SADBMSG*/
-"Invalid version",                             /*EIPSEC_INVAL_VERSION*/
-"Invalid security policy",                     /*EIPSEC_INVAL_POLICY*/
-"Invalid address specification",               /*EIPSEC_INVAL_ADDRESS*/
-"Invalid ipsec protocol",                      /*EIPSEC_INVAL_PROTO*/
-"Invalid ipsec mode",                          /*EIPSEC_INVAL_MODE*/
-"Invalid ipsec level",                         /*EIPSEC_INVAL_LEVEL*/
-"Invalid SA type",                             /*EIPSEC_INVAL_SATYPE*/
-"Invalid message type",                                /*EIPSEC_INVAL_MSGTYPE*/
-"Invalid extension type",                      /*EIPSEC_INVAL_EXTTYPE*/
-"Invalid algorithm type",                      /*EIPSEC_INVAL_ALGS*/
-"Invalid key length",                          /*EIPSEC_INVAL_KEYLEN*/
-"Invalid address family",                      /*EIPSEC_INVAL_FAMILY*/
-"Invalid prefix length",                       /*EIPSEC_INVAL_PREFIXLEN*/
-"Invalid direciton",                           /*EIPSEC_INVAL_DIR*/
-"SPI range violation",                         /*EIPSEC_INVAL_SPI*/
-"No protocol specified",                       /*EIPSEC_NO_PROTO*/
-"No algorithm specified",                      /*EIPSEC_NO_ALGS*/
-"No buffers available",                                /*EIPSEC_NO_BUFS*/
-"Must get supported algorithms list first",    /*EIPSEC_DO_GET_SUPP_LIST*/
-"Protocol mismatch",                           /*EIPSEC_PROTO_MISMATCH*/
-"Family mismatch",                             /*EIPSEC_FAMILY_MISMATCH*/
-"Too few arguments",                           /*EIPSEC_FEW_ARGUMENTS*/
-NULL,                                          /*EIPSEC_SYSTEM_ERROR*/
-"Priority offset not in valid range [-2147483647, 2147483648]",        
/*EIPSEC_INVAL_PRIORITY_OFFSET*/
-"Priority offset from base not in valid range [0, 1073741823] for negative 
offsets and [0, 1073741824] for positive offsets", /* 
EIPSEC_INVAL_PRIORITY_OFFSET */
-"Policy priority not compiled in",     /*EIPSEC_PRIORITY_NOT_COMPILED*/
-"Unknown error",                               /*EIPSEC_MAX*/
+    "Success",                                  /*EIPSEC_NO_ERROR*/
+    "Not supported",                            /*EIPSEC_NOT_SUPPORTED*/
+    "Invalid argument",                         /*EIPSEC_INVAL_ARGUMENT*/
+    "Invalid sadb message",                     /*EIPSEC_INVAL_SADBMSG*/
+    "Invalid version",                          /*EIPSEC_INVAL_VERSION*/
+    "Invalid security policy",                  /*EIPSEC_INVAL_POLICY*/
+    "Invalid address specification",            /*EIPSEC_INVAL_ADDRESS*/
+    "Invalid ipsec protocol",                   /*EIPSEC_INVAL_PROTO*/
+    "Invalid ipsec mode",                       /*EIPSEC_INVAL_MODE*/
+    "Invalid ipsec level",                      /*EIPSEC_INVAL_LEVEL*/
+    "Invalid SA type",                          /*EIPSEC_INVAL_SATYPE*/
+    "Invalid message type",                     /*EIPSEC_INVAL_MSGTYPE*/
+    "Invalid extension type",                   /*EIPSEC_INVAL_EXTTYPE*/
+    "Invalid algorithm type",                   /*EIPSEC_INVAL_ALGS*/
+    "Invalid key length",                       /*EIPSEC_INVAL_KEYLEN*/
+    "Invalid address family",                   /*EIPSEC_INVAL_FAMILY*/
+    "Invalid prefix length",                    /*EIPSEC_INVAL_PREFIXLEN*/
+    "Invalid direciton",                        /*EIPSEC_INVAL_DIR*/
+    "SPI range violation",                      /*EIPSEC_INVAL_SPI*/
+    "No protocol specified",                    /*EIPSEC_NO_PROTO*/
+    "No algorithm specified",                   /*EIPSEC_NO_ALGS*/
+    "No buffers available",                     /*EIPSEC_NO_BUFS*/
+    "Must get supported algorithms list first", /*EIPSEC_DO_GET_SUPP_LIST*/
+    "Protocol mismatch",                        /*EIPSEC_PROTO_MISMATCH*/
+    "Family mismatch",                          /*EIPSEC_FAMILY_MISMATCH*/
+    "Too few arguments",                        /*EIPSEC_FEW_ARGUMENTS*/
+    NULL,                                       /*EIPSEC_SYSTEM_ERROR*/
+    "Priority offset not in valid range [-2147483647, 2147483648]", 
/*EIPSEC_INVAL_PRIORITY_OFFSET*/
+    "Priority offset from base not in valid range [0, 1073741823] for negative 
offsets and [0, 1073741824] for positive offsets", /* 
EIPSEC_INVAL_PRIORITY_OFFSET */
+    "Policy priority not compiled in",  /*EIPSEC_PRIORITY_NOT_COMPILED*/
+    "Unknown error",                            /*EIPSEC_MAX*/
 };
 
 const char *ipsec_strerror(void)
 {
-  if (__ipsec_errcode < 0 || __ipsec_errcode > EIPSEC_MAX)
-    __ipsec_errcode = EIPSEC_MAX;
+    if (__ipsec_errcode < 0 || __ipsec_errcode > EIPSEC_MAX) {
+        __ipsec_errcode = EIPSEC_MAX;
+    }
 
-  return ipsec_errlist[__ipsec_errcode];
+    return ipsec_errlist[__ipsec_errcode];
 }
 
 void __ipsec_set_strerror(const char *str)
 {
-       __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
-       ipsec_errlist[EIPSEC_SYSTEM_ERROR] = str;
+    __ipsec_errcode                    = EIPSEC_SYSTEM_ERROR;
+    ipsec_errlist[EIPSEC_SYSTEM_ERROR] = str;
 
-       return;
+    return;
 }

=== modified file 'lib/ipsec/ipsec_strerror.h'
--- lib/ipsec/ipsec_strerror.h  2010-01-19 11:34:01 +0000
+++ lib/ipsec/ipsec_strerror.h  2010-02-11 00:21:24 +0000
@@ -37,37 +37,37 @@
 extern int __ipsec_errcode;
 extern void __ipsec_set_strerror __P((const char *));
 
-#define EIPSEC_NO_ERROR                0       /*success*/
-#define EIPSEC_NOT_SUPPORTED   1       /*not supported*/
-#define EIPSEC_INVAL_ARGUMENT  2       /*invalid argument*/
-#define EIPSEC_INVAL_SADBMSG   3       /*invalid sadb message*/
-#define EIPSEC_INVAL_VERSION   4       /*invalid version*/
-#define EIPSEC_INVAL_POLICY    5       /*invalid security policy*/
-#define EIPSEC_INVAL_ADDRESS   6       /*invalid address specification*/
-#define EIPSEC_INVAL_PROTO     7       /*invalid ipsec protocol*/
-#define EIPSEC_INVAL_MODE      8       /*Invalid ipsec mode*/
-#define EIPSEC_INVAL_LEVEL     9       /*invalid ipsec level*/
-#define EIPSEC_INVAL_SATYPE    10      /*invalid SA type*/
-#define EIPSEC_INVAL_MSGTYPE   11      /*invalid message type*/
-#define EIPSEC_INVAL_EXTTYPE   12      /*invalid extension type*/
-#define EIPSEC_INVAL_ALGS      13      /*Invalid algorithm type*/
-#define EIPSEC_INVAL_KEYLEN    14      /*invalid key length*/
-#define EIPSEC_INVAL_FAMILY    15      /*invalid address family*/
-#define EIPSEC_INVAL_PREFIXLEN 16      /*SPI range violation*/
-#define EIPSEC_INVAL_DIR       17      /*Invalid direciton*/
-#define EIPSEC_INVAL_SPI       18      /*invalid prefixlen*/
-#define EIPSEC_NO_PROTO                19      /*no protocol specified*/
-#define EIPSEC_NO_ALGS         20      /*No algorithm specified*/
-#define EIPSEC_NO_BUFS         21      /*no buffers available*/
-#define EIPSEC_DO_GET_SUPP_LIST        22      /*must get supported algorithm 
first*/
-#define EIPSEC_PROTO_MISMATCH  23      /*protocol mismatch*/
-#define EIPSEC_FAMILY_MISMATCH 24      /*family mismatch*/
-#define EIPSEC_FEW_ARGUMENTS   25      /*Too few arguments*/
-#define EIPSEC_SYSTEM_ERROR    26      /*system error*/
-#define EIPSEC_INVAL_PRIORITY_OFFSET   27      /*priority offset out of range*/
-#define EIPSEC_INVAL_PRIORITY_BASE_OFFSET      28      /* priority base offset 
too
-                                                   large */
-#define EIPSEC_PRIORITY_NOT_COMPILED   29      /*no priority support in 
libipsec*/
-#define EIPSEC_MAX             30      /*unknown error*/
+#define EIPSEC_NO_ERROR         0       /*success*/
+#define EIPSEC_NOT_SUPPORTED    1       /*not supported*/
+#define EIPSEC_INVAL_ARGUMENT   2       /*invalid argument*/
+#define EIPSEC_INVAL_SADBMSG    3       /*invalid sadb message*/
+#define EIPSEC_INVAL_VERSION    4       /*invalid version*/
+#define EIPSEC_INVAL_POLICY     5       /*invalid security policy*/
+#define EIPSEC_INVAL_ADDRESS    6       /*invalid address specification*/
+#define EIPSEC_INVAL_PROTO      7       /*invalid ipsec protocol*/
+#define EIPSEC_INVAL_MODE       8       /*Invalid ipsec mode*/
+#define EIPSEC_INVAL_LEVEL      9       /*invalid ipsec level*/
+#define EIPSEC_INVAL_SATYPE     10      /*invalid SA type*/
+#define EIPSEC_INVAL_MSGTYPE    11      /*invalid message type*/
+#define EIPSEC_INVAL_EXTTYPE    12      /*invalid extension type*/
+#define EIPSEC_INVAL_ALGS       13      /*Invalid algorithm type*/
+#define EIPSEC_INVAL_KEYLEN     14      /*invalid key length*/
+#define EIPSEC_INVAL_FAMILY     15      /*invalid address family*/
+#define EIPSEC_INVAL_PREFIXLEN  16      /*SPI range violation*/
+#define EIPSEC_INVAL_DIR        17      /*Invalid direciton*/
+#define EIPSEC_INVAL_SPI        18      /*invalid prefixlen*/
+#define EIPSEC_NO_PROTO         19      /*no protocol specified*/
+#define EIPSEC_NO_ALGS          20      /*No algorithm specified*/
+#define EIPSEC_NO_BUFS          21      /*no buffers available*/
+#define EIPSEC_DO_GET_SUPP_LIST 22      /*must get supported algorithm first*/
+#define EIPSEC_PROTO_MISMATCH   23      /*protocol mismatch*/
+#define EIPSEC_FAMILY_MISMATCH  24      /*family mismatch*/
+#define EIPSEC_FEW_ARGUMENTS    25      /*Too few arguments*/
+#define EIPSEC_SYSTEM_ERROR     26      /*system error*/
+#define EIPSEC_INVAL_PRIORITY_OFFSET    27      /*priority offset out of 
range*/
+#define EIPSEC_INVAL_PRIORITY_BASE_OFFSET       28      /* priority base 
offset too
+                                                         * large */
+#define EIPSEC_PRIORITY_NOT_COMPILED    29      /*no priority support in 
libipsec*/
+#define EIPSEC_MAX              30      /*unknown error*/
 
 #endif /* _IPSEC_STRERROR_H */

=== modified file 'lib/ipsec/libpfkey.h'
--- lib/ipsec/libpfkey.h        2010-01-19 11:34:01 +0000
+++ lib/ipsec/libpfkey.h        2010-02-11 00:21:24 +0000
@@ -41,8 +41,8 @@
 #define PRIORITY_DEFAULT    0x80000000
 #define PRIORITY_HIGH       0x40000000
 
-#define PRIORITY_OFFSET_POSITIVE_MAX   0x3fffffff
-#define PRIORITY_OFFSET_NEGATIVE_MAX   0x40000000
+#define PRIORITY_OFFSET_POSITIVE_MAX    0x3fffffff
+#define PRIORITY_OFFSET_NEGATIVE_MAX    0x40000000
 
 struct sadb_msg;
 extern void pfkey_sadump __P((struct sadb_msg *));
@@ -64,38 +64,38 @@
 #endif
 
 struct pfkey_send_sa_args {
-       int             so;                     /* socket */
-       u_int           type;                   
-       u_int           satype;
-       u_int           mode;
-       struct sockaddr *src;                   /* IP src address for SA */
-       struct sockaddr *dst;                   /* IP dst address for SA */
-       u_int32_t       spi;                    /* SA's spi */
-       u_int32_t       reqid;
-       u_int           wsize;
-       caddr_t         keymat;
-       u_int           e_type, e_keylen;       /* Encryption alg and keylen */
-       u_int           a_type, a_keylen;       /* Authentication alg and key */
-       u_int           flags;
-       u_int32_t       l_alloc;
-       u_int32_t       l_bytes;
-       u_int32_t       l_addtime;
-       u_int32_t       l_usetime;
-       u_int32_t       seq;
-       u_int8_t        l_natt_type;
-       u_int16_t       l_natt_sport, l_natt_dport;
-       struct sockaddr *l_natt_oa;
-       u_int16_t       l_natt_frag;
-       u_int8_t ctxdoi, ctxalg;        /* Security context DOI and algorithm */
-       caddr_t ctxstr;                 /* Security context string */
-       u_int16_t ctxstrlen;            /* length of security context string */
+    int              so;                        /* socket */
+    u_int            type;
+    u_int            satype;
+    u_int            mode;
+    struct sockaddr *src;                       /* IP src address for SA */
+    struct sockaddr *dst;                       /* IP dst address for SA */
+    u_int32_t        spi;                       /* SA's spi */
+    u_int32_t        reqid;
+    u_int            wsize;
+    caddr_t          keymat;
+    u_int            e_type, e_keylen;          /* Encryption alg and keylen */
+    u_int            a_type, a_keylen;          /* Authentication alg and key 
*/
+    u_int            flags;
+    u_int32_t        l_alloc;
+    u_int32_t        l_bytes;
+    u_int32_t        l_addtime;
+    u_int32_t        l_usetime;
+    u_int32_t        seq;
+    u_int8_t         l_natt_type;
+    u_int16_t        l_natt_sport, l_natt_dport;
+    struct sockaddr *l_natt_oa;
+    u_int16_t        l_natt_frag;
+    u_int8_t         ctxdoi, ctxalg;    /* Security context DOI and algorithm 
*/
+    caddr_t          ctxstr;            /* Security context string */
+    u_int16_t        ctxstrlen;         /* length of security context string */
 };
 
 /* The options built into libipsec */
 extern int libipsec_opt;
-#define LIBIPSEC_OPT_NATT              0x01
-#define LIBIPSEC_OPT_FRAG              0x02
-#define LIBIPSEC_OPT_SEC_CTX           0x04
+#define LIBIPSEC_OPT_NATT               0x01
+#define LIBIPSEC_OPT_FRAG               0x02
+#define LIBIPSEC_OPT_SEC_CTX            0x04
 
 /* IPsec Library Routines */
 
@@ -107,7 +107,7 @@
 const char *ipsec_strerror __P((void));
 void kdebug_sadb __P((struct sadb_msg *));
 ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int));
-int  ipsec_get_policylen __P((ipsec_policy_t));
+int ipsec_get_policylen __P((ipsec_policy_t));
 char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *));
 
 /* PFKey Routines */
@@ -115,15 +115,15 @@
 u_int pfkey_set_softrate __P((u_int, u_int));
 u_int pfkey_get_softrate __P((u_int));
 int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
-       struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
+                           struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, 
u_int32_t));
 int pfkey_send_update2 __P((struct pfkey_send_sa_args *));
-int pfkey_send_add2 __P((struct pfkey_send_sa_args *)); 
+int pfkey_send_add2 __P((struct pfkey_send_sa_args *));
 int pfkey_send_delete __P((int, u_int, u_int,
-       struct sockaddr *, struct sockaddr *, u_int32_t));
+                           struct sockaddr *, struct sockaddr *, u_int32_t));
 int pfkey_send_delete_all __P((int, u_int, u_int,
-       struct sockaddr *, struct sockaddr *));
+                               struct sockaddr *, struct sockaddr *));
 int pfkey_send_get __P((int, u_int, u_int,
-       struct sockaddr *, struct sockaddr *, u_int32_t));
+                        struct sockaddr *, struct sockaddr *, u_int32_t));
 int pfkey_send_register __P((int, u_int));
 int pfkey_recv_register __P((int));
 int pfkey_set_supported __P((struct sadb_msg *, int));
@@ -131,26 +131,26 @@
 int pfkey_send_dump __P((int, u_int));
 int pfkey_send_promisc_toggle __P((int, int));
 int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
+                           struct sockaddr *, u_int, u_int, caddr_t, int, 
u_int32_t));
 int pfkey_send_spdadd2 __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
-       caddr_t, int, u_int32_t));
+                            struct sockaddr *, u_int, u_int, u_int64_t, 
u_int64_t,
+                            caddr_t, int, u_int32_t));
 int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
+                              struct sockaddr *, u_int, u_int, caddr_t, int, 
u_int32_t));
 int pfkey_send_spdupdate2 __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
-       caddr_t, int, u_int32_t));
+                               struct sockaddr *, u_int, u_int, u_int64_t, 
u_int64_t,
+                               caddr_t, int, u_int32_t));
 int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
+                              struct sockaddr *, u_int, u_int, caddr_t, int, 
u_int32_t));
 int pfkey_send_spddelete2 __P((int, u_int32_t));
 int pfkey_send_spdget __P((int, u_int32_t));
 int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
+                              struct sockaddr *, u_int, u_int, caddr_t, int, 
u_int32_t));
 int pfkey_send_spdflush __P((int));
 int pfkey_send_spddump __P((int));
 #ifdef SADB_X_MIGRATE
 int pfkey_send_migrate __P((int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
+                            struct sockaddr *, u_int, u_int, caddr_t, int, 
u_int32_t));
 #endif
 
 int pfkey_open __P((void));
@@ -160,28 +160,28 @@
 int pfkey_align __P((struct sadb_msg *, caddr_t *));
 int pfkey_check __P((caddr_t *));
 
-/* 
- * Deprecated, available for backward compatibility with third party 
+/*
+ * Deprecated, available for backward compatibility with third party
  * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
  */
 int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
-       struct sockaddr *, u_int32_t, u_int32_t, u_int,
-       caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
-       u_int64_t, u_int64_t, u_int32_t));
+                           struct sockaddr *, u_int32_t, u_int32_t, u_int,
+                           caddr_t, u_int, u_int, u_int, u_int, u_int, 
u_int32_t, u_int64_t,
+                           u_int64_t, u_int64_t, u_int32_t));
 int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *,
-       struct sockaddr *, u_int32_t, u_int32_t, u_int,
-       caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
-       u_int64_t, u_int64_t, u_int32_t,
-       u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
+                               struct sockaddr *, u_int32_t, u_int32_t, u_int,
+                               caddr_t, u_int, u_int, u_int, u_int, u_int, 
u_int32_t, u_int64_t,
+                               u_int64_t, u_int64_t, u_int32_t,
+                               u_int8_t, u_int16_t, u_int16_t, struct sockaddr 
*, u_int16_t));
 int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
-       struct sockaddr *, u_int32_t, u_int32_t, u_int,
-       caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
-       u_int64_t, u_int64_t, u_int32_t));
+                        struct sockaddr *, u_int32_t, u_int32_t, u_int,
+                        caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, 
u_int64_t,
+                        u_int64_t, u_int64_t, u_int32_t));
 int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *,
-       struct sockaddr *, u_int32_t, u_int32_t, u_int,
-       caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
-       u_int64_t, u_int64_t, u_int32_t,
-       u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
+                            struct sockaddr *, u_int32_t, u_int32_t, u_int,
+                            caddr_t, u_int, u_int, u_int, u_int, u_int, 
u_int32_t, u_int64_t,
+                            u_int64_t, u_int64_t, u_int32_t,
+                            u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, 
u_int16_t));
 
 #ifndef __SYSDEP_SA_LEN__
 #define __SYSDEP_SA_LEN__
@@ -195,23 +195,22 @@
 #define IPPROTO_IPCOMP IPPROTO_COMP
 #endif
 
-static __inline u_int8_t
-sysdep_sa_len (const struct sockaddr *sa)
+static __inline u_int8_t sysdep_sa_len(const struct sockaddr *sa)
 {
 #ifdef __linux__
-  switch (sa->sa_family)
-    {
+    switch (sa->sa_family) {
     case AF_INET:
-      return sizeof (struct sockaddr_in);
+        return sizeof(struct sockaddr_in);
     case AF_INET6:
-      return sizeof (struct sockaddr_in6);
+        return sizeof(struct sockaddr_in6);
     }
-  // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family);
-  return sizeof (struct sockaddr_in);
+    // log_print ("sysdep_sa_len: unknown sa family %d", sa->sa_family);
+    return sizeof(struct sockaddr_in);
 #else
-  return sa->sa_len;
+    return sa->sa_len;
 #endif
 }
+
 #endif
 
 #endif /* KAME_LIBPFKEY_H */

=== modified file 'lib/ipsec/pfkey.c'
--- lib/ipsec/pfkey.c   2010-01-19 11:34:01 +0000
+++ lib/ipsec/pfkey.c   2010-02-11 00:21:24 +0000
@@ -52,29 +52,29 @@
 #include "libpfkey.h"
 #include "libinet6/include/net/pfkeyv2.h"
 
-#define CALLOC(size, cast) (cast)calloc(1, (size))
+#define CALLOC(size, cast) (cast) calloc(1, (size))
 
 static int findsupportedmap __P((int));
 static int setsupportedmap __P((struct sadb_supported *));
 static struct sadb_alg *findsupportedalg __P((u_int, u_int));
 static int pfkey_send_x1 __P((struct pfkey_send_sa_args *));
 static int pfkey_send_x2 __P((int, u_int, u_int, u_int,
-       struct sockaddr *, struct sockaddr *, u_int32_t));
+                              struct sockaddr *, struct sockaddr *, 
u_int32_t));
 static int pfkey_send_x3 __P((int, u_int, u_int));
 static int pfkey_send_x4 __P((int, u_int, struct sockaddr *, u_int,
-       struct sockaddr *, u_int, u_int, u_int64_t, u_int64_t,
-       char *, int, u_int32_t));
+                              struct sockaddr *, u_int, u_int, u_int64_t, 
u_int64_t,
+                              char *, int, u_int32_t));
 static int pfkey_send_x5 __P((int, u_int, u_int32_t));
 
 static caddr_t pfkey_setsadbmsg __P((caddr_t, caddr_t, u_int, u_int,
-       u_int, u_int32_t, pid_t));
+                                     u_int, u_int32_t, pid_t));
 static caddr_t pfkey_setsadbsa __P((caddr_t, caddr_t, u_int32_t, u_int,
-       u_int, u_int, u_int32_t));
+                                    u_int, u_int, u_int32_t));
 static caddr_t pfkey_setsadbaddr __P((caddr_t, caddr_t, u_int,
-       struct sockaddr *, u_int, u_int));
+                                      struct sockaddr *, u_int, u_int));
 static caddr_t pfkey_setsadbkey __P((caddr_t, caddr_t, u_int, caddr_t, u_int));
 static caddr_t pfkey_setsadblifetime __P((caddr_t, caddr_t, u_int, u_int32_t,
-       u_int32_t, u_int32_t, u_int32_t));
+                                          u_int32_t, u_int32_t, u_int32_t));
 static caddr_t pfkey_setsadbxsa2 __P((caddr_t, caddr_t, u_int32_t, u_int32_t));
 
 #ifdef SADB_X_EXT_NAT_T_TYPE
@@ -87,118 +87,119 @@
 
 #ifdef SADB_X_EXT_SEC_CTX
 static caddr_t pfkey_setsecctx __P((caddr_t, caddr_t, u_int, u_int8_t, 
u_int8_t,
-                                   caddr_t, u_int16_t));
+                                    caddr_t, u_int16_t));
 #endif
 
 int libipsec_opt = 0
 #ifdef SADB_X_EXT_NAT_T_TYPE
-       | LIBIPSEC_OPT_NATT
+                   | LIBIPSEC_OPT_NATT
 #endif
 #ifdef SADB_X_EXT_NAT_T_FRAG
-       | LIBIPSEC_OPT_FRAG
+                   | LIBIPSEC_OPT_FRAG
 #endif
 #ifdef SADB_X_EXT_NAT_T_SEC_CTX
-       | LIBIPSEC_OPT_SEC_CTX
+                   | LIBIPSEC_OPT_SEC_CTX
 #endif
-       ;
+;
 
 /*
  * make and search supported algorithm structure.
  */
-static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, 
+static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL,
 #ifdef SADB_X_SATYPE_TCPSIGNATURE
-    NULL,
+                                                    NULL,
 #endif
 };
 
 static int supported_map[] = {
-       SADB_SATYPE_AH,
-       SADB_SATYPE_ESP,
-       SADB_X_SATYPE_IPCOMP,
+    SADB_SATYPE_AH,
+    SADB_SATYPE_ESP,
+    SADB_X_SATYPE_IPCOMP,
 #ifdef SADB_X_SATYPE_TCPSIGNATURE
-       SADB_X_SATYPE_TCPSIGNATURE,
+    SADB_X_SATYPE_TCPSIGNATURE,
 #endif
 };
 
-static int
-findsupportedmap(satype)
-       int satype;
-{
-       int i;
-
-       for (i = 0; i < sizeof(supported_map)/sizeof(supported_map[0]); i++)
-               if (supported_map[i] == satype)
-                       return i;
-       return -1;
-}
-
-static struct sadb_alg *
-findsupportedalg(satype, alg_id)
-       u_int satype, alg_id;
-{
-       int algno;
-       int tlen;
-       caddr_t p;
-
-       /* validity check */
-       algno = findsupportedmap((int)satype);
-       if (algno == -1) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return NULL;
-       }
-       if (ipsec_supported[algno] == NULL) {
-               __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
-               return NULL;
-       }
-
-       tlen = ipsec_supported[algno]->sadb_supported_len
-               - sizeof(struct sadb_supported);
-       p = (void *)(ipsec_supported[algno] + 1);
-       while (tlen > 0) {
-               if (tlen < sizeof(struct sadb_alg)) {
-                       /* invalid format */
-                       break;
-               }
-               if (((struct sadb_alg *)(void *)p)->sadb_alg_id == alg_id)
-                       return (void *)p;
-
-               tlen -= sizeof(struct sadb_alg);
-               p += sizeof(struct sadb_alg);
-       }
-
-       __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
-       return NULL;
-}
-
-static int
-setsupportedmap(sup)
-       struct sadb_supported *sup;
-{
-       struct sadb_supported **ipsup;
-
-       switch (sup->sadb_supported_exttype) {
-       case SADB_EXT_SUPPORTED_AUTH:
-               ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_AH)];
-               break;
-       case SADB_EXT_SUPPORTED_ENCRYPT:
-               ipsup = &ipsec_supported[findsupportedmap(SADB_SATYPE_ESP)];
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-               return -1;
-       }
-
-       if (*ipsup)
-               free(*ipsup);
-
-       *ipsup = malloc((size_t)sup->sadb_supported_len);
-       if (!*ipsup) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       memcpy(*ipsup, sup, (size_t)sup->sadb_supported_len);
-
-       return 0;
+static int findsupportedmap(satype)
+int satype;
+{
+    int i;
+
+    for (i = 0; i < sizeof(supported_map) / sizeof(supported_map[0]); i++) {
+        if (supported_map[i] == satype) {
+            return i;
+        }
+    }
+    return -1;
+}
+
+static struct sadb_alg *findsupportedalg(satype, alg_id)
+u_int satype, alg_id;
+{
+    int algno;
+    int tlen;
+    caddr_t p;
+
+    /* validity check */
+    algno = findsupportedmap((int) satype);
+    if (algno == -1) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return NULL;
+    }
+    if (ipsec_supported[algno] == NULL) {
+        __ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
+        return NULL;
+    }
+
+    tlen = ipsec_supported[algno]->sadb_supported_len
+           - sizeof(struct sadb_supported);
+    p    = (void *) (ipsec_supported[algno] + 1);
+    while (tlen > 0) {
+        if (tlen < sizeof(struct sadb_alg)) {
+            /* invalid format */
+            break;
+        }
+        if (((struct sadb_alg *) (void *) p)->sadb_alg_id == alg_id) {
+            return (void *) p;
+        }
+
+        tlen -= sizeof(struct sadb_alg);
+        p    += sizeof(struct sadb_alg);
+    }
+
+    __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
+    return NULL;
+}
+
+static int setsupportedmap(sup)
+struct sadb_supported *sup;
+{
+    struct sadb_supported **ipsup;
+
+    switch (sup->sadb_supported_exttype) {
+    case SADB_EXT_SUPPORTED_AUTH:
+        ipsup           = &ipsec_supported[findsupportedmap(SADB_SATYPE_AH)];
+        break;
+    case SADB_EXT_SUPPORTED_ENCRYPT:
+        ipsup           = &ipsec_supported[findsupportedmap(SADB_SATYPE_ESP)];
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+        return -1;
+    }
+
+    if (*ipsup) {
+        free(*ipsup);
+    }
+
+    *ipsup = malloc((size_t) sup->sadb_supported_len);
+    if (!*ipsup) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    memcpy(*ipsup, sup, (size_t) sup->sadb_supported_len);
+
+    return 0;
 }
 
 /*
@@ -210,28 +211,27 @@
  *     -1: invalid.
  *      0: valid.
  */
-int
-ipsec_check_keylen(supported, alg_id, keylen)
-       u_int supported;
-       u_int alg_id;
-       u_int keylen;
+int ipsec_check_keylen(supported, alg_id, keylen)
+u_int supported;
+u_int alg_id;
+u_int keylen;
 {
-       u_int satype;
-
-       /* validity check */
-       switch (supported) {
-       case SADB_EXT_SUPPORTED_AUTH:
-               satype = SADB_SATYPE_AH;
-               break;
-       case SADB_EXT_SUPPORTED_ENCRYPT:
-               satype = SADB_SATYPE_ESP;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       return ipsec_check_keylen2(satype, alg_id, keylen);
+    u_int satype;
+
+    /* validity check */
+    switch (supported) {
+    case SADB_EXT_SUPPORTED_AUTH:
+        satype          = SADB_SATYPE_AH;
+        break;
+    case SADB_EXT_SUPPORTED_ENCRYPT:
+        satype          = SADB_SATYPE_ESP;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    return ipsec_check_keylen2(satype, alg_id, keylen);
 }
 
 /*
@@ -242,27 +242,27 @@
  *     -1: invalid.
  *      0: valid.
  */
-int
-ipsec_check_keylen2(satype, alg_id, keylen)
-       u_int satype;
-       u_int alg_id;
-       u_int keylen;
+int ipsec_check_keylen2(satype, alg_id, keylen)
+u_int satype;
+u_int alg_id;
+u_int keylen;
 {
-       struct sadb_alg *alg;
-
-       alg = findsupportedalg(satype, alg_id);
-       if (!alg)
-               return -1;
-
-       if (keylen < alg->sadb_alg_minbits || keylen > alg->sadb_alg_maxbits) {
-               fprintf(stderr, "%d %d %d\n", keylen, alg->sadb_alg_minbits,
-                       alg->sadb_alg_maxbits);
-               __ipsec_errcode = EIPSEC_INVAL_KEYLEN;
-               return -1;
-       }
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return 0;
+    struct sadb_alg *alg;
+
+    alg = findsupportedalg(satype, alg_id);
+    if (!alg) {
+        return -1;
+    }
+
+    if (keylen < alg->sadb_alg_minbits || keylen > alg->sadb_alg_maxbits) {
+        fprintf(stderr, "%d %d %d\n", keylen, alg->sadb_alg_minbits,
+                alg->sadb_alg_maxbits);
+        __ipsec_errcode = EIPSEC_INVAL_KEYLEN;
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return 0;
 }
 
 /*
@@ -273,40 +273,40 @@
  *     -1: invalid.
  *      0: valid.
  */
-int
-ipsec_get_keylen(supported, alg_id, alg0)
-       u_int supported, alg_id;
-       struct sadb_alg *alg0;
+int ipsec_get_keylen(supported, alg_id, alg0)
+u_int supported, alg_id;
+struct sadb_alg *alg0;
 {
-       struct sadb_alg *alg;
-       u_int satype;
-
-       /* validity check */
-       if (!alg0) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       switch (supported) {
-       case SADB_EXT_SUPPORTED_AUTH:
-               satype = SADB_SATYPE_AH;
-               break;
-       case SADB_EXT_SUPPORTED_ENCRYPT:
-               satype = SADB_SATYPE_ESP;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       alg = findsupportedalg(satype, alg_id);
-       if (!alg)
-               return -1;
-
-       memcpy(alg0, alg, sizeof(*alg0));
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return 0;
+    struct sadb_alg *alg;
+    u_int satype;
+
+    /* validity check */
+    if (!alg0) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    switch (supported) {
+    case SADB_EXT_SUPPORTED_AUTH:
+        satype          = SADB_SATYPE_AH;
+        break;
+    case SADB_EXT_SUPPORTED_ENCRYPT:
+        satype          = SADB_SATYPE_ESP;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    alg = findsupportedalg(satype, alg_id);
+    if (!alg) {
+        return -1;
+    }
+
+    memcpy(alg0, alg, sizeof(*alg0));
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return 0;
 }
 
 /*
@@ -314,58 +314,57 @@
  * If rate is more than 100 or equal to zero, then set to 100.
  */
 static u_int soft_lifetime_allocations_rate = PFKEY_SOFT_LIFETIME_RATE;
-static u_int soft_lifetime_bytes_rate = PFKEY_SOFT_LIFETIME_RATE;
-static u_int soft_lifetime_addtime_rate = PFKEY_SOFT_LIFETIME_RATE;
-static u_int soft_lifetime_usetime_rate = PFKEY_SOFT_LIFETIME_RATE;
+static u_int soft_lifetime_bytes_rate       = PFKEY_SOFT_LIFETIME_RATE;
+static u_int soft_lifetime_addtime_rate     = PFKEY_SOFT_LIFETIME_RATE;
+static u_int soft_lifetime_usetime_rate     = PFKEY_SOFT_LIFETIME_RATE;
 
-u_int
-pfkey_set_softrate(type, rate)
-       u_int type, rate;
+u_int pfkey_set_softrate(type, rate)
+u_int type, rate;
 {
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-
-       if (rate > 100 || rate == 0)
-               rate = 100;
-
-       switch (type) {
-       case SADB_X_LIFETIME_ALLOCATIONS:
-               soft_lifetime_allocations_rate = rate;
-               return 0;
-       case SADB_X_LIFETIME_BYTES:
-               soft_lifetime_bytes_rate = rate;
-               return 0;
-       case SADB_X_LIFETIME_ADDTIME:
-               soft_lifetime_addtime_rate = rate;
-               return 0;
-       case SADB_X_LIFETIME_USETIME:
-               soft_lifetime_usetime_rate = rate;
-               return 0;
-       }
-
-       __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-       return 1;
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+
+    if (rate > 100 || rate == 0) {
+        rate = 100;
+    }
+
+    switch (type) {
+    case SADB_X_LIFETIME_ALLOCATIONS:
+        soft_lifetime_allocations_rate = rate;
+        return 0;
+    case SADB_X_LIFETIME_BYTES:
+        soft_lifetime_bytes_rate       = rate;
+        return 0;
+    case SADB_X_LIFETIME_ADDTIME:
+        soft_lifetime_addtime_rate     = rate;
+        return 0;
+    case SADB_X_LIFETIME_USETIME:
+        soft_lifetime_usetime_rate     = rate;
+        return 0;
+    }
+
+    __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+    return 1;
 }
 
 /*
  * get current rate for SOFT lifetime against HARD one.
  * ATTENTION: ~0 is returned if invalid type was passed.
  */
-u_int
-pfkey_get_softrate(type)
-       u_int type;
+u_int pfkey_get_softrate(type)
+u_int type;
 {
-       switch (type) {
-       case SADB_X_LIFETIME_ALLOCATIONS:
-               return soft_lifetime_allocations_rate;
-       case SADB_X_LIFETIME_BYTES:
-               return soft_lifetime_bytes_rate;
-       case SADB_X_LIFETIME_ADDTIME:
-               return soft_lifetime_addtime_rate;
-       case SADB_X_LIFETIME_USETIME:
-               return soft_lifetime_usetime_rate;
-       }
+    switch (type) {
+    case SADB_X_LIFETIME_ALLOCATIONS:
+        return soft_lifetime_allocations_rate;
+    case SADB_X_LIFETIME_BYTES:
+        return soft_lifetime_bytes_rate;
+    case SADB_X_LIFETIME_ADDTIME:
+        return soft_lifetime_addtime_rate;
+    case SADB_X_LIFETIME_USETIME:
+        return soft_lifetime_usetime_rate;
+    }
 
-       return (u_int)~0;
+    return (u_int) ~0;
 }
 
 /*
@@ -374,126 +373,126 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
-       int so;
-       u_int satype, mode;
-       struct sockaddr *src, *dst;
-       u_int32_t min, max, reqid, seq;
+int pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
+int so;
+u_int satype, mode;
+struct sockaddr *src, *dst;
+u_int32_t min, max, reqid, seq;
 {
-       struct sadb_msg *newmsg;
-       caddr_t ep;
-       int len;
-       int need_spirange = 0;
-       caddr_t p;
-       int plen;
-
-       /* validity check */
-       if (src == NULL || dst == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-       if (src->sa_family != dst->sa_family) {
-               __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-               return -1;
-       }
-       if (min > max || (min > 0 && min <= 255)) {
-               __ipsec_errcode = EIPSEC_INVAL_SPI;
-               return -1;
-       }
-       switch (src->sa_family) {
-       case AF_INET:
-               plen = sizeof(struct in_addr) << 3;
-               break;
-       case AF_INET6:
-               plen = sizeof(struct in6_addr) << 3;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-               return -1;
-       }
-
-       /* create new sadb_msg to send. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(struct sadb_x_sa2)
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(src))
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(dst));
-
-       if (min > 255 && max < (u_int)~0) {
-               need_spirange++;
-               len += sizeof(struct sadb_spirange);
-       }
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((void *)newmsg, ep, SADB_GETSPI,
-           (u_int)len, satype, seq, getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-
-       p = pfkey_setsadbxsa2(p, ep, mode, reqid);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* set sadb_address for source */
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, (u_int)plen,
-           IPSEC_ULPROTO_ANY);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* set sadb_address for destination */
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, (u_int)plen,
-           IPSEC_ULPROTO_ANY);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* proccessing spi range */
-       if (need_spirange) {
-               struct sadb_spirange spirange;
-
-               if (p + sizeof(spirange) > ep) {
-                       free(newmsg);
-                       return -1;
-               }
-
-               memset(&spirange, 0, sizeof(spirange));
-               spirange.sadb_spirange_len = PFKEY_UNIT64(sizeof(spirange));
-               spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
-               spirange.sadb_spirange_min = min;
-               spirange.sadb_spirange_max = max;
-
-               memcpy(p, &spirange, sizeof(spirange));
-
-               p += sizeof(spirange);
-       }
-       if (p != ep) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    struct sadb_msg *newmsg;
+    caddr_t ep;
+    int len;
+    int need_spirange = 0;
+    caddr_t p;
+    int plen;
+
+    /* validity check */
+    if (src == NULL || dst == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+    if (src->sa_family != dst->sa_family) {
+        __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+        return -1;
+    }
+    if (min > max || (min > 0 && min <= 255)) {
+        __ipsec_errcode = EIPSEC_INVAL_SPI;
+        return -1;
+    }
+    switch (src->sa_family) {
+    case AF_INET:
+        plen            = sizeof(struct in_addr) << 3;
+        break;
+    case AF_INET6:
+        plen            = sizeof(struct in6_addr) << 3;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+        return -1;
+    }
+
+    /* create new sadb_msg to send. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(struct sadb_x_sa2)
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(src))
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(dst));
+
+    if (min > 255 && max < (u_int) ~0) {
+        need_spirange++;
+        len += sizeof(struct sadb_spirange);
+    }
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((void *) newmsg, ep, SADB_GETSPI,
+                          (u_int) len, satype, seq, getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+
+    p = pfkey_setsadbxsa2(p, ep, mode, reqid);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* set sadb_address for source */
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, (u_int) plen,
+                          IPSEC_ULPROTO_ANY);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* set sadb_address for destination */
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, (u_int) plen,
+                          IPSEC_ULPROTO_ANY);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* proccessing spi range */
+    if (need_spirange) {
+        struct sadb_spirange spirange;
+
+        if (p + sizeof(spirange) > ep) {
+            free(newmsg);
+            return -1;
+        }
+
+        memset(&spirange, 0, sizeof(spirange));
+        spirange.sadb_spirange_len     = PFKEY_UNIT64(sizeof(spirange));
+        spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
+        spirange.sadb_spirange_min     = min;
+        spirange.sadb_spirange_max     = max;
+
+        memcpy(p, &spirange, sizeof(spirange));
+
+        p                             += sizeof(spirange);
+    }
+    if (p != ep) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* send message */
+    len = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /*
@@ -503,18 +502,18 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_update2(sa_parms)
-       struct pfkey_send_sa_args *sa_parms;
+int pfkey_send_update2(sa_parms)
+struct pfkey_send_sa_args *sa_parms;
 {
-       int len;
-
-       
-       sa_parms->type = SADB_UPDATE;
-       if ((len = pfkey_send_x1(sa_parms)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+
+    sa_parms->type = SADB_UPDATE;
+    if ((len = pfkey_send_x1(sa_parms)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -524,17 +523,17 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_add2(sa_parms)
-       struct pfkey_send_sa_args *sa_parms;
+int pfkey_send_add2(sa_parms)
+struct pfkey_send_sa_args *sa_parms;
 {
-       int len;
-       
-       sa_parms->type = SADB_ADD;
-       if ((len = pfkey_send_x1(sa_parms)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    sa_parms->type = SADB_ADD;
+    if ((len = pfkey_send_x1(sa_parms)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -543,18 +542,18 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_delete(so, satype, mode, src, dst, spi)
-       int so;
-       u_int satype, mode;
-       struct sockaddr *src, *dst;
-       u_int32_t spi;
+int pfkey_send_delete(so, satype, mode, src, dst, spi)
+int so;
+u_int satype, mode;
+struct sockaddr *src, *dst;
+u_int32_t spi;
 {
-       int len;
-       if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) 
< 0)
-               return -1;
+    int len;
+    if ((len = pfkey_send_x2(so, SADB_DELETE, satype, mode, src, dst, spi)) < 
0) {
+        return -1;
+    }
 
-       return len;
+    return len;
 }
 
 /*
@@ -567,80 +566,80 @@
  *     -1      : error occured, and set errno
  */
 /*ARGSUSED*/
-int
-pfkey_send_delete_all(so, satype, mode, src, dst)
-       int so;
-       u_int satype, mode;
-       struct sockaddr *src, *dst;
+int pfkey_send_delete_all(so, satype, mode, src, dst)
+int so;
+u_int satype, mode;
+struct sockaddr *src, *dst;
 {
-       struct sadb_msg *newmsg;
-       int len;
-       caddr_t p;
-       int plen;
-       caddr_t ep;
-
-       /* validity check */
-       if (src == NULL || dst == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-       if (src->sa_family != dst->sa_family) {
-               __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-               return -1;
-       }
-       switch (src->sa_family) {
-       case AF_INET:
-               plen = sizeof(struct in_addr) << 3;
-               break;
-       case AF_INET6:
-               plen = sizeof(struct in6_addr) << 3;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-               return -1;
-       }
-
-       /* create new sadb_msg to reply. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(src))
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(dst));
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((void *)newmsg, ep, SADB_DELETE, (u_int)len, 
-           satype, 0, getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, (u_int)plen,
-           IPSEC_ULPROTO_ANY);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, (u_int)plen,
-           IPSEC_ULPROTO_ANY);
-       if (!p || p != ep) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    struct sadb_msg *newmsg;
+    int len;
+    caddr_t p;
+    int plen;
+    caddr_t ep;
+
+    /* validity check */
+    if (src == NULL || dst == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+    if (src->sa_family != dst->sa_family) {
+        __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+        return -1;
+    }
+    switch (src->sa_family) {
+    case AF_INET:
+        plen            = sizeof(struct in_addr) << 3;
+        break;
+    case AF_INET6:
+        plen            = sizeof(struct in6_addr) << 3;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+        return -1;
+    }
+
+    /* create new sadb_msg to reply. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(src))
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(dst));
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((void *) newmsg, ep, SADB_DELETE, (u_int) len,
+                          satype, 0, getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, (u_int) plen,
+                          IPSEC_ULPROTO_ANY);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, (u_int) plen,
+                          IPSEC_ULPROTO_ANY);
+    if (!p || p != ep) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* send message */
+    len = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /*
@@ -649,18 +648,18 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_get(so, satype, mode, src, dst, spi)
-       int so;
-       u_int satype, mode;
-       struct sockaddr *src, *dst;
-       u_int32_t spi;
+int pfkey_send_get(so, satype, mode, src, dst, spi)
+int so;
+u_int satype, mode;
+struct sockaddr *src, *dst;
+u_int32_t spi;
 {
-       int len;
-       if ((len = pfkey_send_x2(so, SADB_GET, satype, mode, src, dst, spi)) < 
0)
-               return -1;
+    int len;
+    if ((len = pfkey_send_x2(so, SADB_GET, satype, mode, src, dst, spi)) < 0) {
+        return -1;
+    }
 
-       return len;
+    return len;
 }
 
 /*
@@ -669,39 +668,39 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_register(so, satype)
-       int so;
-       u_int satype;
+int pfkey_send_register(so, satype)
+int so;
+u_int satype;
 {
-       int len, algno;
-
-       if (satype == PF_UNSPEC) {
-               for (algno = 0;
-                    algno < sizeof(supported_map)/sizeof(supported_map[0]);
-                    algno++) {
-                       if (ipsec_supported[algno]) {
-                               free(ipsec_supported[algno]);
-                               ipsec_supported[algno] = NULL;
-                       }
-               }
-       } else {
-               algno = findsupportedmap((int)satype);
-               if (algno == -1) {
-                       __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-                       return -1;
-               }
-
-               if (ipsec_supported[algno]) {
-                       free(ipsec_supported[algno]);
-                       ipsec_supported[algno] = NULL;
-               }
-       }
-
-       if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0)
-               return -1;
-
-       return len;
+    int len, algno;
+
+    if (satype == PF_UNSPEC) {
+        for (algno = 0;
+             algno < sizeof(supported_map) / sizeof(supported_map[0]);
+             algno++) {
+            if (ipsec_supported[algno]) {
+                free(ipsec_supported[algno]);
+                ipsec_supported[algno] = NULL;
+            }
+        }
+    } else {
+        algno = findsupportedmap((int) satype);
+        if (algno == -1) {
+            __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+            return -1;
+        }
+
+        if (ipsec_supported[algno]) {
+            free(ipsec_supported[algno]);
+            ipsec_supported[algno] = NULL;
+        }
+    }
+
+    if ((len = pfkey_send_x3(so, SADB_REGISTER, satype)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -711,34 +710,36 @@
  *      0: success and return length sent.
  *     -1: error occured, and set errno.
  */
-int
-pfkey_recv_register(so)
-       int so;
+int pfkey_recv_register(so)
+int so;
 {
-       pid_t pid = getpid();
-       struct sadb_msg *newmsg;
-       int error = -1;
-
-       /* receive message */
-       for (;;) {
-               if ((newmsg = pfkey_recv(so)) == NULL)
-                       return -1;
-               if (newmsg->sadb_msg_type == SADB_REGISTER &&
-                   newmsg->sadb_msg_pid == pid)
-                       break;
-               free(newmsg);
-       }
-
-       /* check and fix */
-       newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len);
-
-       error = pfkey_set_supported(newmsg, newmsg->sadb_msg_len);
-       free(newmsg);
-
-       if (error == 0)
-               __ipsec_errcode = EIPSEC_NO_ERROR;
-
-       return error;
+    pid_t pid = getpid();
+    struct sadb_msg *newmsg;
+    int error = -1;
+
+    /* receive message */
+    for (;; ) {
+        if ((newmsg = pfkey_recv(so)) == NULL) {
+            return -1;
+        }
+        if (newmsg->sadb_msg_type == SADB_REGISTER &&
+            newmsg->sadb_msg_pid == pid) {
+            break;
+        }
+        free(newmsg);
+    }
+
+    /* check and fix */
+    newmsg->sadb_msg_len = PFKEY_UNUNIT64(newmsg->sadb_msg_len);
+
+    error                = pfkey_set_supported(newmsg, newmsg->sadb_msg_len);
+    free(newmsg);
+
+    if (error == 0) {
+        __ipsec_errcode = EIPSEC_NO_ERROR;
+    }
+
+    return error;
 }
 
 /*
@@ -751,62 +752,62 @@
  *      0: success and return length sent.
  *     -1: error occured, and set errno.
  */
-int
-pfkey_set_supported(msg, tlen)
-       struct sadb_msg *msg;
-       int tlen;
+int pfkey_set_supported(msg, tlen)
+struct sadb_msg *msg;
+int tlen;
 {
-       struct sadb_supported *sup;
-       caddr_t p;
-       caddr_t ep;
-
-       /* validity */
-       if (msg->sadb_msg_len != tlen) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       p = (void *)msg;
-       ep = p + tlen;
-
-       p += sizeof(struct sadb_msg);
-
-       while (p < ep) {
-               sup = (void *)p;
-               if (ep < p + sizeof(*sup) ||
-                   PFKEY_EXTLEN(sup) < sizeof(*sup) ||
-                   ep < p + sup->sadb_supported_len) {
-                       /* invalid format */
-                       break;
-               }
-
-               switch (sup->sadb_supported_exttype) {
-               case SADB_EXT_SUPPORTED_AUTH:
-               case SADB_EXT_SUPPORTED_ENCRYPT:
-                       break;
-               default:
-                       __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-                       return -1;
-               }
-
-               /* fixed length */
-               sup->sadb_supported_len = PFKEY_EXTLEN(sup);
-
-               /* set supported map */
-               if (setsupportedmap(sup) != 0)
-                       return -1;
-
-               p += sup->sadb_supported_len;
-       }
-
-       if (p != ep) {
-               __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-               return -1;
-       }
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-
-       return 0;
+    struct sadb_supported *sup;
+    caddr_t p;
+    caddr_t ep;
+
+    /* validity */
+    if (msg->sadb_msg_len != tlen) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    p  = (void *) msg;
+    ep = p + tlen;
+
+    p += sizeof(struct sadb_msg);
+
+    while (p < ep) {
+        sup = (void *) p;
+        if (ep < p + sizeof(*sup) ||
+            PFKEY_EXTLEN(sup) < sizeof(*sup) ||
+            ep < p + sup->sadb_supported_len) {
+            /* invalid format */
+            break;
+        }
+
+        switch (sup->sadb_supported_exttype) {
+        case SADB_EXT_SUPPORTED_AUTH:
+        case SADB_EXT_SUPPORTED_ENCRYPT:
+            break;
+        default:
+            __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+            return -1;
+        }
+
+        /* fixed length */
+        sup->sadb_supported_len = PFKEY_EXTLEN(sup);
+
+        /* set supported map */
+        if (setsupportedmap(sup) != 0) {
+            return -1;
+        }
+
+        p += sup->sadb_supported_len;
+    }
+
+    if (p != ep) {
+        __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+
+    return 0;
 }
 
 /*
@@ -815,17 +816,17 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_flush(so, satype)
-       int so;
-       u_int satype;
+int pfkey_send_flush(so, satype)
+int so;
+u_int satype;
 {
-       int len;
-
-       if ((len = pfkey_send_x3(so, SADB_FLUSH, satype)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    if ((len = pfkey_send_x3(so, SADB_FLUSH, satype)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -834,17 +835,17 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_dump(so, satype)
-       int so;
-       u_int satype;
+int pfkey_send_dump(so, satype)
+int so;
+u_int satype;
 {
-       int len;
-
-       if ((len = pfkey_send_x3(so, SADB_DUMP, satype)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    if ((len = pfkey_send_x3(so, SADB_DUMP, satype)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -859,176 +860,176 @@
  *     others: a pointer to new allocated buffer in which supported
  *             algorithms is.
  */
-int
-pfkey_send_promisc_toggle(so, flag)
-       int so;
-       int flag;
-{
-       int len;
-
-       if ((len = pfkey_send_x3(so, SADB_X_PROMISC, 
-           (u_int)(flag ? 1 : 0))) < 0)
-               return -1;
-
-       return len;
-}
-
-/*
- * sending SADB_X_SPDADD message to the kernel.
- * OUT:
- *     positive: success and return length sent.
- *     -1      : error occured, and set errno.
- */
-int
-pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
-{
-       int len;
-
-       if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
-                               src, prefs, dst, prefd, proto,
-                               (u_int64_t)0, (u_int64_t)0,
-                               policy, policylen, seq)) < 0)
-               return -1;
-
-       return len;
-}
-
-/*
- * sending SADB_X_SPDADD message to the kernel.
- * OUT:
- *     positive: success and return length sent.
- *     -1      : error occured, and set errno.
- */
-int
-pfkey_send_spdadd2(so, src, prefs, dst, prefd, proto, ltime, vtime,
-               policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       u_int64_t ltime, vtime;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
-{
-       int len;
-
-       if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
-                               src, prefs, dst, prefd, proto,
-                               ltime, vtime,
-                               policy, policylen, seq)) < 0)
-               return -1;
-
-       return len;
-}
-
-/*
- * sending SADB_X_SPDUPDATE message to the kernel.
- * OUT:
- *     positive: success and return length sent.
- *     -1      : error occured, and set errno.
- */
-int
-pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
-{
-       int len;
-
-       if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
-                               src, prefs, dst, prefd, proto,
-                               (u_int64_t)0, (u_int64_t)0,
-                               policy, policylen, seq)) < 0)
-               return -1;
-
-       return len;
-}
-
-/*
- * sending SADB_X_SPDUPDATE message to the kernel.
- * OUT:
- *     positive: success and return length sent.
- *     -1      : error occured, and set errno.
- */
-int
-pfkey_send_spdupdate2(so, src, prefs, dst, prefd, proto, ltime, vtime,
-               policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       u_int64_t ltime, vtime;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
-{
-       int len;
-
-       if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
-                               src, prefs, dst, prefd, proto,
-                               ltime, vtime,
-                               policy, policylen, seq)) < 0)
-               return -1;
-
-       return len;
-}
-
-/*
- * sending SADB_X_SPDDELETE message to the kernel.
- * OUT:
- *     positive: success and return length sent.
- *     -1      : error occured, and set errno.
- */
-int
-pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
-{
-       int len;
-
-       if (policylen != sizeof(struct sadb_x_policy)) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE,
-                               src, prefs, dst, prefd, proto,
-                               (u_int64_t)0, (u_int64_t)0,
-                               policy, policylen, seq)) < 0)
-               return -1;
-
-       return len;
-}
-
-/*
- * sending SADB_X_SPDDELETE message to the kernel.
- * OUT:
- *     positive: success and return length sent.
- *     -1      : error occured, and set errno.
- */
-int
-pfkey_send_spddelete2(so, spid)
-       int so;
-       u_int32_t spid;
-{
-       int len;
-
-       if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0)
-               return -1;
-
-       return len;
+int pfkey_send_promisc_toggle(so, flag)
+int so;
+int flag;
+{
+    int len;
+
+    if ((len = pfkey_send_x3(so, SADB_X_PROMISC,
+                             (u_int) (flag ? 1 : 0))) < 0) {
+        return -1;
+    }
+
+    return len;
+}
+
+/*
+ * sending SADB_X_SPDADD message to the kernel.
+ * OUT:
+ *     positive: success and return length sent.
+ *     -1      : error occured, and set errno.
+ */
+int pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, 
seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
+{
+    int len;
+
+    if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
+                             src, prefs, dst, prefd, proto,
+                             (u_int64_t) 0, (u_int64_t) 0,
+                             policy, policylen, seq)) < 0) {
+        return -1;
+    }
+
+    return len;
+}
+
+/*
+ * sending SADB_X_SPDADD message to the kernel.
+ * OUT:
+ *     positive: success and return length sent.
+ *     -1      : error occured, and set errno.
+ */
+int pfkey_send_spdadd2(so, src, prefs, dst, prefd, proto, ltime, vtime,
+                       policy, policylen, seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+u_int64_t ltime, vtime;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
+{
+    int len;
+
+    if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
+                             src, prefs, dst, prefd, proto,
+                             ltime, vtime,
+                             policy, policylen, seq)) < 0) {
+        return -1;
+    }
+
+    return len;
+}
+
+/*
+ * sending SADB_X_SPDUPDATE message to the kernel.
+ * OUT:
+ *     positive: success and return length sent.
+ *     -1      : error occured, and set errno.
+ */
+int pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, 
seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
+{
+    int len;
+
+    if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
+                             src, prefs, dst, prefd, proto,
+                             (u_int64_t) 0, (u_int64_t) 0,
+                             policy, policylen, seq)) < 0) {
+        return -1;
+    }
+
+    return len;
+}
+
+/*
+ * sending SADB_X_SPDUPDATE message to the kernel.
+ * OUT:
+ *     positive: success and return length sent.
+ *     -1      : error occured, and set errno.
+ */
+int pfkey_send_spdupdate2(so, src, prefs, dst, prefd, proto, ltime, vtime,
+                          policy, policylen, seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+u_int64_t ltime, vtime;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
+{
+    int len;
+
+    if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
+                             src, prefs, dst, prefd, proto,
+                             ltime, vtime,
+                             policy, policylen, seq)) < 0) {
+        return -1;
+    }
+
+    return len;
+}
+
+/*
+ * sending SADB_X_SPDDELETE message to the kernel.
+ * OUT:
+ *     positive: success and return length sent.
+ *     -1      : error occured, and set errno.
+ */
+int pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, 
seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
+{
+    int len;
+
+    if (policylen != sizeof(struct sadb_x_policy)) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE,
+                             src, prefs, dst, prefd, proto,
+                             (u_int64_t) 0, (u_int64_t) 0,
+                             policy, policylen, seq)) < 0) {
+        return -1;
+    }
+
+    return len;
+}
+
+/*
+ * sending SADB_X_SPDDELETE message to the kernel.
+ * OUT:
+ *     positive: success and return length sent.
+ *     -1      : error occured, and set errno.
+ */
+int pfkey_send_spddelete2(so, spid)
+int so;
+u_int32_t spid;
+{
+    int len;
+
+    if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -1037,17 +1038,17 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_spdget(so, spid)
-       int so;
-       u_int32_t spid;
+int pfkey_send_spdget(so, spid)
+int so;
+u_int32_t spid;
 {
-       int len;
-
-       if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -1056,29 +1057,29 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_spdsetidx(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
+int pfkey_send_spdsetidx(so, src, prefs, dst, prefd, proto, policy, policylen, 
seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
 {
-       int len;
-
-       if (policylen != sizeof(struct sadb_x_policy)) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX,
-                               src, prefs, dst, prefd, proto,
-                               (u_int64_t)0, (u_int64_t)0,
-                               policy, policylen, seq)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    if (policylen != sizeof(struct sadb_x_policy)) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX,
+                             src, prefs, dst, prefd, proto,
+                             (u_int64_t) 0, (u_int64_t) 0,
+                             policy, policylen, seq)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -1087,16 +1088,16 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_spdflush(so)
-       int so;
+int pfkey_send_spdflush(so)
+int so;
 {
-       int len;
-
-       if ((len = pfkey_send_x3(so, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    if ((len = pfkey_send_x3(so, SADB_X_SPDFLUSH, SADB_SATYPE_UNSPEC)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 /*
@@ -1105,16 +1106,16 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_spddump(so)
-       int so;
+int pfkey_send_spddump(so)
+int so;
 {
-       int len;
-
-       if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0)
-               return -1;
-
-       return len;
+    int len;
+
+    if ((len = pfkey_send_x3(so, SADB_X_SPDDUMP, SADB_SATYPE_UNSPEC)) < 0) {
+        return -1;
+    }
+
+    return len;
 }
 
 
@@ -1125,658 +1126,663 @@
  *     positive: success and return length sent.
  *     -1      : error occured, and set errno.
  */
-int
-pfkey_send_migrate(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int prefs, prefd, proto;
-       caddr_t policy;
-       int policylen;
-       u_int32_t seq;
+int pfkey_send_migrate(so, src, prefs, dst, prefd, proto, policy, policylen, 
seq)
+int so;
+struct sockaddr *src, *dst;
+u_int prefs, prefd, proto;
+caddr_t policy;
+int policylen;
+u_int32_t seq;
 {
-       struct sadb_msg *newmsg;
-       int len;
-       caddr_t p;
-       int plen;
-       caddr_t ep;
-
-       /* validity check */
-       if (src == NULL || dst == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-       if (src->sa_family != dst->sa_family) {
-               __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-               return -1;
-       }
-
-       switch (src->sa_family) {
-       case AF_INET:
-               plen = sizeof(struct in_addr) << 3;
-               break;
-       case AF_INET6:
-               plen = sizeof(struct in6_addr) << 3;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-               return -1;
-       }
-       if (prefs > plen || prefd > plen) {
-               __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
-               return -1;
-       }
-
-       /* create new sadb_msg to reply. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(src))
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(dst))
-               + policylen;
-
-       if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)newmsg) + len;
-
-       p = pfkey_setsadbmsg((caddr_t)newmsg, ep, SADB_X_MIGRATE, (u_int)len,
-           SADB_SATYPE_UNSPEC, seq, getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto);
-       if (!p || p + policylen != ep) {
-               free(newmsg);
-               return -1;
-       }
-       memcpy(p, policy, policylen);
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    struct sadb_msg *newmsg;
+    int len;
+    caddr_t p;
+    int plen;
+    caddr_t ep;
+
+    /* validity check */
+    if (src == NULL || dst == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+    if (src->sa_family != dst->sa_family) {
+        __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+        return -1;
+    }
+
+    switch (src->sa_family) {
+    case AF_INET:
+        plen            = sizeof(struct in_addr) << 3;
+        break;
+    case AF_INET6:
+        plen            = sizeof(struct in6_addr) << 3;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+        return -1;
+    }
+    if (prefs > plen || prefd > plen) {
+        __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
+        return -1;
+    }
+
+    /* create new sadb_msg to reply. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(src))
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(dst))
+          + policylen;
+
+    if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((caddr_t) newmsg, ep, SADB_X_MIGRATE, (u_int) len,
+                          SADB_SATYPE_UNSPEC, seq, getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto);
+    if (!p || p + policylen != ep) {
+        free(newmsg);
+        return -1;
+    }
+    memcpy(p, policy, policylen);
+
+    /* send message */
+    len = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 #endif
 
 
 /* sending SADB_ADD or SADB_UPDATE message to the kernel */
-static int
-pfkey_send_x1(sa_parms)
-       struct pfkey_send_sa_args *sa_parms;
+static int pfkey_send_x1(sa_parms)
+struct pfkey_send_sa_args *sa_parms;
 {
-       struct sadb_msg *newmsg;
-       int len;
-       caddr_t p;
-       int plen;
-       caddr_t ep;
-
-       /* validity check */
-       if (sa_parms->src == NULL || sa_parms->dst == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-       if (sa_parms->src->sa_family != sa_parms->dst->sa_family) {
-               __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-               return -1;
-       }
-       switch (sa_parms->src->sa_family) {
-       case AF_INET:
-               plen = sizeof(struct in_addr) << 3;
-               break;
-       case AF_INET6:
-               plen = sizeof(struct in6_addr) << 3;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-               return -1;
-       }
-
-       switch (sa_parms->satype) {
-       case SADB_SATYPE_ESP:
-               if (sa_parms->e_type == SADB_EALG_NONE) {
-                       __ipsec_errcode = EIPSEC_NO_ALGS;
-                       return -1;
-               }
-               break;
-       case SADB_SATYPE_AH:
-               if (sa_parms->e_type != SADB_EALG_NONE) {
-                       __ipsec_errcode = EIPSEC_INVAL_ALGS;
-                       return -1;
-               }
-               if (sa_parms->a_type == SADB_AALG_NONE) {
-                       __ipsec_errcode = EIPSEC_NO_ALGS;
-                       return -1;
-               }
-               break;
-       case SADB_X_SATYPE_IPCOMP:
-               if (sa_parms->e_type == SADB_X_CALG_NONE) {
-                       __ipsec_errcode = EIPSEC_INVAL_ALGS;
-                       return -1;
-               }
-               if (sa_parms->a_type != SADB_AALG_NONE) {
-                       __ipsec_errcode = EIPSEC_NO_ALGS;
-                       return -1;
-               }
-               break;
+    struct sadb_msg *newmsg;
+    int len;
+    caddr_t p;
+    int plen;
+    caddr_t ep;
+
+    /* validity check */
+    if (sa_parms->src == NULL || sa_parms->dst == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+    if (sa_parms->src->sa_family != sa_parms->dst->sa_family) {
+        __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+        return -1;
+    }
+    switch (sa_parms->src->sa_family) {
+    case AF_INET:
+        plen            = sizeof(struct in_addr) << 3;
+        break;
+    case AF_INET6:
+        plen            = sizeof(struct in6_addr) << 3;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+        return -1;
+    }
+
+    switch (sa_parms->satype) {
+    case SADB_SATYPE_ESP:
+        if (sa_parms->e_type == SADB_EALG_NONE) {
+            __ipsec_errcode = EIPSEC_NO_ALGS;
+            return -1;
+        }
+        break;
+    case SADB_SATYPE_AH:
+        if (sa_parms->e_type != SADB_EALG_NONE) {
+            __ipsec_errcode = EIPSEC_INVAL_ALGS;
+            return -1;
+        }
+        if (sa_parms->a_type == SADB_AALG_NONE) {
+            __ipsec_errcode = EIPSEC_NO_ALGS;
+            return -1;
+        }
+        break;
+    case SADB_X_SATYPE_IPCOMP:
+        if (sa_parms->e_type == SADB_X_CALG_NONE) {
+            __ipsec_errcode = EIPSEC_INVAL_ALGS;
+            return -1;
+        }
+        if (sa_parms->a_type != SADB_AALG_NONE) {
+            __ipsec_errcode = EIPSEC_NO_ALGS;
+            return -1;
+        }
+        break;
 #ifdef SADB_X_AALG_TCP_MD5
-       case SADB_X_SATYPE_TCPSIGNATURE:
-               if (sa_parms->e_type != SADB_EALG_NONE) {
-                       __ipsec_errcode = EIPSEC_INVAL_ALGS;
-                       return -1;
-               }
-               if (sa_parms->a_type != SADB_X_AALG_TCP_MD5) {
-                       __ipsec_errcode = EIPSEC_INVAL_ALGS;
-                       return -1;
-               }
-               break;
-#endif
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-               return -1;
-       }
-
-       /* create new sadb_msg to reply. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(struct sadb_sa)
-               + sizeof(struct sadb_x_sa2)
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(sa_parms->src))
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(sa_parms->dst))
-               + sizeof(struct sadb_lifetime)
-               + sizeof(struct sadb_lifetime);
-
-       if (sa_parms->e_type != SADB_EALG_NONE && 
-           sa_parms->satype != SADB_X_SATYPE_IPCOMP)
-               len += (sizeof(struct sadb_key) + 
-                       PFKEY_ALIGN8(sa_parms->e_keylen));
-       if (sa_parms->a_type != SADB_AALG_NONE)
-               len += (sizeof(struct sadb_key) + 
-                       PFKEY_ALIGN8(sa_parms->a_keylen));
-
-#ifdef SADB_X_EXT_SEC_CTX
-       if (sa_parms->ctxstr != NULL)
-               len += (sizeof(struct sadb_x_sec_ctx)
-                   + PFKEY_ALIGN8(sa_parms->ctxstrlen));
-#endif
-
-#ifdef SADB_X_EXT_NAT_T_TYPE
-       /* add nat-t packets */
-       if (sa_parms->l_natt_type) {
-               switch(sa_parms->satype) {
-               case SADB_SATYPE_ESP:
-               case SADB_X_SATYPE_IPCOMP:
-                       break;
-               default:
-                       __ipsec_errcode = EIPSEC_NO_ALGS;
-                       return -1;
-               }
-
-               len += sizeof(struct sadb_x_nat_t_type);
-               len += sizeof(struct sadb_x_nat_t_port);
-               len += sizeof(struct sadb_x_nat_t_port);
-               if (sa_parms->l_natt_oa)
-                       len += sizeof(struct sadb_address) +
-                         PFKEY_ALIGN8(sysdep_sa_len(sa_parms->l_natt_oa));
-#ifdef SADB_X_EXT_NAT_T_FRAG
-               if (sa_parms->l_natt_frag)
-                       len += sizeof(struct sadb_x_nat_t_frag);
-#endif
-       }
-#endif
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((void *)newmsg, ep, sa_parms->type, (u_int)len,
-                            sa_parms->satype, sa_parms->seq, getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbsa(p, ep, sa_parms->spi, sa_parms->wsize, 
-                           sa_parms->a_type, sa_parms->e_type, 
-                           sa_parms->flags);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbxsa2(p, ep, sa_parms->mode, sa_parms->reqid);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, sa_parms->src, 
-                             (u_int)plen, IPSEC_ULPROTO_ANY);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, sa_parms->dst, 
-                             (u_int)plen, IPSEC_ULPROTO_ANY);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-
-       if (sa_parms->e_type != SADB_EALG_NONE && 
-           sa_parms->satype != SADB_X_SATYPE_IPCOMP) {
-               p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT,
-                                  sa_parms->keymat, sa_parms->e_keylen);
-               if (!p) {
-                       free(newmsg);
-                       return -1;
-               }
-       }
-       if (sa_parms->a_type != SADB_AALG_NONE) {
-               p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH,
-                                    sa_parms->keymat + sa_parms->e_keylen, 
-                                    sa_parms->a_keylen);
-               if (!p) {
-                       free(newmsg);
-                       return -1;
-               }
-       }
-
-       /* set sadb_lifetime for destination */
-       p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
-                       sa_parms->l_alloc, sa_parms->l_bytes, 
-                       sa_parms->l_addtime, sa_parms->l_usetime);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT,
-                                 sa_parms->l_alloc, sa_parms->l_bytes, 
-                                 sa_parms->l_addtime, sa_parms->l_usetime);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-#ifdef SADB_X_EXT_SEC_CTX
-       if (sa_parms->ctxstr != NULL) {
-               p = pfkey_setsecctx(p, ep, SADB_X_EXT_SEC_CTX, sa_parms->ctxdoi,
-                                   sa_parms->ctxalg, sa_parms->ctxstr, 
-                                   sa_parms->ctxstrlen);
-               if (!p) {
-                       free(newmsg);
-                       return -1;
-               }
-       }
-#endif
-
-#ifdef SADB_X_EXT_NAT_T_TYPE
-       /* Add nat-t messages */
-       if (sa_parms->l_natt_type) {
-               p = pfkey_set_natt_type(p, ep, SADB_X_EXT_NAT_T_TYPE, 
-                                       sa_parms->l_natt_type);
-               if (!p) {
-                       free(newmsg);
-                       return -1;
-               }
-
-               p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_SPORT,
-                                       sa_parms->l_natt_sport);
-               if (!p) {
-                       free(newmsg);
-                       return -1;
-               }
-
-               p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_DPORT,
-                                       sa_parms->l_natt_dport);
-               if (!p) {
-                       free(newmsg);
-                       return -1;
-               }
-
-               if (sa_parms->l_natt_oa) {
-                       p = pfkey_setsadbaddr(p, ep, SADB_X_EXT_NAT_T_OA,
-                                             sa_parms->l_natt_oa,
-                                             
(u_int)PFKEY_ALIGN8(sysdep_sa_len(sa_parms->l_natt_oa)),
-                                             IPSEC_ULPROTO_ANY);
-                       if (!p) {
-                               free(newmsg);
-                               return -1;
-                       }
-               }
-
-#ifdef SADB_X_EXT_NAT_T_FRAG
-               if (sa_parms->l_natt_frag) {
-                       p = pfkey_set_natt_frag(p, ep, SADB_X_EXT_NAT_T_FRAG,
-                                       sa_parms->l_natt_frag);
-                       if (!p) {
-                               free(newmsg);
-                               return -1;
-                       }
-               }
-#endif
-       }
-#endif
-
-       if (p != ep) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* send message */
-       len = pfkey_send(sa_parms->so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    case SADB_X_SATYPE_TCPSIGNATURE:
+        if (sa_parms->e_type != SADB_EALG_NONE) {
+            __ipsec_errcode = EIPSEC_INVAL_ALGS;
+            return -1;
+        }
+        if (sa_parms->a_type != SADB_X_AALG_TCP_MD5) {
+            __ipsec_errcode = EIPSEC_INVAL_ALGS;
+            return -1;
+        }
+        break;
+#endif
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+        return -1;
+    }
+
+    /* create new sadb_msg to reply. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(struct sadb_sa)
+          + sizeof(struct sadb_x_sa2)
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(sa_parms->src))
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(sa_parms->dst))
+          + sizeof(struct sadb_lifetime)
+          + sizeof(struct sadb_lifetime);
+
+    if (sa_parms->e_type != SADB_EALG_NONE &&
+        sa_parms->satype != SADB_X_SATYPE_IPCOMP) {
+        len += (sizeof(struct sadb_key) +
+                PFKEY_ALIGN8(sa_parms->e_keylen));
+    }
+    if (sa_parms->a_type != SADB_AALG_NONE) {
+        len += (sizeof(struct sadb_key) +
+                PFKEY_ALIGN8(sa_parms->a_keylen));
+    }
+
+#ifdef SADB_X_EXT_SEC_CTX
+    if (sa_parms->ctxstr != NULL) {
+        len += (sizeof(struct sadb_x_sec_ctx)
+                + PFKEY_ALIGN8(sa_parms->ctxstrlen));
+    }
+#endif
+
+#ifdef SADB_X_EXT_NAT_T_TYPE
+    /* add nat-t packets */
+    if (sa_parms->l_natt_type) {
+        switch (sa_parms->satype) {
+        case SADB_SATYPE_ESP:
+        case SADB_X_SATYPE_IPCOMP:
+            break;
+        default:
+            __ipsec_errcode = EIPSEC_NO_ALGS;
+            return -1;
+        }
+
+        len += sizeof(struct sadb_x_nat_t_type);
+        len += sizeof(struct sadb_x_nat_t_port);
+        len += sizeof(struct sadb_x_nat_t_port);
+        if (sa_parms->l_natt_oa) {
+            len += sizeof(struct sadb_address) +
+                   PFKEY_ALIGN8(sysdep_sa_len(sa_parms->l_natt_oa));
+        }
+#ifdef SADB_X_EXT_NAT_T_FRAG
+        if (sa_parms->l_natt_frag) {
+            len += sizeof(struct sadb_x_nat_t_frag);
+        }
+#endif
+    }
+#endif
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((void *) newmsg, ep, sa_parms->type, (u_int) len,
+                          sa_parms->satype, sa_parms->seq, getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbsa(p, ep, sa_parms->spi, sa_parms->wsize,
+                        sa_parms->a_type, sa_parms->e_type,
+                        sa_parms->flags);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbxsa2(p, ep, sa_parms->mode, sa_parms->reqid);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, sa_parms->src,
+                          (u_int) plen, IPSEC_ULPROTO_ANY);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, sa_parms->dst,
+                          (u_int) plen, IPSEC_ULPROTO_ANY);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+
+    if (sa_parms->e_type != SADB_EALG_NONE &&
+        sa_parms->satype != SADB_X_SATYPE_IPCOMP) {
+        p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT,
+                             sa_parms->keymat, sa_parms->e_keylen);
+        if (!p) {
+            free(newmsg);
+            return -1;
+        }
+    }
+    if (sa_parms->a_type != SADB_AALG_NONE) {
+        p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH,
+                             sa_parms->keymat + sa_parms->e_keylen,
+                             sa_parms->a_keylen);
+        if (!p) {
+            free(newmsg);
+            return -1;
+        }
+    }
+
+    /* set sadb_lifetime for destination */
+    p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
+                              sa_parms->l_alloc, sa_parms->l_bytes,
+                              sa_parms->l_addtime, sa_parms->l_usetime);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT,
+                              sa_parms->l_alloc, sa_parms->l_bytes,
+                              sa_parms->l_addtime, sa_parms->l_usetime);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+#ifdef SADB_X_EXT_SEC_CTX
+    if (sa_parms->ctxstr != NULL) {
+        p = pfkey_setsecctx(p, ep, SADB_X_EXT_SEC_CTX, sa_parms->ctxdoi,
+                            sa_parms->ctxalg, sa_parms->ctxstr,
+                            sa_parms->ctxstrlen);
+        if (!p) {
+            free(newmsg);
+            return -1;
+        }
+    }
+#endif
+
+#ifdef SADB_X_EXT_NAT_T_TYPE
+    /* Add nat-t messages */
+    if (sa_parms->l_natt_type) {
+        p = pfkey_set_natt_type(p, ep, SADB_X_EXT_NAT_T_TYPE,
+                                sa_parms->l_natt_type);
+        if (!p) {
+            free(newmsg);
+            return -1;
+        }
+
+        p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_SPORT,
+                                sa_parms->l_natt_sport);
+        if (!p) {
+            free(newmsg);
+            return -1;
+        }
+
+        p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_DPORT,
+                                sa_parms->l_natt_dport);
+        if (!p) {
+            free(newmsg);
+            return -1;
+        }
+
+        if (sa_parms->l_natt_oa) {
+            p = pfkey_setsadbaddr(p, ep, SADB_X_EXT_NAT_T_OA,
+                                  sa_parms->l_natt_oa,
+                                  (u_int) 
PFKEY_ALIGN8(sysdep_sa_len(sa_parms->l_natt_oa)),
+                                  IPSEC_ULPROTO_ANY);
+            if (!p) {
+                free(newmsg);
+                return -1;
+            }
+        }
+
+#ifdef SADB_X_EXT_NAT_T_FRAG
+        if (sa_parms->l_natt_frag) {
+            p = pfkey_set_natt_frag(p, ep, SADB_X_EXT_NAT_T_FRAG,
+                                    sa_parms->l_natt_frag);
+            if (!p) {
+                free(newmsg);
+                return -1;
+            }
+        }
+#endif
+    }
+#endif
+
+    if (p != ep) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* send message */
+    len = pfkey_send(sa_parms->so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /* sending SADB_DELETE or SADB_GET message to the kernel */
 /*ARGSUSED*/
-static int
-pfkey_send_x2(so, type, satype, mode, src, dst, spi)
-       int so;
-       u_int type, satype, mode;
-       struct sockaddr *src, *dst;
-       u_int32_t spi;
+static int pfkey_send_x2(so, type, satype, mode, src, dst, spi)
+int so;
+u_int type, satype, mode;
+struct sockaddr *src, *dst;
+u_int32_t spi;
 {
-       struct sadb_msg *newmsg;
-       int len;
-       caddr_t p;
-       int plen;
-       caddr_t ep;
-
-       /* validity check */
-       if (src == NULL || dst == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-       if (src->sa_family != dst->sa_family) {
-               __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-               return -1;
-       }
-       switch (src->sa_family) {
-       case AF_INET:
-               plen = sizeof(struct in_addr) << 3;
-               break;
-       case AF_INET6:
-               plen = sizeof(struct in6_addr) << 3;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-               return -1;
-       }
-
-       /* create new sadb_msg to reply. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(struct sadb_sa)
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(src))
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(dst));
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((void *)newmsg, ep, type, (u_int)len, satype, 0,
-           getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbsa(p, ep, spi, 0, 0, 0, 0);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, (u_int)plen,
-           IPSEC_ULPROTO_ANY);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, (u_int)plen,
-           IPSEC_ULPROTO_ANY);
-       if (!p || p != ep) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    struct sadb_msg *newmsg;
+    int len;
+    caddr_t p;
+    int plen;
+    caddr_t ep;
+
+    /* validity check */
+    if (src == NULL || dst == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+    if (src->sa_family != dst->sa_family) {
+        __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+        return -1;
+    }
+    switch (src->sa_family) {
+    case AF_INET:
+        plen            = sizeof(struct in_addr) << 3;
+        break;
+    case AF_INET6:
+        plen            = sizeof(struct in6_addr) << 3;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+        return -1;
+    }
+
+    /* create new sadb_msg to reply. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(struct sadb_sa)
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(src))
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(dst));
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((void *) newmsg, ep, type, (u_int) len, satype, 0,
+                          getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbsa(p, ep, spi, 0, 0, 0, 0);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, (u_int) plen,
+                          IPSEC_ULPROTO_ANY);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, (u_int) plen,
+                          IPSEC_ULPROTO_ANY);
+    if (!p || p != ep) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* send message */
+    len = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /*
  * sending SADB_REGISTER, SADB_FLUSH, SADB_DUMP or SADB_X_PROMISC message
  * to the kernel
  */
-static int
-pfkey_send_x3(so, type, satype)
-       int so;
-       u_int type, satype;
+static int pfkey_send_x3(so, type, satype)
+int so;
+u_int type, satype;
 {
-       struct sadb_msg *newmsg;
-       int len;
-       caddr_t p;
-       caddr_t ep;
+    struct sadb_msg *newmsg;
+    int len;
+    caddr_t p;
+    caddr_t ep;
 
-       /* validity check */
-       switch (type) {
-       case SADB_X_PROMISC:
-               if (satype != 0 && satype != 1) {
-                       __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-                       return -1;
-               }
-               break;
-       default:
-               switch (satype) {
-               case SADB_SATYPE_UNSPEC:
-               case SADB_SATYPE_AH:
-               case SADB_SATYPE_ESP:
-               case SADB_X_SATYPE_IPCOMP:
+    /* validity check */
+    switch (type) {
+    case SADB_X_PROMISC:
+        if (satype != 0 && satype != 1) {
+            __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+            return -1;
+        }
+        break;
+    default:
+        switch (satype) {
+        case SADB_SATYPE_UNSPEC:
+        case SADB_SATYPE_AH:
+        case SADB_SATYPE_ESP:
+        case SADB_X_SATYPE_IPCOMP:
 #ifdef SADB_X_SATYPE_TCPSIGNATURE
-               case SADB_X_SATYPE_TCPSIGNATURE:
+        case SADB_X_SATYPE_TCPSIGNATURE:
 #endif
-                       break;
-               default:
-                       __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-                       return -1;
-               }
-       }
-
-       /* create new sadb_msg to send. */
-       len = sizeof(struct sadb_msg);
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((void *)newmsg, ep, type, (u_int)len, satype, 0,
-           getpid());
-       if (!p || p != ep) {
-               free(newmsg);
-               return -1;
-       }
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+            break;
+        default:
+            __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+            return -1;
+        }
+    }
+
+    /* create new sadb_msg to send. */
+    len = sizeof(struct sadb_msg);
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((void *) newmsg, ep, type, (u_int) len, satype, 0,
+                          getpid());
+    if (!p || p != ep) {
+        free(newmsg);
+        return -1;
+    }
+
+    /* send message */
+    len = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /* sending SADB_X_SPDADD message to the kernel */
-static int
-pfkey_send_x4(so, type, src, prefs, dst, prefd, proto,
-               ltime, vtime, policy, policylen, seq)
-       int so;
-       struct sockaddr *src, *dst;
-       u_int type, prefs, prefd, proto;
-       u_int64_t ltime, vtime;
-       char *policy;
-       int policylen;
-       u_int32_t seq;
+static int pfkey_send_x4(so, type, src, prefs, dst, prefd, proto,
+                         ltime, vtime, policy, policylen, seq)
+int so;
+struct sockaddr *src, *dst;
+u_int type, prefs, prefd, proto;
+u_int64_t ltime, vtime;
+char *policy;
+int policylen;
+u_int32_t seq;
 {
-       struct sadb_msg *newmsg;
-       int len;
-       caddr_t p;
-       int plen;
-       caddr_t ep;
-
-       /* validity check */
-       if (src == NULL || dst == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-       if (src->sa_family != dst->sa_family) {
-               __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-               return -1;
-       }
-
-       switch (src->sa_family) {
-       case AF_INET:
-               plen = sizeof(struct in_addr) << 3;
-               break;
-       case AF_INET6:
-               plen = sizeof(struct in6_addr) << 3;
-               break;
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-               return -1;
-       }
-       if (prefs > plen || prefd > plen) {
-               __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
-               return -1;
-       }
-
-       /* create new sadb_msg to reply. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(src))
-               + sizeof(struct sadb_address)
-               + PFKEY_ALIGN8(sysdep_sa_len(src))
-               + sizeof(struct sadb_lifetime)
-               + policylen;
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, (u_int)len,
-           SADB_SATYPE_UNSPEC, seq, getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto);
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-       p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
-                       0, 0, (u_int)ltime, (u_int)vtime);
-       if (!p || p + policylen != ep) {
-               free(newmsg);
-               return -1;
-       }
-       memcpy(p, policy, (size_t)policylen);
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    struct sadb_msg *newmsg;
+    int len;
+    caddr_t p;
+    int plen;
+    caddr_t ep;
+
+    /* validity check */
+    if (src == NULL || dst == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+    if (src->sa_family != dst->sa_family) {
+        __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+        return -1;
+    }
+
+    switch (src->sa_family) {
+    case AF_INET:
+        plen            = sizeof(struct in_addr) << 3;
+        break;
+    case AF_INET6:
+        plen            = sizeof(struct in6_addr) << 3;
+        break;
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+        return -1;
+    }
+    if (prefs > plen || prefd > plen) {
+        __ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
+        return -1;
+    }
+
+    /* create new sadb_msg to reply. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(src))
+          + sizeof(struct sadb_address)
+          + PFKEY_ALIGN8(sysdep_sa_len(src))
+          + sizeof(struct sadb_lifetime)
+          + policylen;
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((caddr_t) newmsg, ep, type, (u_int) len,
+                          SADB_SATYPE_UNSPEC, seq, getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, src, prefs, proto);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, dst, prefd, proto);
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+    p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
+                              0, 0, (u_int) ltime, (u_int) vtime);
+    if (!p || p + policylen != ep) {
+        free(newmsg);
+        return -1;
+    }
+    memcpy(p, policy, (size_t) policylen);
+
+    /* send message */
+    len = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /* sending SADB_X_SPDGET or SADB_X_SPDDELETE message to the kernel */
-static int
-pfkey_send_x5(so, type, spid)
-       int so;
-       u_int type;
-       u_int32_t spid;
+static int pfkey_send_x5(so, type, spid)
+int so;
+u_int type;
+u_int32_t spid;
 {
-       struct sadb_msg *newmsg;
-       struct sadb_x_policy xpl;
-       int len;
-       caddr_t p;
-       caddr_t ep;
-
-       /* create new sadb_msg to reply. */
-       len = sizeof(struct sadb_msg)
-               + sizeof(xpl);
-
-       if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-       ep = ((caddr_t)(void *)newmsg) + len;
-
-       p = pfkey_setsadbmsg((void *)newmsg, ep, type, (u_int)len,
-           SADB_SATYPE_UNSPEC, 0, getpid());
-       if (!p) {
-               free(newmsg);
-               return -1;
-       }
-
-       if (p + sizeof(xpl) != ep) {
-               free(newmsg);
-               return -1;
-       }
-       memset(&xpl, 0, sizeof(xpl));
-       xpl.sadb_x_policy_len = PFKEY_UNIT64(sizeof(xpl));
-       xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
-       xpl.sadb_x_policy_id = spid;
-       memcpy(p, &xpl, sizeof(xpl));
-
-       /* send message */
-       len = pfkey_send(so, newmsg, len);
-       free(newmsg);
-
-       if (len < 0)
-               return -1;
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    struct sadb_msg *newmsg;
+    struct sadb_x_policy xpl;
+    int len;
+    caddr_t p;
+    caddr_t ep;
+
+    /* create new sadb_msg to reply. */
+    len = sizeof(struct sadb_msg)
+          + sizeof(xpl);
+
+    if ((newmsg = CALLOC((size_t) len, struct sadb_msg *)) == NULL) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+    ep = ((caddr_t) (void *) newmsg) + len;
+
+    p  = pfkey_setsadbmsg((void *) newmsg, ep, type, (u_int) len,
+                          SADB_SATYPE_UNSPEC, 0, getpid());
+    if (!p) {
+        free(newmsg);
+        return -1;
+    }
+
+    if (p + sizeof(xpl) != ep) {
+        free(newmsg);
+        return -1;
+    }
+    memset(&xpl, 0, sizeof(xpl));
+    xpl.sadb_x_policy_len     = PFKEY_UNIT64(sizeof(xpl));
+    xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+    xpl.sadb_x_policy_id      = spid;
+    memcpy(p, &xpl, sizeof(xpl));
+
+    /* send message */
+    len                       = pfkey_send(so, newmsg, len);
+    free(newmsg);
+
+    if (len < 0) {
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /*
@@ -1785,31 +1791,30 @@
  *     -1: fail.
  *     others : success and return value of socket.
  */
-int
-pfkey_open()
+int pfkey_open()
 {
-       int so;
-       int bufsiz = 128 * 1024;        /*is 128K enough?*/
-
-       if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
-
-       /*
-        * This is a temporary workaround for KAME PR 154.
-        * Don't really care even if it fails.
-        */
-       (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
-       bufsiz = 256 * 1024;
-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
-       bufsiz = 512 * 1024;
-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
-       bufsiz = 1024 * 1024;
-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return so;
+    int so;
+    int bufsiz = 128 * 1024;            /*is 128K enough?*/
+
+    if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
+
+    /*
+     * This is a temporary workaround for KAME PR 154.
+     * Don't really care even if it fails.
+     */
+    (void) setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
+    (void) setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+    bufsiz          = 256 * 1024;
+    (void) setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+    bufsiz          = 512 * 1024;
+    (void) setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+    bufsiz          = 1024 * 1024;
+    (void) setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return so;
 }
 
 /*
@@ -1818,14 +1823,13 @@
  *      0: success.
  *     -1: fail.
  */
-void
-pfkey_close(so)
-       int so;
+void pfkey_close(so)
+int so;
 {
-       (void)close(so);
+    (void) close(so);
 
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return;
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return;
 }
 
 /*
@@ -1837,56 +1841,57 @@
  *
  * XXX should be rewritten to pass length explicitly
  */
-struct sadb_msg *
-pfkey_recv(so)
-       int so;
+struct sadb_msg *pfkey_recv(so)
+int so;
 {
-       struct sadb_msg buf, *newmsg;
-       int len, reallen;
-
-       while ((len = recv(so, (void *)&buf, sizeof(buf), MSG_PEEK)) < 0) {
-               if (errno == EINTR)
-                       continue;
-               __ipsec_set_strerror(strerror(errno));
-               return NULL;
-       }
-
-       if (len < sizeof(buf)) {
-               recv(so, (void *)&buf, sizeof(buf), 0);
-               __ipsec_errcode = EIPSEC_MAX;
-               return NULL;
-       }
-
-       /* read real message */
-       reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
-       if ((newmsg = CALLOC((size_t)reallen, struct sadb_msg *)) == 0) {
-               __ipsec_set_strerror(strerror(errno));
-               return NULL;
-       }
-
-       while ((len = recv(so, (void *)newmsg, (socklen_t)reallen, 0)) < 0) {
-               if (errno == EINTR)
-                       continue;
-               __ipsec_set_strerror(strerror(errno));
-               free(newmsg);
-               return NULL;
-       }
-
-       if (len != reallen) {
-               __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
-               free(newmsg);
-               return NULL;
-       }
-
-       /* don't trust what the kernel says, validate! */
-       if (PFKEY_UNUNIT64(newmsg->sadb_msg_len) != len) {
-               __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
-               free(newmsg);
-               return NULL;
-       }
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return newmsg;
+    struct sadb_msg buf, *newmsg;
+    int len, reallen;
+
+    while ((len = recv(so, (void *) &buf, sizeof(buf), MSG_PEEK)) < 0) {
+        if (errno == EINTR) {
+            continue;
+        }
+        __ipsec_set_strerror(strerror(errno));
+        return NULL;
+    }
+
+    if (len < sizeof(buf)) {
+        recv(so, (void *) &buf, sizeof(buf), 0);
+        __ipsec_errcode = EIPSEC_MAX;
+        return NULL;
+    }
+
+    /* read real message */
+    reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
+    if ((newmsg = CALLOC((size_t) reallen, struct sadb_msg *)) == 0) {
+        __ipsec_set_strerror(strerror(errno));
+        return NULL;
+    }
+
+    while ((len = recv(so, (void *) newmsg, (socklen_t) reallen, 0)) < 0) {
+        if (errno == EINTR) {
+            continue;
+        }
+        __ipsec_set_strerror(strerror(errno));
+        free(newmsg);
+        return NULL;
+    }
+
+    if (len != reallen) {
+        __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
+        free(newmsg);
+        return NULL;
+    }
+
+    /* don't trust what the kernel says, validate! */
+    if (PFKEY_UNUNIT64(newmsg->sadb_msg_len) != len) {
+        __ipsec_errcode = EIPSEC_SYSTEM_ERROR;
+        free(newmsg);
+        return NULL;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return newmsg;
 }
 
 /*
@@ -1895,19 +1900,18 @@
  *      others: success and return length sent.
  *     -1     : fail.
  */
-int
-pfkey_send(so, msg, len)
-       int so;
-       struct sadb_msg *msg;
-       int len;
+int pfkey_send(so, msg, len)
+int so;
+struct sadb_msg *msg;
+int len;
 {
-       if ((len = send(so, (void *)msg, (socklen_t)len, 0)) < 0) {
-               __ipsec_set_strerror(strerror(errno));
-               return -1;
-       }
+    if ((len = send(so, (void *) msg, (socklen_t) len, 0)) < 0) {
+        __ipsec_set_strerror(strerror(errno));
+        return -1;
+    }
 
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return len;
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return len;
 }
 
 /*
@@ -1924,104 +1928,104 @@
  *
  * XXX should be rewritten to obtain length explicitly
  */
-int
-pfkey_align(msg, mhp)
-       struct sadb_msg *msg;
-       caddr_t *mhp;
+int pfkey_align(msg, mhp)
+struct sadb_msg *msg;
+caddr_t *mhp;
 {
-       struct sadb_ext *ext;
-       int i;
-       caddr_t p;
-       caddr_t ep;     /* XXX should be passed from upper layer */
-
-       /* validity check */
-       if (msg == NULL || mhp == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       /* initialize */
-       for (i = 0; i < SADB_EXT_MAX + 1; i++)
-               mhp[i] = NULL;
-
-       mhp[0] = (void *)msg;
-
-       /* initialize */
-       p = (void *) msg;
-       ep = p + PFKEY_UNUNIT64(msg->sadb_msg_len);
-
-       /* skip base header */
-       p += sizeof(struct sadb_msg);
-
-       while (p < ep) {
-               ext = (void *)p;
-               if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) ||
-                   ep < p + PFKEY_EXTLEN(ext)) {
-                       /* invalid format */
-                       break;
-               }
-
-               /* duplicate check */
-               /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/
-               if (mhp[ext->sadb_ext_type] != NULL) {
-                       __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
-                       return -1;
-               }
-
-               /* set pointer */
-               switch (ext->sadb_ext_type) {
-               case SADB_EXT_SA:
-               case SADB_EXT_LIFETIME_CURRENT:
-               case SADB_EXT_LIFETIME_HARD:
-               case SADB_EXT_LIFETIME_SOFT:
-               case SADB_EXT_ADDRESS_SRC:
-               case SADB_EXT_ADDRESS_DST:
-               case SADB_EXT_ADDRESS_PROXY:
-               case SADB_EXT_KEY_AUTH:
-                       /* XXX should to be check weak keys. */
-               case SADB_EXT_KEY_ENCRYPT:
-                       /* XXX should to be check weak keys. */
-               case SADB_EXT_IDENTITY_SRC:
-               case SADB_EXT_IDENTITY_DST:
-               case SADB_EXT_SENSITIVITY:
-               case SADB_EXT_PROPOSAL:
-               case SADB_EXT_SUPPORTED_AUTH:
-               case SADB_EXT_SUPPORTED_ENCRYPT:
-               case SADB_EXT_SPIRANGE:
-               case SADB_X_EXT_POLICY:
-               case SADB_X_EXT_SA2:
+    struct sadb_ext *ext;
+    int i;
+    caddr_t p;
+    caddr_t ep;         /* XXX should be passed from upper layer */
+
+    /* validity check */
+    if (msg == NULL || mhp == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    /* initialize */
+    for (i = 0; i < SADB_EXT_MAX + 1; i++) {
+        mhp[i] = NULL;
+    }
+
+    mhp[0] = (void *) msg;
+
+    /* initialize */
+    p      = (void *) msg;
+    ep     = p + PFKEY_UNUNIT64(msg->sadb_msg_len);
+
+    /* skip base header */
+    p     += sizeof(struct sadb_msg);
+
+    while (p < ep) {
+        ext = (void *) p;
+        if (ep < p + sizeof(*ext) || PFKEY_EXTLEN(ext) < sizeof(*ext) ||
+            ep < p + PFKEY_EXTLEN(ext)) {
+            /* invalid format */
+            break;
+        }
+
+        /* duplicate check */
+        /* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/
+        if (mhp[ext->sadb_ext_type] != NULL) {
+            __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
+            return -1;
+        }
+
+        /* set pointer */
+        switch (ext->sadb_ext_type) {
+        case SADB_EXT_SA:
+        case SADB_EXT_LIFETIME_CURRENT:
+        case SADB_EXT_LIFETIME_HARD:
+        case SADB_EXT_LIFETIME_SOFT:
+        case SADB_EXT_ADDRESS_SRC:
+        case SADB_EXT_ADDRESS_DST:
+        case SADB_EXT_ADDRESS_PROXY:
+        case SADB_EXT_KEY_AUTH:
+        /* XXX should to be check weak keys. */
+        case SADB_EXT_KEY_ENCRYPT:
+        /* XXX should to be check weak keys. */
+        case SADB_EXT_IDENTITY_SRC:
+        case SADB_EXT_IDENTITY_DST:
+        case SADB_EXT_SENSITIVITY:
+        case SADB_EXT_PROPOSAL:
+        case SADB_EXT_SUPPORTED_AUTH:
+        case SADB_EXT_SUPPORTED_ENCRYPT:
+        case SADB_EXT_SPIRANGE:
+        case SADB_X_EXT_POLICY:
+        case SADB_X_EXT_SA2:
 #ifdef SADB_X_EXT_NAT_T_TYPE
-               case SADB_X_EXT_NAT_T_TYPE:
-               case SADB_X_EXT_NAT_T_SPORT:
-               case SADB_X_EXT_NAT_T_DPORT:
-               case SADB_X_EXT_NAT_T_OA:
+        case SADB_X_EXT_NAT_T_TYPE:
+        case SADB_X_EXT_NAT_T_SPORT:
+        case SADB_X_EXT_NAT_T_DPORT:
+        case SADB_X_EXT_NAT_T_OA:
 #endif
 #ifdef SADB_X_EXT_TAG
-                case SADB_X_EXT_TAG:
+        case SADB_X_EXT_TAG:
 #endif
 #ifdef SADB_X_EXT_PACKET
-                case SADB_X_EXT_PACKET:
+        case SADB_X_EXT_PACKET:
 #endif
 #ifdef SADB_X_EXT_SEC_CTX
-                case SADB_X_EXT_SEC_CTX:
+        case SADB_X_EXT_SEC_CTX:
 #endif
-                       mhp[ext->sadb_ext_type] = (void *)ext;
-                       break;
-               default:
-                       __ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
-                       return -1;
-               }
-
-               p += PFKEY_EXTLEN(ext);
-       }
-
-       if (p != ep) {
-               __ipsec_errcode = EIPSEC_INVAL_SADBMSG;
-               return -1;
-       }
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return 0;
+            mhp[ext->sadb_ext_type] = (void *) ext;
+            break;
+        default:
+            __ipsec_errcode         = EIPSEC_INVAL_EXTTYPE;
+            return -1;
+        }
+
+        p += PFKEY_EXTLEN(ext);
+    }
+
+    if (p != ep) {
+        __ipsec_errcode = EIPSEC_INVAL_SADBMSG;
+        return -1;
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return 0;
 }
 
 /*
@@ -2035,192 +2039,192 @@
  * OUT:        -1: invalid.
  *      0: valid.
  */
-int
-pfkey_check(mhp)
-       caddr_t *mhp;
+int pfkey_check(mhp)
+caddr_t * mhp;
 {
-       struct sadb_msg *msg;
-
-       /* validity check */
-       if (mhp == NULL || mhp[0] == NULL) {
-               __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
-               return -1;
-       }
-
-       msg = (void *)mhp[0];
-
-       /* check version */
-       if (msg->sadb_msg_version != PF_KEY_V2) {
-               __ipsec_errcode = EIPSEC_INVAL_VERSION;
-               return -1;
-       }
-
-       /* check type */
-       if (msg->sadb_msg_type > SADB_MAX) {
-               __ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
-               return -1;
-       }
-
-       /* check SA type */
-       switch (msg->sadb_msg_satype) {
-       case SADB_SATYPE_UNSPEC:
-               switch (msg->sadb_msg_type) {
-               case SADB_GETSPI:
-               case SADB_UPDATE:
-               case SADB_ADD:
-               case SADB_DELETE:
-               case SADB_GET:
-               case SADB_ACQUIRE:
-               case SADB_EXPIRE:
+    struct sadb_msg *msg;
+
+    /* validity check */
+    if (mhp == NULL || mhp[0] == NULL) {
+        __ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
+        return -1;
+    }
+
+    msg = (void *) mhp[0];
+
+    /* check version */
+    if (msg->sadb_msg_version != PF_KEY_V2) {
+        __ipsec_errcode = EIPSEC_INVAL_VERSION;
+        return -1;
+    }
+
+    /* check type */
+    if (msg->sadb_msg_type > SADB_MAX) {
+        __ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
+        return -1;
+    }
+
+    /* check SA type */
+    switch (msg->sadb_msg_satype) {
+    case SADB_SATYPE_UNSPEC:
+        switch (msg->sadb_msg_type) {
+        case SADB_GETSPI:
+        case SADB_UPDATE:
+        case SADB_ADD:
+        case SADB_DELETE:
+        case SADB_GET:
+        case SADB_ACQUIRE:
+        case SADB_EXPIRE:
 #ifdef SADB_X_NAT_T_NEW_MAPPING
-               case SADB_X_NAT_T_NEW_MAPPING:
+        case SADB_X_NAT_T_NEW_MAPPING:
 #endif
-                       __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-                       return -1;
-               }
-               break;
-       case SADB_SATYPE_ESP:
-       case SADB_SATYPE_AH:
-       case SADB_X_SATYPE_IPCOMP:
+            __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+            return -1;
+        }
+        break;
+    case SADB_SATYPE_ESP:
+    case SADB_SATYPE_AH:
+    case SADB_X_SATYPE_IPCOMP:
 #ifdef SADB_X_SATYPE_TCPSIGNATURE
-       case SADB_X_SATYPE_TCPSIGNATURE:
+    case SADB_X_SATYPE_TCPSIGNATURE:
 #endif
-               switch (msg->sadb_msg_type) {
-               case SADB_X_SPDADD:
-               case SADB_X_SPDDELETE:
-               case SADB_X_SPDGET:
-               case SADB_X_SPDDUMP:
-               case SADB_X_SPDFLUSH:
-                       __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-                       return -1;
-               }
+        switch (msg->sadb_msg_type) {
+        case SADB_X_SPDADD:
+        case SADB_X_SPDDELETE:
+        case SADB_X_SPDGET:
+        case SADB_X_SPDDUMP:
+        case SADB_X_SPDFLUSH:
+            __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+            return -1;
+        }
 #ifdef SADB_X_NAT_T_NEW_MAPPING
-               if (msg->sadb_msg_type == SADB_X_NAT_T_NEW_MAPPING &&
-                   msg->sadb_msg_satype != SADB_SATYPE_ESP) {
-                       __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-                       return -1;
-               }
+        if (msg->sadb_msg_type == SADB_X_NAT_T_NEW_MAPPING &&
+            msg->sadb_msg_satype != SADB_SATYPE_ESP) {
+            __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+            return -1;
+        }
 #endif
-               break;
-       case SADB_SATYPE_RSVP:
-       case SADB_SATYPE_OSPFV2:
-       case SADB_SATYPE_RIPV2:
-       case SADB_SATYPE_MIP:
-               __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
-               return -1;
-       case 1: /* XXX: What does it do ? */
-               if (msg->sadb_msg_type == SADB_X_PROMISC)
-                       break;
-               /*FALLTHROUGH*/
-       default:
-               __ipsec_errcode = EIPSEC_INVAL_SATYPE;
-               return -1;
-       }
-
-       /* check field of upper layer protocol and address family */
-       if (mhp[SADB_EXT_ADDRESS_SRC] != NULL
-        && mhp[SADB_EXT_ADDRESS_DST] != NULL) {
-               struct sadb_address *src0, *dst0;
-
-               src0 = (void *)(mhp[SADB_EXT_ADDRESS_SRC]);
-               dst0 = (void *)(mhp[SADB_EXT_ADDRESS_DST]);
-
-               if (src0->sadb_address_proto != dst0->sadb_address_proto) {
-                       __ipsec_errcode = EIPSEC_PROTO_MISMATCH;
-                       return -1;
-               }
-
-               if (PFKEY_ADDR_SADDR(src0)->sa_family
-                != PFKEY_ADDR_SADDR(dst0)->sa_family) {
-                       __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
-                       return -1;
-               }
-
-               switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
-               case AF_INET:
-               case AF_INET6:
-                       break;
-               default:
-                       __ipsec_errcode = EIPSEC_INVAL_FAMILY;
-                       return -1;
-               }
-
-               /*
-                * prefixlen == 0 is valid because there must be the case
-                * all addresses are matched.
-                */
-       }
-
-       __ipsec_errcode = EIPSEC_NO_ERROR;
-       return 0;
+        break;
+    case SADB_SATYPE_RSVP:
+    case SADB_SATYPE_OSPFV2:
+    case SADB_SATYPE_RIPV2:
+    case SADB_SATYPE_MIP:
+        __ipsec_errcode = EIPSEC_NOT_SUPPORTED;
+        return -1;
+    case 1:     /* XXX: What does it do ? */
+        if (msg->sadb_msg_type == SADB_X_PROMISC) {
+            break;
+        }
+    /*FALLTHROUGH*/
+    default:
+        __ipsec_errcode = EIPSEC_INVAL_SATYPE;
+        return -1;
+    }
+
+    /* check field of upper layer protocol and address family */
+    if (mhp[SADB_EXT_ADDRESS_SRC] != NULL
+        && mhp[SADB_EXT_ADDRESS_DST] != NULL) {
+        struct sadb_address *src0, *dst0;
+
+        src0 = (void *) (mhp[SADB_EXT_ADDRESS_SRC]);
+        dst0 = (void *) (mhp[SADB_EXT_ADDRESS_DST]);
+
+        if (src0->sadb_address_proto != dst0->sadb_address_proto) {
+            __ipsec_errcode = EIPSEC_PROTO_MISMATCH;
+            return -1;
+        }
+
+        if (PFKEY_ADDR_SADDR(src0)->sa_family
+            != PFKEY_ADDR_SADDR(dst0)->sa_family) {
+            __ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
+            return -1;
+        }
+
+        switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
+        case AF_INET:
+        case AF_INET6:
+            break;
+        default:
+            __ipsec_errcode = EIPSEC_INVAL_FAMILY;
+            return -1;
+        }
+
+        /*
+         * prefixlen == 0 is valid because there must be the case
+         * all addresses are matched.
+         */
+    }
+
+    __ipsec_errcode = EIPSEC_NO_ERROR;
+    return 0;
 }
 
 /*
  * set data into sadb_msg.
  * `buf' must has been allocated sufficiently.
  */
-static caddr_t
-pfkey_setsadbmsg(buf, lim, type, tlen, satype, seq, pid)
-       caddr_t buf;
-       caddr_t lim;
-       u_int type, satype;
-       u_int tlen;
-       u_int32_t seq;
-       pid_t pid;
+static caddr_t pfkey_setsadbmsg(buf, lim, type, tlen, satype, seq, pid)
+caddr_t buf;
+caddr_t lim;
+u_int type, satype;
+u_int tlen;
+u_int32_t seq;
+pid_t pid;
 {
-       struct sadb_msg *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_msg);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_msg_version = PF_KEY_V2;
-       p->sadb_msg_type = type;
-       p->sadb_msg_errno = 0;
-       p->sadb_msg_satype = satype;
-       p->sadb_msg_len = PFKEY_UNIT64(tlen);
-       p->sadb_msg_reserved = 0;
-       p->sadb_msg_seq = seq;
-       p->sadb_msg_pid = (u_int32_t)pid;
-
-       return(buf + len);
+    struct sadb_msg *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_msg);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_msg_version  = PF_KEY_V2;
+    p->sadb_msg_type     = type;
+    p->sadb_msg_errno    = 0;
+    p->sadb_msg_satype   = satype;
+    p->sadb_msg_len      = PFKEY_UNIT64(tlen);
+    p->sadb_msg_reserved = 0;
+    p->sadb_msg_seq      = seq;
+    p->sadb_msg_pid      = (u_int32_t) pid;
+
+    return buf + len;
 }
 
 /*
  * copy secasvar data into sadb_address.
  * `buf' must has been allocated sufficiently.
  */
-static caddr_t
-pfkey_setsadbsa(buf, lim, spi, wsize, auth, enc, flags)
-       caddr_t buf;
-       caddr_t lim;
-       u_int32_t spi, flags;
-       u_int wsize, auth, enc;
+static caddr_t pfkey_setsadbsa(buf, lim, spi, wsize, auth, enc, flags)
+caddr_t buf;
+caddr_t lim;
+u_int32_t spi, flags;
+u_int wsize, auth, enc;
 {
-       struct sadb_sa *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_sa);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_sa_len = PFKEY_UNIT64(len);
-       p->sadb_sa_exttype = SADB_EXT_SA;
-       p->sadb_sa_spi = spi;
-       p->sadb_sa_replay = wsize;
-       p->sadb_sa_state = SADB_SASTATE_LARVAL;
-       p->sadb_sa_auth = auth;
-       p->sadb_sa_encrypt = enc;
-       p->sadb_sa_flags = flags;
-
-       return(buf + len);
+    struct sadb_sa *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_sa);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_sa_len     = PFKEY_UNIT64(len);
+    p->sadb_sa_exttype = SADB_EXT_SA;
+    p->sadb_sa_spi     = spi;
+    p->sadb_sa_replay  = wsize;
+    p->sadb_sa_state   = SADB_SASTATE_LARVAL;
+    p->sadb_sa_auth    = auth;
+    p->sadb_sa_encrypt = enc;
+    p->sadb_sa_flags   = flags;
+
+    return buf + len;
 }
 
 /*
@@ -2228,438 +2232,434 @@
  * `buf' must has been allocated sufficiently.
  * prefixlen is in bits.
  */
-static caddr_t
-pfkey_setsadbaddr(buf, lim, exttype, saddr, prefixlen, ul_proto)
-       caddr_t buf;
-       caddr_t lim;
-       u_int exttype;
-       struct sockaddr *saddr;
-       u_int prefixlen;
-       u_int ul_proto;
+static caddr_t pfkey_setsadbaddr(buf, lim, exttype, saddr, prefixlen, ul_proto)
+caddr_t buf;
+caddr_t lim;
+u_int exttype;
+struct sockaddr *saddr;
+u_int prefixlen;
+u_int ul_proto;
 {
-       struct sadb_address *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_address) + PFKEY_ALIGN8(sysdep_sa_len(saddr));
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_address_len = PFKEY_UNIT64(len);
-       p->sadb_address_exttype = exttype & 0xffff;
-       p->sadb_address_proto = ul_proto & 0xff;
-       p->sadb_address_prefixlen = prefixlen;
-       p->sadb_address_reserved = 0;
-
-       memcpy(p + 1, saddr, (size_t)sysdep_sa_len(saddr));
-
-       return(buf + len);
+    struct sadb_address *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_address) + PFKEY_ALIGN8(sysdep_sa_len(saddr));
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_address_len       = PFKEY_UNIT64(len);
+    p->sadb_address_exttype   = exttype & 0xffff;
+    p->sadb_address_proto     = ul_proto & 0xff;
+    p->sadb_address_prefixlen = prefixlen;
+    p->sadb_address_reserved  = 0;
+
+    memcpy(p + 1, saddr, (size_t) sysdep_sa_len(saddr));
+
+    return buf + len;
 }
 
 /*
  * set sadb_key structure after clearing buffer with zero.
  * OUT: the pointer of buf + len.
  */
-static caddr_t
-pfkey_setsadbkey(buf, lim, type, key, keylen)
-       caddr_t buf;
-       caddr_t lim;
-       caddr_t key;
-       u_int type, keylen;
+static caddr_t pfkey_setsadbkey(buf, lim, type, key, keylen)
+caddr_t buf;
+caddr_t lim;
+caddr_t key;
+u_int type, keylen;
 {
-       struct sadb_key *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_key_len = PFKEY_UNIT64(len);
-       p->sadb_key_exttype = type;
-       p->sadb_key_bits = keylen << 3;
-       p->sadb_key_reserved = 0;
-
-       memcpy(p + 1, key, keylen);
-
-       return buf + len;
+    struct sadb_key *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_key) + PFKEY_ALIGN8(keylen);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_key_len      = PFKEY_UNIT64(len);
+    p->sadb_key_exttype  = type;
+    p->sadb_key_bits     = keylen << 3;
+    p->sadb_key_reserved = 0;
+
+    memcpy(p + 1, key, keylen);
+
+    return buf + len;
 }
 
 /*
  * set sadb_lifetime structure after clearing buffer with zero.
  * OUT: the pointer of buf + len.
  */
-static caddr_t
-pfkey_setsadblifetime(buf, lim, type, l_alloc, l_bytes, l_addtime, l_usetime)
-       caddr_t buf;
-       caddr_t lim;
-       u_int type;
-       u_int32_t l_alloc, l_bytes, l_addtime, l_usetime;
+static caddr_t pfkey_setsadblifetime(buf, lim, type, l_alloc, l_bytes, 
l_addtime, l_usetime)
+caddr_t buf;
+caddr_t lim;
+u_int type;
+u_int32_t l_alloc, l_bytes, l_addtime, l_usetime;
 {
-       struct sadb_lifetime *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_lifetime);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_lifetime_len = PFKEY_UNIT64(len);
-       p->sadb_lifetime_exttype = type;
-
-       switch (type) {
-       case SADB_EXT_LIFETIME_SOFT:
-               p->sadb_lifetime_allocations
-                       = (l_alloc * soft_lifetime_allocations_rate) /100;
-               p->sadb_lifetime_bytes
-                       = (l_bytes * soft_lifetime_bytes_rate) /100;
-               p->sadb_lifetime_addtime
-                       = (l_addtime * soft_lifetime_addtime_rate) /100;
-               p->sadb_lifetime_usetime
-                       = (l_usetime * soft_lifetime_usetime_rate) /100;
-               break;
-       case SADB_EXT_LIFETIME_HARD:
-               p->sadb_lifetime_allocations = l_alloc;
-               p->sadb_lifetime_bytes = l_bytes;
-               p->sadb_lifetime_addtime = l_addtime;
-               p->sadb_lifetime_usetime = l_usetime;
-               break;
-       }
-
-       return buf + len;
+    struct sadb_lifetime *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_lifetime);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_lifetime_len     = PFKEY_UNIT64(len);
+    p->sadb_lifetime_exttype = type;
+
+    switch (type) {
+    case SADB_EXT_LIFETIME_SOFT:
+        p->sadb_lifetime_allocations
+                                     = (l_alloc * 
soft_lifetime_allocations_rate) / 100;
+        p->sadb_lifetime_bytes
+                                     = (l_bytes * soft_lifetime_bytes_rate) / 
100;
+        p->sadb_lifetime_addtime
+                                     = (l_addtime * 
soft_lifetime_addtime_rate) / 100;
+        p->sadb_lifetime_usetime
+                                     = (l_usetime * 
soft_lifetime_usetime_rate) / 100;
+        break;
+    case SADB_EXT_LIFETIME_HARD:
+        p->sadb_lifetime_allocations = l_alloc;
+        p->sadb_lifetime_bytes       = l_bytes;
+        p->sadb_lifetime_addtime     = l_addtime;
+        p->sadb_lifetime_usetime     = l_usetime;
+        break;
+    }
+
+    return buf + len;
 }
 
 /*
  * copy secasvar data into sadb_address.
  * `buf' must has been allocated sufficiently.
  */
-static caddr_t
-pfkey_setsadbxsa2(buf, lim, mode0, reqid)
-       caddr_t buf;
-       caddr_t lim;
-       u_int32_t mode0;
-       u_int32_t reqid;
+static caddr_t pfkey_setsadbxsa2(buf, lim, mode0, reqid)
+caddr_t buf;
+caddr_t lim;
+u_int32_t mode0;
+u_int32_t reqid;
 {
-       struct sadb_x_sa2 *p;
-       u_int8_t mode = mode0 & 0xff;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_x_sa2);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_x_sa2_len = PFKEY_UNIT64(len);
-       p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
-       p->sadb_x_sa2_mode = mode;
-       p->sadb_x_sa2_reqid = reqid;
-
-       return(buf + len);
+    struct sadb_x_sa2 *p;
+    u_int8_t mode = mode0 & 0xff;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_x_sa2);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_x_sa2_len     = PFKEY_UNIT64(len);
+    p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
+    p->sadb_x_sa2_mode    = mode;
+    p->sadb_x_sa2_reqid   = reqid;
+
+    return buf + len;
 }
 
 #ifdef SADB_X_EXT_NAT_T_TYPE
-static caddr_t
-pfkey_set_natt_type(buf, lim, type, l_natt_type)
-       caddr_t buf;
-       caddr_t lim;
-       u_int type;
-       u_int8_t l_natt_type;
+static caddr_t pfkey_set_natt_type(buf, lim, type, l_natt_type)
+caddr_t buf;
+caddr_t lim;
+u_int type;
+u_int8_t l_natt_type;
 {
-       struct sadb_x_nat_t_type *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_x_nat_t_type);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
-       p->sadb_x_nat_t_type_exttype = type;
-       p->sadb_x_nat_t_type_type = l_natt_type;
-
-       return(buf + len);
+    struct sadb_x_nat_t_type *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_x_nat_t_type);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_x_nat_t_type_len     = PFKEY_UNIT64(len);
+    p->sadb_x_nat_t_type_exttype = type;
+    p->sadb_x_nat_t_type_type    = l_natt_type;
+
+    return buf + len;
 }
 
-static caddr_t
-pfkey_set_natt_port(buf, lim, type, l_natt_port)
-       caddr_t buf;
-       caddr_t lim;
-       u_int type;
-       u_int16_t l_natt_port;
+static caddr_t pfkey_set_natt_port(buf, lim, type, l_natt_port)
+caddr_t buf;
+caddr_t lim;
+u_int type;
+u_int16_t l_natt_port;
 {
-       struct sadb_x_nat_t_port *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_x_nat_t_port);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
-       p->sadb_x_nat_t_port_exttype = type;
-       p->sadb_x_nat_t_port_port = htons(l_natt_port);
-
-       return(buf + len);
+    struct sadb_x_nat_t_port *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_x_nat_t_port);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_x_nat_t_port_len     = PFKEY_UNIT64(len);
+    p->sadb_x_nat_t_port_exttype = type;
+    p->sadb_x_nat_t_port_port    = htons(l_natt_port);
+
+    return buf + len;
 }
 #endif
 
 #ifdef SADB_X_EXT_NAT_T_FRAG
-static caddr_t
-pfkey_set_natt_frag(buf, lim, type, l_natt_frag)
-       caddr_t buf;
-       caddr_t lim;
-       u_int type;
-       u_int16_t l_natt_frag;
+static caddr_t pfkey_set_natt_frag(buf, lim, type, l_natt_frag)
+caddr_t buf;
+caddr_t lim;
+u_int type;
+u_int16_t l_natt_frag;
 {
-       struct sadb_x_nat_t_frag *p;
-       u_int len;
-
-       p = (void *)buf;
-       len = sizeof(struct sadb_x_nat_t_frag);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len);
-       p->sadb_x_nat_t_frag_exttype = type;
-       p->sadb_x_nat_t_frag_fraglen = l_natt_frag;
-
-       return(buf + len);
+    struct sadb_x_nat_t_frag *p;
+    u_int len;
+
+    p   = (void *) buf;
+    len = sizeof(struct sadb_x_nat_t_frag);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_x_nat_t_frag_len     = PFKEY_UNIT64(len);
+    p->sadb_x_nat_t_frag_exttype = type;
+    p->sadb_x_nat_t_frag_fraglen = l_natt_frag;
+
+    return buf + len;
 }
 #endif
 
 
 #ifdef SADB_X_EXT_SEC_CTX
-static caddr_t
-pfkey_setsecctx(buf, lim, type, ctx_doi, ctx_alg, sec_ctx, sec_ctxlen)
-       caddr_t buf;
-       caddr_t lim;
-       u_int type;
-       u_int8_t ctx_doi, ctx_alg;
-       caddr_t sec_ctx;
-       u_int16_t sec_ctxlen;
+static caddr_t pfkey_setsecctx(buf, lim, type, ctx_doi, ctx_alg, sec_ctx, 
sec_ctxlen)
+caddr_t buf;
+caddr_t lim;
+u_int type;
+u_int8_t ctx_doi, ctx_alg;
+caddr_t sec_ctx;
+u_int16_t sec_ctxlen;
 {
-       struct sadb_x_sec_ctx *p;
-       u_int len;
-
-       p = (struct sadb_x_sec_ctx *)buf;
-       len = sizeof(struct sadb_x_sec_ctx) + PFKEY_ALIGN8(sec_ctxlen);
-
-       if (buf + len > lim)
-               return NULL;
-
-       memset(p, 0, len);
-       p->sadb_x_sec_len = PFKEY_UNIT64(len);
-       p->sadb_x_sec_exttype = type;
-       p->sadb_x_ctx_len = sec_ctxlen;
-       p->sadb_x_ctx_doi = ctx_doi;
-       p->sadb_x_ctx_alg = ctx_alg;
-
-       memcpy(p + 1, sec_ctx, sec_ctxlen);
-
-       return buf + len;
+    struct sadb_x_sec_ctx *p;
+    u_int len;
+
+    p   = (struct sadb_x_sec_ctx *) buf;
+    len = sizeof(struct sadb_x_sec_ctx) + PFKEY_ALIGN8(sec_ctxlen);
+
+    if (buf + len > lim) {
+        return NULL;
+    }
+
+    memset(p, 0, len);
+    p->sadb_x_sec_len     = PFKEY_UNIT64(len);
+    p->sadb_x_sec_exttype = type;
+    p->sadb_x_ctx_len     = sec_ctxlen;
+    p->sadb_x_ctx_doi     = ctx_doi;
+    p->sadb_x_ctx_alg     = ctx_alg;
+
+    memcpy(p + 1, sec_ctx, sec_ctxlen);
+
+    return buf + len;
 }
 #endif
 
-/* 
- * Deprecated, available for backward compatibility with third party 
- * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead 
+/*
+ * Deprecated, available for backward compatibility with third party
+ * libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
  */
-int
-pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize,
-               keymat, e_type, e_keylen, a_type, a_keylen, flags,
-               l_alloc, l_bytes, l_addtime, l_usetime, seq)
-       int so;
-       u_int satype, mode, wsize;
-       struct sockaddr *src, *dst;
-       u_int32_t spi, reqid;
-       caddr_t keymat;
-       u_int e_type, e_keylen, a_type, a_keylen, flags;
-       u_int32_t l_alloc;
-       u_int64_t l_bytes, l_addtime, l_usetime;
-       u_int32_t seq;
-{
-       struct pfkey_send_sa_args psaa;
-
-       memset(&psaa, 0, sizeof(psaa));
-       psaa.so = so;
-       psaa.type = SADB_UPDATE;
-       psaa.satype = satype;
-       psaa.mode = mode;
-       psaa.wsize = wsize;
-       psaa.src = src;
-       psaa.dst = dst;
-       psaa.spi = spi;
-       psaa.reqid = reqid;
-       psaa.keymat = keymat;
-       psaa.e_type = e_type;
-       psaa.e_keylen = e_keylen;
-       psaa.a_type = a_type;
-       psaa.a_keylen = a_keylen;
-       psaa.flags = flags;
-       psaa.l_alloc = l_alloc;
-       psaa.l_bytes = l_bytes;
-       psaa.l_addtime = l_addtime;
-       psaa.l_usetime = l_usetime;
-       psaa.seq = seq;
-
-       return pfkey_send_update2(&psaa);
-}
-
-int
-pfkey_send_update_nat(so, satype, mode, src, dst, spi, reqid, wsize,
-                     keymat, e_type, e_keylen, a_type, a_keylen, flags,
-                     l_alloc, l_bytes, l_addtime, l_usetime, seq,
-                     l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
-                     l_natt_frag)
-       int so;
-       u_int satype, mode, wsize;
-       struct sockaddr *src, *dst;
-       u_int32_t spi, reqid;
-       caddr_t keymat;
-       u_int e_type, e_keylen, a_type, a_keylen, flags;
-       u_int32_t l_alloc;
-       u_int64_t l_bytes, l_addtime, l_usetime;
-       u_int32_t seq;
-       u_int8_t l_natt_type;
-       u_int16_t l_natt_sport, l_natt_dport;
-       struct sockaddr *l_natt_oa;
-       u_int16_t l_natt_frag;
-{
-       struct pfkey_send_sa_args psaa;
-
-       memset(&psaa, 0, sizeof(psaa));
-       psaa.so = so;
-       psaa.type = SADB_UPDATE;
-       psaa.satype = satype;
-       psaa.mode = mode;
-       psaa.wsize = wsize;
-       psaa.src = src;
-       psaa.dst = dst;
-       psaa.spi = spi;
-       psaa.reqid = reqid;
-       psaa.keymat = keymat;
-       psaa.e_type = e_type;
-       psaa.e_keylen = e_keylen;
-       psaa.a_type = a_type;
-       psaa.a_keylen = a_keylen;
-       psaa.flags = flags;
-       psaa.l_alloc = l_alloc;
-       psaa.l_bytes = l_bytes;
-       psaa.l_addtime = l_addtime;
-       psaa.l_usetime = l_usetime;
-       psaa.seq = seq;
-       psaa.l_natt_type = l_natt_type;
-       psaa.l_natt_sport = l_natt_sport;
-       psaa.l_natt_dport = l_natt_dport;
-       psaa.l_natt_oa = l_natt_oa;
-       psaa.l_natt_frag = l_natt_frag;
-
-       return pfkey_send_update2(&psaa);
-}
-
-int
-pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize,
-               keymat, e_type, e_keylen, a_type, a_keylen, flags,
-               l_alloc, l_bytes, l_addtime, l_usetime, seq)
-       int so;
-       u_int satype, mode, wsize;
-       struct sockaddr *src, *dst;
-       u_int32_t spi, reqid;
-       caddr_t keymat;
-       u_int e_type, e_keylen, a_type, a_keylen, flags;
-       u_int32_t l_alloc;
-       u_int64_t l_bytes, l_addtime, l_usetime;
-       u_int32_t seq;
-{
-       struct pfkey_send_sa_args psaa;
-
-       memset(&psaa, 0, sizeof(psaa));
-       psaa.so = so;
-       psaa.type = SADB_ADD;
-       psaa.satype = satype;
-       psaa.mode = mode;
-       psaa.wsize = wsize;
-       psaa.src = src;
-       psaa.dst = dst;
-       psaa.spi = spi;
-       psaa.reqid = reqid;
-       psaa.keymat = keymat;
-       psaa.e_type = e_type;
-       psaa.e_keylen = e_keylen;
-       psaa.a_type = a_type;
-       psaa.a_keylen = a_keylen;
-       psaa.flags = flags;
-       psaa.l_alloc = l_alloc;
-       psaa.l_bytes = l_bytes;
-       psaa.l_addtime = l_addtime;
-       psaa.l_usetime = l_usetime;
-       psaa.seq = seq;
-
-       return pfkey_send_add2(&psaa);
-}
-
-int
-pfkey_send_add_nat(so, satype, mode, src, dst, spi, reqid, wsize,
-                     keymat, e_type, e_keylen, a_type, a_keylen, flags,
-                     l_alloc, l_bytes, l_addtime, l_usetime, seq,
-                     l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
-                     l_natt_frag)
-       int so;
-       u_int satype, mode, wsize;
-       struct sockaddr *src, *dst;
-       u_int32_t spi, reqid;
-       caddr_t keymat;
-       u_int e_type, e_keylen, a_type, a_keylen, flags;
-       u_int32_t l_alloc;
-       u_int64_t l_bytes, l_addtime, l_usetime;
-       u_int32_t seq;
-       u_int8_t l_natt_type;
-       u_int16_t l_natt_sport, l_natt_dport;
-       struct sockaddr *l_natt_oa;
-       u_int16_t l_natt_frag;
-{
-       struct pfkey_send_sa_args psaa;
-
-       memset(&psaa, 0, sizeof(psaa));
-       psaa.so = so;
-       psaa.type = SADB_ADD;
-       psaa.satype = satype;
-       psaa.mode = mode;
-       psaa.wsize = wsize;
-       psaa.src = src;
-       psaa.dst = dst;
-       psaa.spi = spi;
-       psaa.reqid = reqid;
-       psaa.keymat = keymat;
-       psaa.e_type = e_type;
-       psaa.e_keylen = e_keylen;
-       psaa.a_type = a_type;
-       psaa.a_keylen = a_keylen;
-       psaa.flags = flags;
-       psaa.l_alloc = l_alloc;
-       psaa.l_bytes = l_bytes;
-       psaa.l_addtime = l_addtime;
-       psaa.l_usetime = l_usetime;
-       psaa.seq = seq;
-       psaa.l_natt_type = l_natt_type;
-       psaa.l_natt_sport = l_natt_sport;
-       psaa.l_natt_dport = l_natt_dport;
-       psaa.l_natt_oa = l_natt_oa;
-       psaa.l_natt_frag = l_natt_frag;
-
-       return pfkey_send_add2(&psaa);
+int pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize,
+                      keymat, e_type, e_keylen, a_type, a_keylen, flags,
+                      l_alloc, l_bytes, l_addtime, l_usetime, seq)
+int so;
+u_int satype, mode, wsize;
+struct sockaddr *src, *dst;
+u_int32_t spi, reqid;
+caddr_t keymat;
+u_int e_type, e_keylen, a_type, a_keylen, flags;
+u_int32_t l_alloc;
+u_int64_t l_bytes, l_addtime, l_usetime;
+u_int32_t seq;
+{
+    struct pfkey_send_sa_args psaa;
+
+    memset(&psaa, 0, sizeof(psaa));
+    psaa.so        = so;
+    psaa.type      = SADB_UPDATE;
+    psaa.satype    = satype;
+    psaa.mode      = mode;
+    psaa.wsize     = wsize;
+    psaa.src       = src;
+    psaa.dst       = dst;
+    psaa.spi       = spi;
+    psaa.reqid     = reqid;
+    psaa.keymat    = keymat;
+    psaa.e_type    = e_type;
+    psaa.e_keylen  = e_keylen;
+    psaa.a_type    = a_type;
+    psaa.a_keylen  = a_keylen;
+    psaa.flags     = flags;
+    psaa.l_alloc   = l_alloc;
+    psaa.l_bytes   = l_bytes;
+    psaa.l_addtime = l_addtime;
+    psaa.l_usetime = l_usetime;
+    psaa.seq       = seq;
+
+    return pfkey_send_update2(&psaa);
+}
+
+int pfkey_send_update_nat(so, satype, mode, src, dst, spi, reqid, wsize,
+                          keymat, e_type, e_keylen, a_type, a_keylen, flags,
+                          l_alloc, l_bytes, l_addtime, l_usetime, seq,
+                          l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
+                          l_natt_frag)
+int so;
+u_int satype, mode, wsize;
+struct sockaddr *src, *dst;
+u_int32_t spi, reqid;
+caddr_t keymat;
+u_int e_type, e_keylen, a_type, a_keylen, flags;
+u_int32_t l_alloc;
+u_int64_t l_bytes, l_addtime, l_usetime;
+u_int32_t seq;
+u_int8_t l_natt_type;
+u_int16_t l_natt_sport, l_natt_dport;
+struct sockaddr *l_natt_oa;
+u_int16_t l_natt_frag;
+{
+    struct pfkey_send_sa_args psaa;
+
+    memset(&psaa, 0, sizeof(psaa));
+    psaa.so           = so;
+    psaa.type         = SADB_UPDATE;
+    psaa.satype       = satype;
+    psaa.mode         = mode;
+    psaa.wsize        = wsize;
+    psaa.src          = src;
+    psaa.dst          = dst;
+    psaa.spi          = spi;
+    psaa.reqid        = reqid;
+    psaa.keymat       = keymat;
+    psaa.e_type       = e_type;
+    psaa.e_keylen     = e_keylen;
+    psaa.a_type       = a_type;
+    psaa.a_keylen     = a_keylen;
+    psaa.flags        = flags;
+    psaa.l_alloc      = l_alloc;
+    psaa.l_bytes      = l_bytes;
+    psaa.l_addtime    = l_addtime;
+    psaa.l_usetime    = l_usetime;
+    psaa.seq          = seq;
+    psaa.l_natt_type  = l_natt_type;
+    psaa.l_natt_sport = l_natt_sport;
+    psaa.l_natt_dport = l_natt_dport;
+    psaa.l_natt_oa    = l_natt_oa;
+    psaa.l_natt_frag  = l_natt_frag;
+
+    return pfkey_send_update2(&psaa);
+}
+
+int pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize,
+                   keymat, e_type, e_keylen, a_type, a_keylen, flags,
+                   l_alloc, l_bytes, l_addtime, l_usetime, seq)
+int so;
+u_int satype, mode, wsize;
+struct sockaddr *src, *dst;
+u_int32_t spi, reqid;
+caddr_t keymat;
+u_int e_type, e_keylen, a_type, a_keylen, flags;
+u_int32_t l_alloc;
+u_int64_t l_bytes, l_addtime, l_usetime;
+u_int32_t seq;
+{
+    struct pfkey_send_sa_args psaa;
+
+    memset(&psaa, 0, sizeof(psaa));
+    psaa.so        = so;
+    psaa.type      = SADB_ADD;
+    psaa.satype    = satype;
+    psaa.mode      = mode;
+    psaa.wsize     = wsize;
+    psaa.src       = src;
+    psaa.dst       = dst;
+    psaa.spi       = spi;
+    psaa.reqid     = reqid;
+    psaa.keymat    = keymat;
+    psaa.e_type    = e_type;
+    psaa.e_keylen  = e_keylen;
+    psaa.a_type    = a_type;
+    psaa.a_keylen  = a_keylen;
+    psaa.flags     = flags;
+    psaa.l_alloc   = l_alloc;
+    psaa.l_bytes   = l_bytes;
+    psaa.l_addtime = l_addtime;
+    psaa.l_usetime = l_usetime;
+    psaa.seq       = seq;
+
+    return pfkey_send_add2(&psaa);
+}
+
+int pfkey_send_add_nat(so, satype, mode, src, dst, spi, reqid, wsize,
+                       keymat, e_type, e_keylen, a_type, a_keylen, flags,
+                       l_alloc, l_bytes, l_addtime, l_usetime, seq,
+                       l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
+                       l_natt_frag)
+int so;
+u_int satype, mode, wsize;
+struct sockaddr *src, *dst;
+u_int32_t spi, reqid;
+caddr_t keymat;
+u_int e_type, e_keylen, a_type, a_keylen, flags;
+u_int32_t l_alloc;
+u_int64_t l_bytes, l_addtime, l_usetime;
+u_int32_t seq;
+u_int8_t l_natt_type;
+u_int16_t l_natt_sport, l_natt_dport;
+struct sockaddr *l_natt_oa;
+u_int16_t l_natt_frag;
+{
+    struct pfkey_send_sa_args psaa;
+
+    memset(&psaa, 0, sizeof(psaa));
+    psaa.so           = so;
+    psaa.type         = SADB_ADD;
+    psaa.satype       = satype;
+    psaa.mode         = mode;
+    psaa.wsize        = wsize;
+    psaa.src          = src;
+    psaa.dst          = dst;
+    psaa.spi          = spi;
+    psaa.reqid        = reqid;
+    psaa.keymat       = keymat;
+    psaa.e_type       = e_type;
+    psaa.e_keylen     = e_keylen;
+    psaa.a_type       = a_type;
+    psaa.a_keylen     = a_keylen;
+    psaa.flags        = flags;
+    psaa.l_alloc      = l_alloc;
+    psaa.l_bytes      = l_bytes;
+    psaa.l_addtime    = l_addtime;
+    psaa.l_usetime    = l_usetime;
+    psaa.seq          = seq;
+    psaa.l_natt_type  = l_natt_type;
+    psaa.l_natt_sport = l_natt_sport;
+    psaa.l_natt_dport = l_natt_dport;
+    psaa.l_natt_oa    = l_natt_oa;
+    psaa.l_natt_frag  = l_natt_frag;
+
+    return pfkey_send_add2(&psaa);
 }

=== modified file 'lib/ipsec/policy_parse.h'
--- lib/ipsec/policy_parse.h    2010-01-19 11:34:01 +0000
+++ lib/ipsec/policy_parse.h    2010-02-11 00:21:24 +0000
@@ -15,11 +15,11 @@
 #define SLASH 271
 #define HYPHEN 272
 typedef union {
-       u_int num;
-       u_int32_t num32;
-       struct _val {
-               int len;
-               char *buf;
-       } val;
+    u_int     num;
+    u_int32_t num32;
+    struct _val {
+        int   len;
+        char *buf;
+    } val;
 } YYSTYPE;
 extern YYSTYPE __libipseclval;

Other related posts:

  • » [hipl-commit] [trunk] Rev 3596: Reformatted lib/ipsec. - Tim Just