 @@ -1,1494 +1,1494 @@
-/*	$NetBSD: isakmp_inf.c,v 1.48 2012/08/29 12:01:30 tteras Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.49 2013/01/24 06:47:50 tteras Exp $	*/
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the project nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #include "config.h"
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <net/pfkeyv2.h>
 #include <netinet/in.h>
 #include <sys/queue.h>
 #include PATH_IPSEC_H
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
 #if TIME_WITH_SYS_TIME
 # include <sys/time.h>
 # include <time.h>
 #else
 # if HAVE_SYS_TIME_H
 #  include <sys/time.h>
 # else
 #  include <time.h>
 # endif
 #endif
 #ifdef ENABLE_HYBRID
 #include <resolv.h>
 #endif
 #include "libpfkey.h"
 #include "var.h"
 #include "vmbuf.h"
 #include "schedule.h"
 #include "str2val.h"
 #include "misc.h"
 #include "plog.h"
 #include "debug.h"
 #include "localconf.h"
 #include "remoteconf.h"
 #include "sockmisc.h"
 #include "handler.h"
 #include "policy.h"
 #include "proposal.h"
 #include "isakmp_var.h"
 #include "evt.h"
 #include "isakmp.h"
 #ifdef ENABLE_HYBRID
 #include "isakmp_xauth.h"
 #include "isakmp_unity.h"
 #include "isakmp_cfg.h"
 #endif
 #include "isakmp_inf.h"
 #include "oakley.h"
 #include "ipsec_doi.h"
 #include "crypto_openssl.h"
 #include "pfkey.h"
 #include "policy.h"
 #include "algorithm.h"
 #include "proposal.h"
 #include "admin.h"
 #include "strnames.h"
 #ifdef ENABLE_NATT
 #include "nattraversal.h"
 #endif
 /* information exchange */
 static int isakmp_info_recv_n (struct ph1handle *, struct isakmp_pl_n *, u_int32_t, int);
 static int isakmp_info_recv_d (struct ph1handle *, struct isakmp_pl_d *, u_int32_t, int);
 #ifdef ENABLE_DPD
 static int isakmp_info_recv_r_u __P((struct ph1handle *,
 	struct isakmp_pl_ru *, u_int32_t));
 static int isakmp_info_recv_r_u_ack __P((struct ph1handle *,
 	struct isakmp_pl_ru *, u_int32_t));
 static void isakmp_info_send_r_u __P((struct sched *));
 #endif
 static void purge_isakmp_spi __P((int, isakmp_index *, size_t));
 /* %%%
  * Information Exchange
  */
 /*
  * receive Information
  */
 int
 isakmp_info_recv(iph1, msg0)
 	struct ph1handle *iph1;
 	vchar_t *msg0;
+{
 	vchar_t *msg = NULL;
 	vchar_t *pbuf = NULL;
 	u_int32_t msgid = 0;
 	int error = -1;
 	struct isakmp *isakmp;
 	struct isakmp_gen *gen;
 	struct isakmp_parse_t *pa, *pap;
 	void *p;
 	vchar_t *hash, *payload;
 	struct isakmp_gen *nd;
 	u_int8_t np;
 	int encrypted;
 	plog(LLV_DEBUG, LOCATION, NULL, "receive Information.\n");
 	encrypted = ISSET(((struct isakmp *)msg0->v)->flags, ISAKMP_FLAG_E);
 	msgid = ((struct isakmp *)msg0->v)->msgid;
 	/* Use new IV to decrypt Informational message. */
 	if (encrypted) {
 		struct isakmp_ivm *ivm;
 		if (iph1->ivm == NULL) {
 			plog(LLV_ERROR, LOCATION, NULL, "iph1->ivm == NULL\n");
 			return -1;
+		}
 		/* compute IV */
 		ivm = oakley_newiv2(iph1, ((struct isakmp *)msg0->v)->msgid);
 		if (ivm == NULL)
 			return -1;
 		msg = oakley_do_decrypt(iph1, msg0, ivm->iv, ivm->ive);
 		oakley_delivm(ivm);
 		if (msg == NULL)
 			return -1;
 	} else
 		msg = vdup(msg0);
 	/* Safety check */
 	if (msg->l < sizeof(*isakmp) + sizeof(*gen)) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"ignore information because the "
 			"message is way too short - %zu byte(s).\n",
 			msg->l);
 		goto end;
+	}
 	isakmp = (struct isakmp *)msg->v;
 	gen = (struct isakmp_gen *)((caddr_t)isakmp + sizeof(struct isakmp));
 	np = gen->np;
 	if (encrypted) {
 		if (isakmp->np != ISAKMP_NPTYPE_HASH) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "ignore information because the "
 			    "message has no hash payload.\n");
 			goto end;
+		}
 		if (iph1->status != PHASE1ST_ESTABLISHED &&
 		    iph1->status != PHASE1ST_DYING) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "ignore information because ISAKMP-SA "
 			    "has not been established yet.\n");
 			goto end;
+		}
 		/* Safety check */
 		if (msg->l < sizeof(*isakmp) + ntohs(gen->len) + sizeof(*nd)) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"ignore information because the "
 				"message is too short - %zu byte(s).\n",
 				msg->l);
 			goto end;
+		}
 		p = (caddr_t) gen + sizeof(struct isakmp_gen);
 		nd = (struct isakmp_gen *) ((caddr_t) gen + ntohs(gen->len));
 		/* nd length check */
 		if (ntohs(nd->len) > msg->l - (sizeof(struct isakmp) +
 		    ntohs(gen->len))) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				 "too long payload length (broken message?)\n");
 			goto end;
+		}
 		if (ntohs(nd->len) < sizeof(*nd)) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"too short payload length (broken message?)\n");
 			goto end;
+		}
 		payload = vmalloc(ntohs(nd->len));
 		if (payload == NULL) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "cannot allocate memory\n");
 			goto end;
+		}
 		memcpy(payload->v, (caddr_t) nd, ntohs(nd->len));
 		/* compute HASH */
 		hash = oakley_compute_hash1(iph1, isakmp->msgid, payload);
 		if (hash == NULL) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "cannot compute hash\n");
 			vfree(payload);
 			goto end;
+		}
 		if (ntohs(gen->len) - sizeof(struct isakmp_gen) != hash->l) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "ignore information due to hash length mismatch\n");
 			vfree(hash);
 			vfree(payload);
 			goto end;
+		}
 		if (memcmp(p, hash->v, hash->l) != 0) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "ignore information due to hash mismatch\n");
 			vfree(hash);
 			vfree(payload);
 			goto end;
+		}
 		plog(LLV_DEBUG, LOCATION, NULL, "hash validated.\n");
 		vfree(hash);
 		vfree(payload);
 	} else {
 		/* make sure the packet was encrypted after the beginning of phase 1. */
 		switch (iph1->etype) {
 		case ISAKMP_ETYPE_AGG:
 		case ISAKMP_ETYPE_BASE:
 		case ISAKMP_ETYPE_IDENT:
 			if ((iph1->side == INITIATOR && iph1->status < PHASE1ST_MSG3SENT)
 			 || (iph1->side == RESPONDER && iph1->status < PHASE1ST_MSG2SENT)) {
 				break;
+			}
 			/*FALLTHRU*/
 		default:
 			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"%s message must be encrypted\n",
 				s_isakmp_nptype(np));
 			error = 0;
 			goto end;
+		}
+	}
 	if (!(pbuf = isakmp_parse(msg))) {
 		error = -1;
 		goto end;
+	}
 	error = 0;
 	for (pa = (struct isakmp_parse_t *)pbuf->v; pa->type; pa++) {
 		switch (pa->type) {
 		case ISAKMP_NPTYPE_HASH:
 			/* Handled above */
 			break;
 		case ISAKMP_NPTYPE_N:
 			error = isakmp_info_recv_n(iph1,
 				(struct isakmp_pl_n *)pa->ptr,
 				msgid, encrypted);
 			break;
 		case ISAKMP_NPTYPE_D:
 			error = isakmp_info_recv_d(iph1,
 				(struct isakmp_pl_d *)pa->ptr,
 				msgid, encrypted);
 			break;
 		case ISAKMP_NPTYPE_NONCE:
 			/* XXX to be 6.4.2 ike-01.txt */
 			/* XXX IV is to be synchronized. */
 			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"ignore Acknowledged Informational\n");
 			break;
 		default:
 			/* don't send information, see isakmp_ident_r1() */
 			error = 0;
 			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"reject the packet, "
 				"received unexpected payload type %s.\n",
 				s_isakmp_nptype(gen->np));
+		}
 		if (error < 0)
 			break;
+	}
     end:
 	if (msg != NULL)
 		vfree(msg);
 	if (pbuf != NULL)
 		vfree(pbuf);
 	return error;
+}
 /*
  * log unhandled / unallowed Notification payload
  */
 int
 isakmp_log_notify(iph1, notify, exchange)
 	struct ph1handle *iph1;
 	struct isakmp_pl_n *notify;
 	const char *exchange;
+{
 	u_int type;
 	char *nraw, *ndata, *nhex;
 	size_t l;
 	type = ntohs(notify->type);
 	if (ntohs(notify->h.len) < sizeof(*notify) + notify->spi_size) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
 			"invalid spi_size in %s notification in %s.\n",
 			s_isakmp_notify_msg(type), exchange);
 		return -1;
+	}
 	plog(LLV_ERROR, LOCATION, iph1->remote,
 		"notification %s received in %s.\n",
 		s_isakmp_notify_msg(type), exchange);
 	nraw = ((char*) notify) + sizeof(*notify) + notify->spi_size;
 	l = ntohs(notify->h.len) - sizeof(*notify) - notify->spi_size;
 	if (l > 0) {
 		if (type >= ISAKMP_NTYPE_MINERROR &&
 		    type <= ISAKMP_NTYPE_MAXERROR) {
 			ndata = binsanitize(nraw, l);
 			if (ndata != NULL) {
 				plog(LLV_ERROR, LOCATION, iph1->remote,
 					"error message: '%s'.\n",
 					ndata);
 				racoon_free(ndata);
 			} else {
 				plog(LLV_ERROR, LOCATION, iph1->remote,
 					"Cannot allocate memory\n");
+			}
 		} else {
 			nhex = val2str(nraw, l);
 			if (nhex != NULL) {
 				plog(LLV_ERROR, LOCATION, iph1->remote,
 					"notification payload: %s.\n",
 					nhex);
 				racoon_free(nhex);
 			} else {
 				plog(LLV_ERROR, LOCATION, iph1->remote,
 					"Cannot allocate memory\n");
+			}
+		}
+	}
 	return 0;
+}
 /*
  * handling of Notification payload
  */
 static int
 isakmp_info_recv_n(iph1, notify, msgid, encrypted)
 	struct ph1handle *iph1;
 	struct isakmp_pl_n *notify;
 	u_int32_t msgid;
 	int encrypted;
+{
 	u_int type;
 	type = ntohs(notify->type);
 	switch (type) {
 	case ISAKMP_NTYPE_CONNECTED:
 	case ISAKMP_NTYPE_RESPONDER_LIFETIME:
 	case ISAKMP_NTYPE_REPLAY_STATUS:
 #ifdef ENABLE_HYBRID
 	case ISAKMP_NTYPE_UNITY_HEARTBEAT:
 #endif
 		/* do something */
 		break;
 	case ISAKMP_NTYPE_INITIAL_CONTACT:
 		if (encrypted)
 			return isakmp_info_recv_initialcontact(iph1, NULL);
 		break;
 #ifdef ENABLE_DPD
 	case ISAKMP_NTYPE_R_U_THERE:
 		if (encrypted)
 			return isakmp_info_recv_r_u(iph1,
 				(struct isakmp_pl_ru *)notify, msgid);
 		break;
 	case ISAKMP_NTYPE_R_U_THERE_ACK:
 		if (encrypted)
 			return isakmp_info_recv_r_u_ack(iph1,
 				(struct isakmp_pl_ru *)notify, msgid);
 		break;
 #endif
+	}
 	/* If we receive a error notification we should delete the related
 	 * phase1 / phase2 handle, and send an event to racoonctl.
 	 * However, since phase1 error notifications are not encrypted and
 	 * can not be authenticated, it would allow a DoS attack possibility
 	 * to handle them.
 	 * Phase2 error notifications should be encrypted, so we could handle
 	 * those, but it needs implementing (the old code didn't implement
 	 * that either).
 	 * So we are good to just log the messages here.
 	 */
 	if (encrypted)
 		isakmp_log_notify(iph1, notify, "informational exchange");
 	else
 		isakmp_log_notify(iph1, notify, "unencrypted informational exchange");
 	return 0;
+}
 /*
  * handling of Deletion payload
  */
 static int
 isakmp_info_recv_d(iph1, delete, msgid, encrypted)
 	struct ph1handle *iph1;
 	struct isakmp_pl_d *delete;
 	u_int32_t msgid;
 	int encrypted;
+{
 	int tlen, num_spi;
 	vchar_t *pbuf;
 	int protected = 0;
 	struct ph1handle *del_ph1;
 	struct ph2handle *iph2;
 	union {
 		u_int32_t spi32;
 		u_int16_t spi16[2];
 	} spi;
 	if (ntohl(delete->doi) != IPSEC_DOI) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
 			"delete payload with invalid doi:%d.\n",
 			ntohl(delete->doi));
 #ifdef ENABLE_HYBRID
 		/*
 		 * At deconnexion time, Cisco VPN client does this
 		 * with a zero DOI. Don't give up in that situation.
 		 */
 		if (((iph1->mode_cfg->flags &
 		    ISAKMP_CFG_VENDORID_UNITY) == 0) || (delete->doi != 0))
 			return 0;
 #else
 		return 0;
 #endif
+	}
 	num_spi = ntohs(delete->num_spi);
 	tlen = ntohs(delete->h.len) - sizeof(struct isakmp_pl_d);
 	if (tlen != num_spi * delete->spi_size) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
 			"deletion payload with invalid length.\n");
 		return 0;
+	}
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		"delete payload for protocol %s\n",
 		s_ipsecdoi_proto(delete->proto_id));
-	if(!iph1->rmconf->weak_phase1_check && !encrypted) {
+	if((iph1 == NULL || !iph1->rmconf->weak_phase1_check) && !encrypted) {
 		plog(LLV_WARNING, LOCATION, iph1->remote,
 			"Ignoring unencrypted delete payload "
 			"(check the weak_phase1_check option)\n");
 		return 0;
+	}
 	switch (delete->proto_id) {
 	case IPSECDOI_PROTO_ISAKMP:
 		if (delete->spi_size != sizeof(isakmp_index)) {
 			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"delete payload with strange spi "
 				"size %d(proto_id:%d)\n",
 				delete->spi_size, delete->proto_id);
 			return 0;
+		}
 		del_ph1=getph1byindex((isakmp_index *)(delete + 1));
 		if(del_ph1 != NULL){
 			evt_phase1(iph1, EVT_PHASE1_PEER_DELETED, NULL);
 			sched_cancel(&del_ph1->scr);
 			/*
 			 * Delete also IPsec-SAs if rekeying is enabled.
 			 */
 			if (ph1_rekey_enabled(del_ph1))
 				purge_remote(del_ph1);
 			else
 				isakmp_ph1expire(del_ph1);
+		}
 		break;
 	case IPSECDOI_PROTO_IPSEC_AH:
 	case IPSECDOI_PROTO_IPSEC_ESP:
 		if (delete->spi_size != sizeof(u_int32_t)) {
 			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"delete payload with strange spi "
 				"size %d(proto_id:%d)\n",
 				delete->spi_size, delete->proto_id);
 			return 0;
+		}
 		purge_ipsec_spi(iph1->remote, delete->proto_id,
 		    (u_int32_t *)(delete + 1), num_spi);
 		break;
 	case IPSECDOI_PROTO_IPCOMP:
 		/* need to handle both 16bit/32bit SPI */
 		memset(&spi, 0, sizeof(spi));
 		if (delete->spi_size == sizeof(spi.spi16[1])) {
 			memcpy(&spi.spi16[1], delete + 1,
 			    sizeof(spi.spi16[1]));
 		} else if (delete->spi_size == sizeof(spi.spi32))
 			memcpy(&spi.spi32, delete + 1, sizeof(spi.spi32));
 		else {
 			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"delete payload with strange spi "
 				"size %d(proto_id:%d)\n",
 				delete->spi_size, delete->proto_id);
 			return 0;
+		}
 		purge_ipsec_spi(iph1->remote, delete->proto_id,
 		    &spi.spi32, num_spi);
 		break;
 	default:
 		plog(LLV_ERROR, LOCATION, iph1->remote,
 			"deletion message received, "
 			"invalid proto_id: %d\n",
 			delete->proto_id);
 		return 0;
+	}
 	plog(LLV_DEBUG, LOCATION, NULL, "purged SAs.\n");
 	return 0;
+}
 /*
  * send Delete payload (for ISAKMP SA) in Informational exchange.
  */
 int
 isakmp_info_send_d1(iph1)
 	struct ph1handle *iph1;
+{
 	struct isakmp_pl_d *d;
 	vchar_t *payload = NULL;
 	int tlen;
 	int error = 0;
 	if (iph1->status != PHASE2ST_ESTABLISHED)
 		return 0;
 	/* create delete payload */
 	/* send SPIs of inbound SAs. */
 	/* XXX should send outbound SAs's ? */
 	tlen = sizeof(*d) + sizeof(isakmp_index);
 	payload = vmalloc(tlen);
 	if (payload == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get buffer for payload.\n");
 		return errno;
+	}
 	d = (struct isakmp_pl_d *)payload->v;
 	d->h.np = ISAKMP_NPTYPE_NONE;
 	d->h.len = htons(tlen);
 	d->doi = htonl(IPSEC_DOI);
 	d->proto_id = IPSECDOI_PROTO_ISAKMP;
 	d->spi_size = sizeof(isakmp_index);
 	d->num_spi = htons(1);
 	memcpy(d + 1, &iph1->index, sizeof(isakmp_index));
 	error = isakmp_info_send_common(iph1, payload,
 					ISAKMP_NPTYPE_D, 0);
 	vfree(payload);
 	return error;
+}
 /*
  * send Delete payload (for IPsec SA) in Informational exchange, based on
  * pfkey msg.  It sends always single SPI.
  */
 int
 isakmp_info_send_d2(iph2)
 	struct ph2handle *iph2;
+{
 	struct ph1handle *iph1;
 	struct saproto *pr;
 	struct isakmp_pl_d *d;
 	vchar_t *payload = NULL;
 	int tlen;
 	int error = 0;
 	u_int8_t *spi;
 	if (iph2->status != PHASE2ST_ESTABLISHED)
 		return 0;
 	/*
 	 * don't send delete information if there is no phase 1 handler.
 	 * It's nonsensical to negotiate phase 1 to send the information.
 	 */
 	iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
 	if (iph1 == NULL){
 		plog(LLV_DEBUG2, LOCATION, NULL,
 			 "No ph1 handler found, could not send DELETE_SA\n");
 		return 0;
+	}
 	/* create delete payload */
 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
 		/* send SPIs of inbound SAs. */
 		/*
 		 * XXX should I send outbound SAs's ?
 		 * I send inbound SAs's SPI only at the moment because I can't
 		 * decode any more if peer send encoded packet without aware of
 		 * deletion of SA.  Outbound SAs don't come under the situation.
 		 */
 		tlen = sizeof(*d) + pr->spisize;
 		payload = vmalloc(tlen);
 		if (payload == NULL) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"failed to get buffer for payload.\n");
 			return errno;
+		}
 		d = (struct isakmp_pl_d *)payload->v;
 		d->h.np = ISAKMP_NPTYPE_NONE;
 		d->h.len = htons(tlen);
 		d->doi = htonl(IPSEC_DOI);
 		d->proto_id = pr->proto_id;
 		d->spi_size = pr->spisize;
 		d->num_spi = htons(1);
 		/*
 		 * XXX SPI bits are left-filled, for use with IPComp.
 		 * we should be switching to variable-length spi field...
 		 */
 		spi = (u_int8_t *)&pr->spi;
 		spi += sizeof(pr->spi);
 		spi -= pr->spisize;
 		memcpy(d + 1, spi, pr->spisize);
 		error = isakmp_info_send_common(iph1, payload,
 						ISAKMP_NPTYPE_D, 0);
 		vfree(payload);
+	}
 	return error;
+}
 /*
  * send Notification payload (for without ISAKMP SA) in Informational exchange
  */
 int
 isakmp_info_send_nx(isakmp, remote, local, type, data)
 	struct isakmp *isakmp;
 	struct sockaddr *remote, *local;
 	int type;
 	vchar_t *data;
+{
 	struct ph1handle *iph1 = NULL;
 	vchar_t *payload = NULL;
 	int tlen;
 	int error = -1;
 	struct isakmp_pl_n *n;
 	int spisiz = 0;		/* see below */
 	/* add new entry to isakmp status table. */
 	iph1 = newph1();
 	if (iph1 == NULL)
 		return -1;
 	memcpy(&iph1->index.i_ck, &isakmp->i_ck, sizeof(cookie_t));
 	isakmp_newcookie((char *)&iph1->index.r_ck, remote, local);
 	iph1->status = PHASE1ST_START;
 	iph1->side = INITIATOR;
 	iph1->version = isakmp->v;
 	iph1->flags = 0;
 	iph1->msgid = 0;	/* XXX */
 #ifdef ENABLE_HYBRID
 	if ((iph1->mode_cfg = isakmp_cfg_mkstate()) == NULL)
 		goto end;
 #endif
 #ifdef ENABLE_FRAG
 	iph1->frag = 0;
 	iph1->frag_chain = NULL;
 #endif
 	/* copy remote address */
 	if (copy_ph1addresses(iph1, NULL, remote, local) < 0)
 		goto end;
 	tlen = sizeof(*n) + spisiz;
 	if (data)
 		tlen += data->l;
 	payload = vmalloc(tlen);
 	if (payload == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get buffer to send.\n");
 		goto end;
+	}
 	n = (struct isakmp_pl_n *)payload->v;
 	n->h.np = ISAKMP_NPTYPE_NONE;
 	n->h.len = htons(tlen);
 	n->doi = htonl(IPSEC_DOI);
 	n->proto_id = IPSECDOI_KEY_IKE;
 	n->spi_size = spisiz;
 	n->type = htons(type);
 	if (spisiz)
 		memset(n + 1, 0, spisiz);	/* XXX spisiz is always 0 */
 	if (data)
 		memcpy((caddr_t)(n + 1) + spisiz, data->v, data->l);
 	error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
 	vfree(payload);
     end:
 	if (iph1 != NULL)
 		delph1(iph1);
 	return error;
+}
 /*
  * send Notification payload (for ISAKMP SA) in Informational exchange
  */
 int
 isakmp_info_send_n1(iph1, type, data)
 	struct ph1handle *iph1;
 	int type;
 	vchar_t *data;
+{
 	vchar_t *payload = NULL;
 	int tlen;
 	int error = 0;
 	struct isakmp_pl_n *n;
 	int spisiz;
 	/*
 	 * note on SPI size: which description is correct?  I have chosen
 	 * this to be 0.
+	 *
 	 * RFC2408 3.1, 2nd paragraph says: ISAKMP SA is identified by
 	 * Initiator/Responder cookie and SPI has no meaning, SPI size = 0.
 	 * RFC2408 3.1, first paragraph on page 40: ISAKMP SA is identified
 	 * by cookie and SPI has no meaning, 0 <= SPI size <= 16.
 	 * RFC2407 4.6.3.3, INITIAL-CONTACT is required to set to 16.
 	 */
 	if (type == ISAKMP_NTYPE_INITIAL_CONTACT)
 		spisiz = sizeof(isakmp_index);
 	else
 		spisiz = 0;
 	tlen = sizeof(*n) + spisiz;
 	if (data)
 		tlen += data->l;
 	payload = vmalloc(tlen);
 	if (payload == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get buffer to send.\n");
 		return errno;
+	}
 	n = (struct isakmp_pl_n *)payload->v;
 	n->h.np = ISAKMP_NPTYPE_NONE;
 	n->h.len = htons(tlen);
 	n->doi = htonl(iph1->rmconf->doitype);
 	n->proto_id = IPSECDOI_PROTO_ISAKMP; /* XXX to be configurable ? */
 	n->spi_size = spisiz;
 	n->type = htons(type);
 	if (spisiz)
 		memcpy(n + 1, &iph1->index, sizeof(isakmp_index));
 	if (data)
 		memcpy((caddr_t)(n + 1) + spisiz, data->v, data->l);
 	error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, iph1->flags);
 	vfree(payload);
 	return error;
+}
 /*
  * send Notification payload (for IPsec SA) in Informational exchange
  */
 int
 isakmp_info_send_n2(iph2, type, data)
 	struct ph2handle *iph2;
 	int type;
 	vchar_t *data;
+{
 	struct ph1handle *iph1 = iph2->ph1;
 	vchar_t *payload = NULL;
 	int tlen;
 	int error = 0;
 	struct isakmp_pl_n *n;
 	struct saproto *pr;
 	if (!iph2->approval)
 		return EINVAL;
 	pr = iph2->approval->head;
 	/* XXX must be get proper spi */
 	tlen = sizeof(*n) + pr->spisize;
 	if (data)
 		tlen += data->l;
 	payload = vmalloc(tlen);
 	if (payload == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get buffer to send.\n");
 		return errno;
+	}
 	n = (struct isakmp_pl_n *)payload->v;
 	n->h.np = ISAKMP_NPTYPE_NONE;
 	n->h.len = htons(tlen);
 	n->doi = htonl(IPSEC_DOI);		/* IPSEC DOI (1) */
 	n->proto_id = pr->proto_id;		/* IPSEC AH/ESP/whatever*/
 	n->spi_size = pr->spisize;
 	n->type = htons(type);
 	*(u_int32_t *)(n + 1) = pr->spi;
 	if (data)
 		memcpy((caddr_t)(n + 1) + pr->spisize, data->v, data->l);
 	iph2->flags |= ISAKMP_FLAG_E;	/* XXX Should we do FLAG_A ? */
 	error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, iph2->flags);
 	vfree(payload);
 	return error;
+}
 /*
  * send Information
  * When ph1->skeyid_a == NULL, send message without encoding.
  */
 int
 isakmp_info_send_common(iph1, payload, np, flags)
 	struct ph1handle *iph1;
 	vchar_t *payload;
 	u_int32_t np;
 	int flags;
+{
 	struct ph2handle *iph2 = NULL;
 	vchar_t *hash = NULL;
 	struct isakmp *isakmp;
 	struct isakmp_gen *gen;
 	char *p;
 	int tlen;
 	int error = -1;
 	/* add new entry to isakmp status table */
 	iph2 = newph2();
 	if (iph2 == NULL)
 		goto end;
 	iph2->dst = dupsaddr(iph1->remote);
 	if (iph2->dst == NULL) {
 		delph2(iph2);
 		goto end;
+	}
 	iph2->src = dupsaddr(iph1->local);
 	if (iph2->src == NULL) {
 		delph2(iph2);
 		goto end;
+	}
 	iph2->side = INITIATOR;
 	iph2->status = PHASE2ST_START;
 	iph2->msgid = isakmp_newmsgid2(iph1);
 	/* get IV and HASH(1) if skeyid_a was generated. */
 	if (iph1->skeyid_a != NULL) {
 		iph2->ivm = oakley_newiv2(iph1, iph2->msgid);
 		if (iph2->ivm == NULL) {
 			delph2(iph2);
 			goto end;
+		}
 		/* generate HASH(1) */
 		hash = oakley_compute_hash1(iph1, iph2->msgid, payload);
 		if (hash == NULL) {
 			delph2(iph2);
 			goto end;
+		}
 		/* initialized total buffer length */
 		tlen = hash->l;
 		tlen += sizeof(*gen);
 	} else {
 		/* IKE-SA is not established */
 		hash = NULL;
 		/* initialized total buffer length */
 		tlen = 0;
+	}
 	if ((flags & ISAKMP_FLAG_A) == 0)
 		iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_E);
 	else
 		iph2->flags = (hash == NULL ? 0 : ISAKMP_FLAG_A);
 	insph2(iph2);
 	bindph12(iph1, iph2);
 	tlen += sizeof(*isakmp) + payload->l;
 	/* create buffer for isakmp payload */
 	iph2->sendbuf = vmalloc(tlen);
 	if (iph2->sendbuf == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get buffer to send.\n");
 		goto err;
+	}
 	/* create isakmp header */
 	isakmp = (struct isakmp *)iph2->sendbuf->v;
 	memcpy(&isakmp->i_ck, &iph1->index.i_ck, sizeof(cookie_t));
 	memcpy(&isakmp->r_ck, &iph1->index.r_ck, sizeof(cookie_t));
 	isakmp->np = hash == NULL ? (np & 0xff) : ISAKMP_NPTYPE_HASH;
 	isakmp->v = iph1->version;
 	isakmp->etype = ISAKMP_ETYPE_INFO;
 	isakmp->flags = iph2->flags;
 	memcpy(&isakmp->msgid, &iph2->msgid, sizeof(isakmp->msgid));
 	isakmp->len   = htonl(tlen);
 	p = (char *)(isakmp + 1);
 	/* create HASH payload */
 	if (hash != NULL) {
 		gen = (struct isakmp_gen *)p;
 		gen->np = np & 0xff;
 		gen->len = htons(sizeof(*gen) + hash->l);
 		p += sizeof(*gen);
 		memcpy(p, hash->v, hash->l);
 		p += hash->l;
+	}
 	/* add payload */
 	memcpy(p, payload->v, payload->l);
 	p += payload->l;
 #ifdef HAVE_PRINT_ISAKMP_C
 	isakmp_printpacket(iph2->sendbuf, iph1->local, iph1->remote, 1);
 #endif
 	/* encoding */
 	if (ISSET(isakmp->flags, ISAKMP_FLAG_E)) {
 		vchar_t *tmp;
 		tmp = oakley_do_encrypt(iph2->ph1, iph2->sendbuf, iph2->ivm->ive,
 				iph2->ivm->iv);
 		VPTRINIT(iph2->sendbuf);
 		if (tmp == NULL)
 			goto err;
 		iph2->sendbuf = tmp;
+	}
 	/* HDR*, HASH(1), N */
 	if (isakmp_send(iph2->ph1, iph2->sendbuf) < 0) {
 		VPTRINIT(iph2->sendbuf);
 		goto err;
+	}
 	plog(LLV_DEBUG, LOCATION, NULL,
 		"sendto Information %s.\n", s_isakmp_nptype(np));
 	/*
 	 * don't resend notify message because peer can use Acknowledged
 	 * Informational if peer requires the reply of the notify message.
 	 */
 	/* XXX If Acknowledged Informational required, don't delete ph2handle */
 	error = 0;
 	VPTRINIT(iph2->sendbuf);
 	goto err;	/* XXX */
 end:
 	if (hash)
 		vfree(hash);
 	return error;
 err:
 	remph2(iph2);
 	delph2(iph2);
 	goto end;
+}
 /*
  * add a notify payload to buffer by reallocating buffer.
  * If buf == NULL, the function only create a notify payload.
+ *
  * XXX Which is SPI to be included, inbound or outbound ?
  */
 vchar_t *
 isakmp_add_pl_n(buf0, np_p, type, pr, data)
 	vchar_t *buf0;
 	u_int8_t **np_p;
 	int type;
 	struct saproto *pr;
 	vchar_t *data;
+{
 	vchar_t *buf = NULL;
 	struct isakmp_pl_n *n;
 	int tlen;
 	int oldlen = 0;
 	if (*np_p)
 		**np_p = ISAKMP_NPTYPE_N;
 	tlen = sizeof(*n) + pr->spisize;
 	if (data)
 		tlen += data->l;
 	if (buf0) {
 		oldlen = buf0->l;
 		buf = vrealloc(buf0, buf0->l + tlen);
 	} else
 		buf = vmalloc(tlen);
 	if (!buf) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get a payload buffer.\n");
 		return NULL;
+	}
 	n = (struct isakmp_pl_n *)(buf->v + oldlen);
 	n->h.np = ISAKMP_NPTYPE_NONE;
 	n->h.len = htons(tlen);
 	n->doi = htonl(IPSEC_DOI);		/* IPSEC DOI (1) */
 	n->proto_id = pr->proto_id;		/* IPSEC AH/ESP/whatever*/
 	n->spi_size = pr->spisize;
 	n->type = htons(type);
 	*(u_int32_t *)(n + 1) = pr->spi;	/* XXX */
 	if (data)
 		memcpy((caddr_t)(n + 1) + pr->spisize, data->v, data->l);
 	/* save the pointer of next payload type */
 	*np_p = &n->h.np;
 	return buf;
+}
 static void
 purge_isakmp_spi(proto, spi, n)
 	int proto;
 	isakmp_index *spi;	/*network byteorder*/
 	size_t n;
+{
 	struct ph1handle *iph1;
 	size_t i;
 	for (i = 0; i < n; i++) {
 		iph1 = getph1byindex(&spi[i]);
 		if (!iph1)
 			continue;
 		plog(LLV_INFO, LOCATION, NULL,
 			"purged ISAKMP-SA proto_id=%s spi=%s.\n",
 			s_ipsecdoi_proto(proto),
 			isakmp_pindex(&spi[i], 0));
 		iph1->status = PHASE1ST_EXPIRED;
 		isakmp_ph1delete(iph1);
+	}
+}
 void
 purge_ipsec_spi(dst0, proto, spi, n)
 	struct sockaddr *dst0;
 	int proto;
 	u_int32_t *spi;	/*network byteorder*/
 	size_t n;
+{
 	vchar_t *buf = NULL;
 	struct sadb_msg *msg, *next, *end;
 	struct sadb_sa *sa;
 	struct sadb_lifetime *lt;
 	struct sockaddr *src, *dst;
 	struct ph2handle *iph2;
 	u_int64_t created;
 	size_t i;
 	caddr_t mhp[SADB_EXT_MAX + 1];
 	plog(LLV_DEBUG2, LOCATION, NULL,
 		 "purge_ipsec_spi:\n");
 	plog(LLV_DEBUG2, LOCATION, NULL, "dst0: %s\n", saddr2str(dst0));
 	plog(LLV_DEBUG2, LOCATION, NULL, "SPI: %08X\n", ntohl(spi[0]));
 	buf = pfkey_dump_sadb(ipsecdoi2pfkey_proto(proto));
 	if (buf == NULL) {
 		plog(LLV_DEBUG, LOCATION, NULL,
 			"pfkey_dump_sadb returned nothing.\n");
 		return;
+	}
 	msg = (struct sadb_msg *)buf->v;
 	end = (struct sadb_msg *)(buf->v + buf->l);
 	while (msg < end) {
 		if ((msg->sadb_msg_len << 3) < sizeof(*msg))
 			break;
 		next = (struct sadb_msg *)((caddr_t)msg + (msg->sadb_msg_len << 3));
 		if (msg->sadb_msg_type != SADB_DUMP) {
 			msg = next;
 			continue;
+		}
 		if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"pfkey_check (%s)\n", ipsec_strerror());
 			msg = next;
 			continue;
+		}
 		sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]);
 		if (!sa
 		 || !mhp[SADB_EXT_ADDRESS_SRC]
 		 || !mhp[SADB_EXT_ADDRESS_DST]) {
 			msg = next;
 			continue;
+		}
 		pk_fixup_sa_addresses(mhp);
 		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
 		dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
 		lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
 		if(lt != NULL)
 			created = lt->sadb_lifetime_addtime;
 		else
 			created = 0;
 		if (sa->sadb_sa_state != SADB_SASTATE_MATURE
 		 && sa->sadb_sa_state != SADB_SASTATE_DYING) {
 			msg = next;
 			continue;
+		}
 		plog(LLV_DEBUG2, LOCATION, NULL, "src: %s\n", saddr2str(src));
 		plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(dst));
 		/* XXX n^2 algorithm, inefficient */
 		/* don't delete inbound SAs at the moment */
 		/* XXX should we remove SAs with opposite direction as well? */
 		if (cmpsaddr(dst0, dst) != CMPSADDR_MATCH) {
 			msg = next;
 			continue;
+		}
 		for (i = 0; i < n; i++) {
 			plog(LLV_DEBUG, LOCATION, NULL,
 				"check spi(packet)=%u spi(db)=%u.\n",
 				ntohl(spi[i]), ntohl(sa->sadb_sa_spi));
 			if (spi[i] != sa->sadb_sa_spi)
 				continue;
 			pfkey_send_delete(lcconf->sock_pfkey,
 				msg->sadb_msg_satype,
 				IPSEC_MODE_ANY,
 				src, dst, sa->sadb_sa_spi);
 			/*
 			 * delete a relative phase 2 handler.
 			 * continue to process if no relative phase 2 handler
 			 * exists.
 			 */
 			iph2 = getph2bysaidx(src, dst, proto, spi[i]);
 			if(iph2 != NULL){
 				delete_spd(iph2, created);
 				remph2(iph2);
 				delph2(iph2);
+			}
 			plog(LLV_INFO, LOCATION, NULL,
 				"purged IPsec-SA proto_id=%s spi=%u.\n",
 				s_ipsecdoi_proto(proto),
 				ntohl(spi[i]));
+		}
 		msg = next;
+	}
 	if (buf)
 		vfree(buf);
+}
 /*
  * delete all phase2 sa relatived to the destination address
  * (except the phase2 within which the INITIAL-CONTACT was received).
  * Don't delete Phase 1 handlers on INITIAL-CONTACT, and don't ignore
  * an INITIAL-CONTACT if we have contacted the peer.  This matches the
  * Sun IKE behavior, and makes rekeying work much better when the peer
  * restarts.
  */
 int
 isakmp_info_recv_initialcontact(iph1, protectedph2)
 	struct ph1handle *iph1;
 	struct ph2handle *protectedph2;
+{
 	vchar_t *buf = NULL;
 	struct sadb_msg *msg, *next, *end;
 	struct sadb_sa *sa;
 	struct sockaddr *src, *dst;
 	caddr_t mhp[SADB_EXT_MAX + 1];
 	int proto_id, i;
 	struct ph2handle *iph2;
 #if 0
 	char *loc, *rem;
 #endif
 	plog(LLV_INFO, LOCATION, iph1->remote, "received INITIAL-CONTACT\n");
 	if (f_local)
 		return 0;
 #if 0
 	loc = racoon_strdup(saddrwop2str(iph1->local));
 	rem = racoon_strdup(saddrwop2str(iph1->remote));
 	STRDUP_FATAL(loc);
 	STRDUP_FATAL(rem);
 	/*
 	 * Purge all IPSEC-SAs for the peer.  We can do this
 	 * the easy way (using a PF_KEY SADB_DELETE extension)
 	 * or we can do it the hard way.
 	 */
 	for (i = 0; i < pfkey_nsatypes; i++) {
 		proto_id = pfkey2ipsecdoi_proto(pfkey_satypes[i].ps_satype);
 		plog(LLV_INFO, LOCATION, NULL,
 		    "purging %s SAs for %s -> %s\n",
 		    pfkey_satypes[i].ps_name, loc, rem);
 		if (pfkey_send_delete_all(lcconf->sock_pfkey,
 		    pfkey_satypes[i].ps_satype, IPSEC_MODE_ANY,
 		    iph1->local, iph1->remote) == -1) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "delete_all %s -> %s failed for %s (%s)\n",
 			    loc, rem,
 			    pfkey_satypes[i].ps_name, ipsec_strerror());
 			goto the_hard_way;
+		}
 		deleteallph2(iph1->local, iph1->remote, proto_id);
 		plog(LLV_INFO, LOCATION, NULL,
 		    "purging %s SAs for %s -> %s\n",
 		    pfkey_satypes[i].ps_name, rem, loc);
 		if (pfkey_send_delete_all(lcconf->sock_pfkey,
 		    pfkey_satypes[i].ps_satype, IPSEC_MODE_ANY,
 		    iph1->remote, iph1->local) == -1) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			    "delete_all %s -> %s failed for %s (%s)\n",
 			    rem, loc,
 			    pfkey_satypes[i].ps_name, ipsec_strerror());
 			goto the_hard_way;
+		}
 		deleteallph2(iph1->remote, iph1->local, proto_id);
+	}
 	racoon_free(loc);
 	racoon_free(rem);
 	return 0;
  the_hard_way:
 	racoon_free(loc);
 	racoon_free(rem);
 #endif
 	buf = pfkey_dump_sadb(SADB_SATYPE_UNSPEC);
 	if (buf == NULL) {
 		plog(LLV_DEBUG, LOCATION, NULL,
 			"pfkey_dump_sadb returned nothing.\n");
 		return 0;
+	}
 	msg = (struct sadb_msg *)buf->v;
 	end = (struct sadb_msg *)(buf->v + buf->l);
 	for (; msg < end; msg = next) {
 		if ((msg->sadb_msg_len << 3) < sizeof(*msg))
 			break;
 		next = (struct sadb_msg *)((caddr_t)msg + (msg->sadb_msg_len << 3));
 		if (msg->sadb_msg_type != SADB_DUMP)
 			continue;
 		if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"pfkey_check (%s)\n", ipsec_strerror());
 			continue;
+		}
 		if (mhp[SADB_EXT_SA] == NULL
 		 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
 		 || mhp[SADB_EXT_ADDRESS_DST] == NULL)
 			continue;
 		sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
 		pk_fixup_sa_addresses(mhp);
 		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
 		dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
 		if (sa->sadb_sa_state != SADB_SASTATE_MATURE
 		 && sa->sadb_sa_state != SADB_SASTATE_DYING)
 			continue;
 		/*
 		 * RFC2407 4.6.3.3 INITIAL-CONTACT is the message that
 		 * announces the sender of the message was rebooted.
 		 * it is interpreted to delete all SAs which source address
 		 * is the sender of the message.
 		 * racoon only deletes SA which is matched both the
 		 * source address and the destination accress.
 		 */
 		/*
 		 * Check that the IP and port match. But this is not optimal,
 		 * since NAT-T can make the peer have multiple different
 		 * ports. Correct thing to do is delete all entries with
                  * same identity. -TT
                  */
 		if ((cmpsaddr(iph1->local, src) != CMPSADDR_MATCH ||
 		     cmpsaddr(iph1->remote, dst) != CMPSADDR_MATCH) &&
 		    (cmpsaddr(iph1->local, dst) != CMPSADDR_MATCH ||
 		     cmpsaddr(iph1->remote, src) != CMPSADDR_MATCH))
 			continue;
 		/*
 		 * Make sure this is an SATYPE that we manage.
 		 * This is gross; too bad we couldn't do it the
 		 * easy way.
 		 */
 		for (i = 0; i < pfkey_nsatypes; i++) {
 			if (pfkey_satypes[i].ps_satype ==
 			    msg->sadb_msg_satype)
 				break;
+		}
 		if (i == pfkey_nsatypes)
 			continue;
 		plog(LLV_INFO, LOCATION, NULL,
 			"purging spi=%u.\n", ntohl(sa->sadb_sa_spi));
 		pfkey_send_delete(lcconf->sock_pfkey,
 			msg->sadb_msg_satype,
 			IPSEC_MODE_ANY, src, dst, sa->sadb_sa_spi);
 		/*
 		 * delete a relative phase 2 handler.
 		 * continue to process if no relative phase 2 handler
 		 * exists.
 		 */
 		proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
 		iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
 		if (iph2 && iph2 != protectedph2) {
 			delete_spd(iph2, 0);
 			remph2(iph2);
 			delph2(iph2);
+		}
+	}
 	vfree(buf);
 	return 0;
+}
 #ifdef ENABLE_DPD
 static int
 isakmp_info_recv_r_u (iph1, ru, msgid)
 	struct ph1handle *iph1;
 	struct isakmp_pl_ru *ru;
 	u_int32_t msgid;
+{
 	struct isakmp_pl_ru *ru_ack;
 	vchar_t *payload = NULL;
 	int tlen;
 	int error = 0;
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		 "DPD R-U-There received\n");
 	/* XXX should compare cookies with iph1->index?
 	   Or is this already done by calling function?  */
 	tlen = sizeof(*ru_ack);
 	payload = vmalloc(tlen);
 	if (payload == NULL) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			"failed to get buffer to send.\n");
 		return errno;
+	}
 	ru_ack = (struct isakmp_pl_ru *)payload->v;
 	ru_ack->h.np = ISAKMP_NPTYPE_NONE;
 	ru_ack->h.len = htons(tlen);
 	ru_ack->doi = htonl(IPSEC_DOI);
 	ru_ack->type = htons(ISAKMP_NTYPE_R_U_THERE_ACK);
 	ru_ack->proto_id = IPSECDOI_PROTO_ISAKMP; /* XXX ? */
 	ru_ack->spi_size = sizeof(isakmp_index);
 	memcpy(ru_ack->i_ck, ru->i_ck, sizeof(cookie_t));
 	memcpy(ru_ack->r_ck, ru->r_ck, sizeof(cookie_t));
 	ru_ack->data = ru->data;
 	/* XXX Should we do FLAG_A ?  */
 	error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N,
 					ISAKMP_FLAG_E);
 	vfree(payload);
 	plog(LLV_DEBUG, LOCATION, NULL, "received a valid R-U-THERE, ACK sent\n");
 	/* Should we mark tunnel as active ? */
 	return error;
+}
 static int
 isakmp_info_recv_r_u_ack (iph1, ru, msgid)
 	struct ph1handle *iph1;
 	struct isakmp_pl_ru *ru;
 	u_int32_t msgid;
+{
 	u_int32_t seq;
 	plog(LLV_DEBUG, LOCATION, iph1->remote,
 		 "DPD R-U-There-Ack received\n");
 	seq = ntohl(ru->data);
 	if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
 			 "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n",
 			 seq, iph1->dpd_last_ack, iph1->dpd_seq);
 		return 0;
+	}
 	/* accept cookies in original or reversed order */
 	if ((memcmp(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
 	     memcmp(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t))) &&
 	    (memcmp(ru->r_ck, iph1->index.i_ck, sizeof(cookie_t)) ||
 	     memcmp(ru->i_ck, iph1->index.r_ck, sizeof(cookie_t)))) {
 		plog(LLV_ERROR, LOCATION, iph1->remote,
 			 "Cookie mismatch in DPD ACK!.\n");
 		return 0;
+	}
 	iph1->dpd_fails = 0;
 	iph1->dpd_last_ack = seq;
 	sched_cancel(&iph1->dpd_r_u);
 	isakmp_sched_r_u(iph1, 0);
 	plog(LLV_DEBUG, LOCATION, iph1->remote, "received an R-U-THERE-ACK\n");
 	return 0;
+}
 /*
  * send DPD R-U-THERE payload in Informational exchange.
  */
 static void