 @@ -1,14 +1,14 @@
-/*	$NetBSD: key.c,v 1.158 2017/05/31 09:52:43 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.159 2017/05/31 09:53:35 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -22,27 +22,27 @@
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.158 2017/05/31 09:52:43 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.159 2017/05/31 09:53:35 ozaki-r Exp $");
 /*
  * This code is referd to RFC 2367
  */
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #include "opt_ipsec.h"
 #include "opt_gateway.h"
 #endif
 #include <sys/types.h>
 #include <sys/param.h>
 @@ -4467,72 +4467,60 @@ key_bb_match_withmask(const void *a1, co
 		if (*p1++ != *p2++)
 			return 0;
 		bits -= 8;
+	}
 	if (bits > 0) {
 		u_int8_t mask = ~((1<<(8-bits))-1);
 		if ((*p1 & mask) != (*p2 & mask))
 			return 0;
+	}
 	return 1;	/* Match! */
+}
 /*
  * time handler.
  * scanning SPD and SAD to check status for each entries,
  * and do to remove or to expire.
  */
 static void
-key_timehandler_work(struct work *wk, void *arg)
+key_timehandler_spd(time_t now)
+{
 	u_int dir;
 	int s;
 	time_t now = time_uptime;
 	s = splsoftnet();
 	mutex_enter(softnet_lock);
 	/* SPD */
 	struct secpolicy *sp, *nextsp;
 	for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 		LIST_FOREACH_SAFE(sp, &sptree[dir], chain, nextsp) {
 			if (sp->state == IPSEC_SPSTATE_DEAD) {
 				key_sp_unlink(sp);	/*XXX*/
 				/* 'sp' dead; continue transfers to
 				 * 'sp = nextsp'
 				 */
 				continue;
+			}
 			if (sp->lifetime == 0 && sp->validtime == 0)
 				continue;
 			/* the deletion will occur next time */
 			if ((sp->lifetime && now - sp->created > sp->lifetime) ||
 			    (sp->validtime && now - sp->lastused > sp->validtime)) {
 			  	key_sp_dead(sp);
 				key_spdexpire(sp);
 				continue;
+			}
+		}
+	}
+}
-	/* SAD */
+static void
 key_timehandler_sad(time_t now)
+{
 	struct secashead *sah, *nextsah;
 	struct secasvar *sav, *nextsav;
 	LIST_FOREACH_SAFE(sah, &sahtree, chain, nextsah) {
 		/* if sah has been dead, then delete it and process next sah. */
 		if (sah->state == SADB_SASTATE_DEAD) {
 			key_delsah(sah);
 			continue;
+		}
 		/* if LARVAL entry doesn't become MATURE, delete it. */
 		LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL],
 		    chain, nextsav) {
 @@ -4651,61 +4639,82 @@ key_timehandler_work(struct work *wk, vo
 				    "invalid sav->state (queue: %d SA: %d): "
 				    "kill it anyway\n",
 				    SADB_SASTATE_DEAD, sav->state);
+			}
 			/*
 			 * do not call key_freesav() here.
 			 * sav should already be freed, and sav->refcnt
 			 * shows other references to sav
 			 * (such as from SPD).
 			 */
+		}
+	}
+}
 static void
 key_timehandler_acq(time_t now)
+{
 #ifndef IPSEC_NONBLOCK_ACQUIRE
 	/* ACQ tree */
 	struct secacq *acq, *nextacq;
     restart:
 	mutex_enter(&key_mtx);
 	LIST_FOREACH_SAFE(acq, &acqtree, chain, nextacq) {
 		if (now - acq->created > key_blockacq_lifetime) {
 			LIST_REMOVE(acq, chain);
 			mutex_exit(&key_mtx);
 			kmem_free(acq, sizeof(*acq));
 			goto restart;
+		}
+	}
 	mutex_exit(&key_mtx);
 #endif
+}
 static void
 key_timehandler_spacq(time_t now)
+{
 #ifdef notyet
 	/* SP ACQ tree */
 	struct secspacq *acq, *nextacq;
 	LIST_FOREACH_SAFE(acq, &spacqtree, chain, nextacq) {
 		if (now - acq->created > key_blockacq_lifetime) {
 			KASSERT(__LIST_CHAINED(acq));
 			LIST_REMOVE(acq, chain);
 			kmem_free(acq, sizeof(*acq));
+		}
+	}
 #endif
+}
 /*
  * time handler.
  * scanning SPD and SAD to check status for each entries,
  * and do to remove or to expire.
  */
 static void
 key_timehandler_work(struct work *wk, void *arg)
+{
 	int s;
 	time_t now = time_uptime;
 	s = splsoftnet();
 	mutex_enter(softnet_lock);
 	key_timehandler_spd(now);
 	key_timehandler_sad(now);
 	key_timehandler_acq(now);
 	key_timehandler_spacq(now);
 	/* do exchange to tick time !! */
 	callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
 	mutex_exit(softnet_lock);
 	splx(s);
 	return;
+}
 static void
 key_timehandler(void *arg)
+{