 @@ -1,1991 +1,1988 @@
-/*	$NetBSD: if_spppsubr.c,v 1.186 2020/02/04 05:46:32 thorpej Exp $	 */
+/*	$NetBSD: if_spppsubr.c,v 1.187 2020/03/06 10:26:59 knakahara Exp $	 */
 /*
  * Synchronous PPP/Cisco link level subroutines.
  * Keepalive protocol implemented in both Cisco and PPP modes.
+ *
  * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
  * Author: Serge Vakulenko, <vak@cronyx.ru>
+ *
  * Heavily revamped to conform to RFC 1661.
  * Copyright (C) 1997, Joerg Wunsch.
+ *
  * RFC2472 IPv6CP support.
  * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  * 1. Redistributions of source code must retain the above copyright notice,
  *    this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright notice,
  *    this list of conditions and the following disclaimer in the documentation
  *    and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
+ *
  * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
+ *
  * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp
+ *
  * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.186 2020/02/04 05:46:32 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.187 2020/03/06 10:26:59 knakahara Exp $");
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
 #include "opt_modular.h"
 #include "opt_compat_netbsd.h"
 #include "opt_net_mpsafe.h"
 #endif
 #include <sys/param.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/sockio.h>
 #include <sys/socket.h>
 #include <sys/syslog.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/callout.h>
 #include <sys/md5.h>
 #include <sys/inttypes.h>
 #include <sys/kauth.h>
 #include <sys/cprng.h>
 #include <sys/module.h>
 #include <sys/workqueue.h>
 #include <sys/atomic.h>
 #include <sys/compat_stub.h>
 #include <net/if.h>
 #include <net/netisr.h>
 #include <net/if_types.h>
 #include <net/route.h>
 #include <net/ppp_defs.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
 #ifdef INET
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
 #endif
 #include <net/ethertypes.h>
 #ifdef INET6
 #include <netinet6/scope6_var.h>
 #endif
 #include <net/if_sppp.h>
 #include <net/if_spppvar.h>
 #ifdef NET_MPSAFE
 #define SPPPSUBR_MPSAFE	1
 #endif
 #define	LCP_KEEPALIVE_INTERVAL		10	/* seconds between checks */
 #define LOOPALIVECNT     		3	/* loopback detection tries */
 #define DEFAULT_MAXALIVECNT    		3	/* max. missed alive packets */
 #define	DEFAULT_NORECV_TIME		15	/* before we get worried */
 #define DEFAULT_MAX_AUTH_FAILURES	5	/* max. auth. failures */
 /*
  * Interface flags that can be set in an ifconfig command.
+ *
  * Setting link0 will make the link passive, i.e. it will be marked
  * as being administrative openable, but won't be opened to begin
  * with.  Incoming calls will be answered, or subsequent calls with
  * -link1 will cause the administrative open of the LCP layer.
+ *
  * Setting link1 will cause the link to auto-dial only as packets
  * arrive to be sent.
+ *
  * Setting IFF_DEBUG will syslog the option negotiation and state
  * transitions at level kern.debug.  Note: all logs consistently look
  * like
+ *
  *   <if-name><unit>: <proto-name> <additional info...>
+ *
  * with <if-name><unit> being something like "bppp0", and <proto-name>
  * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
  */
 #define IFF_PASSIVE	IFF_LINK0	/* wait passively for connection */
 #define IFF_AUTO	IFF_LINK1	/* auto-dial on output */
 #define CONF_REQ	1		/* PPP configure request */
 #define CONF_ACK	2		/* PPP configure acknowledge */
 #define CONF_NAK	3		/* PPP configure negative ack */
 #define CONF_REJ	4		/* PPP configure reject */
 #define TERM_REQ	5		/* PPP terminate request */
 #define TERM_ACK	6		/* PPP terminate acknowledge */
 #define CODE_REJ	7		/* PPP code reject */
 #define PROTO_REJ	8		/* PPP protocol reject */
 #define ECHO_REQ	9		/* PPP echo request */
 #define ECHO_REPLY	10		/* PPP echo reply */
 #define DISC_REQ	11		/* PPP discard request */
 #define LCP_OPT_MRU		1	/* maximum receive unit */
 #define LCP_OPT_ASYNC_MAP	2	/* async control character map */
 #define LCP_OPT_AUTH_PROTO	3	/* authentication protocol */
 #define LCP_OPT_QUAL_PROTO	4	/* quality protocol */
 #define LCP_OPT_MAGIC		5	/* magic number */
 #define LCP_OPT_RESERVED	6	/* reserved */
 #define LCP_OPT_PROTO_COMP	7	/* protocol field compression */
 #define LCP_OPT_ADDR_COMP	8	/* address/control field compression */
 #define IPCP_OPT_ADDRESSES	1	/* both IP addresses; deprecated */
 #define IPCP_OPT_COMPRESSION	2	/* IP compression protocol */
 #define IPCP_OPT_ADDRESS	3	/* local IP address */
 #define	IPCP_OPT_PRIMDNS	129	/* primary remote dns address */
 #define	IPCP_OPT_SECDNS		131	/* secondary remote dns address */
 #define IPCP_UPDATE_LIMIT	8	/* limit of pending IP updating job */
 #define IPCP_SET_ADDRS		1	/* marker for IP address setting job */
 #define IPCP_CLEAR_ADDRS	2	/* marker for IP address clearing job */
 #define IPV6CP_OPT_IFID		1	/* interface identifier */
 #define IPV6CP_OPT_COMPRESSION	2	/* IPv6 compression protocol */
 #define PAP_REQ			1	/* PAP name/password request */
 #define PAP_ACK			2	/* PAP acknowledge */
 #define PAP_NAK			3	/* PAP fail */
 #define CHAP_CHALLENGE		1	/* CHAP challenge request */
 #define CHAP_RESPONSE		2	/* CHAP challenge response */
 #define CHAP_SUCCESS		3	/* CHAP response ok */
 #define CHAP_FAILURE		4	/* CHAP response failed */
 #define CHAP_MD5		5	/* hash algorithm - MD5 */
 #define CISCO_MULTICAST		0x8f	/* Cisco multicast address */
 #define CISCO_UNICAST		0x0f	/* Cisco unicast address */
 #define CISCO_KEEPALIVE		0x8035	/* Cisco keepalive protocol */
 #define CISCO_ADDR_REQ		0	/* Cisco address request */
 #define CISCO_ADDR_REPLY	1	/* Cisco address reply */
 #define CISCO_KEEPALIVE_REQ	2	/* Cisco keepalive request */
 /* states are named and numbered according to RFC 1661 */
 #define STATE_INITIAL	0
 #define STATE_STARTING	1
 #define STATE_CLOSED	2
 #define STATE_STOPPED	3
 #define STATE_CLOSING	4
 #define STATE_STOPPING	5
 #define STATE_REQ_SENT	6
 #define STATE_ACK_RCVD	7
 #define STATE_ACK_SENT	8
 #define STATE_OPENED	9
 struct ppp_header {
 	uint8_t address;
 	uint8_t control;
 	uint16_t protocol;
 } __packed;
 #define PPP_HEADER_LEN          sizeof (struct ppp_header)
 struct lcp_header {
 	uint8_t type;
 	uint8_t ident;
 	uint16_t len;
 } __packed;
 #define LCP_HEADER_LEN          sizeof (struct lcp_header)
 struct cisco_packet {
 	uint32_t type;
 	uint32_t par1;
 	uint32_t par2;
 	uint16_t rel;
 	uint16_t time0;
 	uint16_t time1;
 } __packed;
 #define CISCO_PACKET_LEN 18
 /*
  * We follow the spelling and capitalization of RFC 1661 here, to make
  * it easier comparing with the standard.  Please refer to this RFC in
  * case you can't make sense out of these abbreviation; it will also
  * explain the semantics related to the various events and actions.
  */
 struct cp {
 	u_short	proto;		/* PPP control protocol number */
 	u_char protoidx;	/* index into state table in struct sppp */
 	u_char flags;
 #define CP_LCP		0x01	/* this is the LCP */
 #define CP_AUTH		0x02	/* this is an authentication protocol */
 #define CP_NCP		0x04	/* this is a NCP */
 #define CP_QUAL		0x08	/* this is a quality reporting protocol */
 	const char *name;	/* name of this control protocol */
 	/* event handlers */
 	void	(*Up)(struct sppp *sp);
 	void	(*Down)(struct sppp *sp);
 	void	(*Open)(struct sppp *sp);
 	void	(*Close)(struct sppp *sp);
 	void	(*TO)(void *sp);
 	int	(*RCR)(struct sppp *sp, struct lcp_header *h, int len);
 	void	(*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
 	void	(*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
 	/* actions */
 	void	(*tlu)(struct sppp *sp);
 	void	(*tld)(struct sppp *sp);
 	void	(*tls)(struct sppp *sp);
 	void	(*tlf)(struct sppp *sp);
 	void	(*scr)(struct sppp *sp);
 };
 static struct sppp *spppq;
 static kmutex_t *spppq_lock = NULL;
 static callout_t keepalive_ch;
 #define SPPPQ_LOCK()	if (spppq_lock) \
 				mutex_enter(spppq_lock);
 #define SPPPQ_UNLOCK()	if (spppq_lock) \
 				mutex_exit(spppq_lock);
 #define SPPP_LOCK(_sp, _op)	rw_enter(&(_sp)->pp_lock, (_op))
 #define SPPP_UNLOCK(_sp)	rw_exit(&(_sp)->pp_lock)
 #define SPPP_WLOCKED(_sp)	rw_write_held(&(_sp)->pp_lock)
 #define SPPP_UPGRADE(_sp)	do{	\
 	SPPP_UNLOCK(_sp);		\
 	SPPP_LOCK(_sp, RW_WRITER);	\
 }while (0)
 #define SPPP_DOWNGRADE(_sp)	rw_downgrade(&(_sp)->pp_lock)
 #ifdef INET
 #ifndef SPPPSUBR_MPSAFE
 /*
  * The following disgusting hack gets around the problem that IP TOS
  * can't be set yet.  We want to put "interactive" traffic on a high
  * priority queue.  To decide if traffic is interactive, we check that
  * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
+ *
  * XXX is this really still necessary?  - joerg -
  */
 static u_short interactive_ports[8] = {
 ,	513,	0,	0,
 ,	21,	0,	23,
 };
 #define INTERACTIVE(p)	(interactive_ports[(p) & 7] == (p))
 #endif /* SPPPSUBR_MPSAFE */
 #endif
 /* almost every function needs these */
 #define STDDCL							\
 	struct ifnet *ifp = &sp->pp_if;				\
 	int debug = ifp->if_flags & IFF_DEBUG
 static int sppp_output(struct ifnet *ifp, struct mbuf *m,
 		       const struct sockaddr *dst, const struct rtentry *rt);
 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2);
 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
 static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
 			  struct mbuf *m);
 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
 			 u_char ident, u_short len, void *data);
 /* static void sppp_cp_timeout(void *arg); */
 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
 				 int newstate);
 static void sppp_auth_send(const struct cp *cp,
 			   struct sppp *sp, unsigned int type, unsigned int id,
 			   ...);
 static void sppp_up_event(const struct cp *cp, struct sppp *sp);
 static void sppp_down_event(const struct cp *cp, struct sppp *sp);
 static void sppp_open_event(const struct cp *cp, struct sppp *sp);
 static void sppp_close_event(const struct cp *cp, struct sppp *sp);
 static void sppp_to_event(const struct cp *cp, struct sppp *sp);
 static void sppp_null(struct sppp *sp);
 static void sppp_lcp_init(struct sppp *sp);
 static void sppp_lcp_up(struct sppp *sp);
 static void sppp_lcp_down(struct sppp *sp);
 static void sppp_lcp_open(struct sppp *sp);
 static void sppp_lcp_close(struct sppp *sp);
 static void sppp_lcp_TO(void *sp);
 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_lcp_tlu(struct sppp *sp);
 static void sppp_lcp_tld(struct sppp *sp);
 static void sppp_lcp_tls(struct sppp *sp);
 static void sppp_lcp_tlf(struct sppp *sp);
 static void sppp_lcp_scr(struct sppp *sp);
 static void sppp_lcp_check_and_close(struct sppp *sp);
 static int sppp_ncp_check(struct sppp *sp);
 static void sppp_ipcp_init(struct sppp *sp);
 static void sppp_ipcp_up(struct sppp *sp);
 static void sppp_ipcp_down(struct sppp *sp);
 static void sppp_ipcp_open(struct sppp *sp);
 static void sppp_ipcp_close(struct sppp *sp);
 static void sppp_ipcp_TO(void *sp);
 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_ipcp_tlu(struct sppp *sp);
 static void sppp_ipcp_tld(struct sppp *sp);
 static void sppp_ipcp_tls(struct sppp *sp);
 static void sppp_ipcp_tlf(struct sppp *sp);
 static void sppp_ipcp_scr(struct sppp *sp);
 static void sppp_ipv6cp_init(struct sppp *sp);
 static void sppp_ipv6cp_up(struct sppp *sp);
 static void sppp_ipv6cp_down(struct sppp *sp);
 static void sppp_ipv6cp_open(struct sppp *sp);
 static void sppp_ipv6cp_close(struct sppp *sp);
 static void sppp_ipv6cp_TO(void *sp);
 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
 static void sppp_ipv6cp_tlu(struct sppp *sp);
 static void sppp_ipv6cp_tld(struct sppp *sp);
 static void sppp_ipv6cp_tls(struct sppp *sp);
 static void sppp_ipv6cp_tlf(struct sppp *sp);
 static void sppp_ipv6cp_scr(struct sppp *sp);
 static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
 static void sppp_pap_init(struct sppp *sp);
 static void sppp_pap_open(struct sppp *sp);
 static void sppp_pap_close(struct sppp *sp);
 static void sppp_pap_TO(void *sp);
 static void sppp_pap_my_TO(void *sp);
 static void sppp_pap_tlu(struct sppp *sp);
 static void sppp_pap_tld(struct sppp *sp);
 static void sppp_pap_scr(struct sppp *sp);
 static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
 static void sppp_chap_init(struct sppp *sp);
 static void sppp_chap_open(struct sppp *sp);
 static void sppp_chap_close(struct sppp *sp);
 static void sppp_chap_TO(void *sp);
 static void sppp_chap_tlu(struct sppp *sp);
 static void sppp_chap_tld(struct sppp *sp);
 static void sppp_chap_scr(struct sppp *sp);
 static const char *sppp_auth_type_name(u_short proto, u_char type);
 static const char *sppp_cp_type_name(u_char type);
 static const char *sppp_dotted_quad(uint32_t addr);
 static const char *sppp_ipcp_opt_name(u_char opt);
 #ifdef INET6
 static const char *sppp_ipv6cp_opt_name(u_char opt);
 #endif
 static const char *sppp_lcp_opt_name(u_char opt);
 static const char *sppp_phase_name(int phase);
 static const char *sppp_proto_name(u_short proto);
 static const char *sppp_state_name(int state);
 static int sppp_params(struct sppp *sp, u_long cmd, void *data);
 #ifdef INET
 static void sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst,
 			      uint32_t *srcmask);
 static void sppp_set_ip_addrs_work(struct work *wk, struct sppp *sp);
 static void sppp_set_ip_addrs(struct sppp *sp);
 static void sppp_clear_ip_addrs_work(struct work *wk, struct sppp *sp);
 static void sppp_clear_ip_addrs(struct sppp *sp);
 static void sppp_update_ip_addrs_work(struct work *wk, void *arg);
 #endif
 static void sppp_keepalive(void *dummy);
 static void sppp_phase_network(struct sppp *sp);
 static void sppp_print_bytes(const u_char *p, u_short len);
 static void sppp_print_string(const char *p, u_short len);
 #ifdef INET6
 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
 				struct in6_addr *dst, struct in6_addr *srcmask);
 #ifdef IPV6CP_MYIFID_DYN
 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
 #endif
 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
 #endif
 static void sppp_notify_up(struct sppp *);
 static void sppp_notify_down(struct sppp *);
 static void sppp_notify_tls_wlocked(struct sppp *);
 static void sppp_notify_tlf_wlocked(struct sppp *);
 #ifdef INET6
 static void sppp_notify_con_wlocked(struct sppp *);
 #endif
 static void sppp_notify_con(struct sppp *);
 static void sppp_notify_chg_wlocked(struct sppp *);
 /* our control protocol descriptors */
 static const struct cp lcp = {
 	PPP_LCP, IDX_LCP, CP_LCP, "lcp",
 	sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
 	sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
 	sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
 	sppp_lcp_scr
 };
 static const struct cp ipcp = {
 	PPP_IPCP, IDX_IPCP,
 #ifdef INET
 	CP_NCP,	/*don't run IPCP if there's no IPv4 support*/
 #else
 ,
 #endif
 	"ipcp",
 	sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
 	sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
 	sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
 	sppp_ipcp_scr
 };
 static const struct cp ipv6cp = {
 	PPP_IPV6CP, IDX_IPV6CP,
 #ifdef INET6	/*don't run IPv6CP if there's no IPv6 support*/
 	CP_NCP,
 #else
 ,
 #endif
 	"ipv6cp",
 	sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
 	sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
 	sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
 	sppp_ipv6cp_scr
 };
 static const struct cp pap = {
 	PPP_PAP, IDX_PAP, CP_AUTH, "pap",
 	sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
 	sppp_pap_TO, 0, 0, 0,
 	sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
 	sppp_pap_scr
 };
 static const struct cp chap = {
 	PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
 	sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
 	sppp_chap_TO, 0, 0, 0,
 	sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
 	sppp_chap_scr
 };
 static const struct cp *cps[IDX_COUNT] = {
 	&lcp,			/* IDX_LCP */
 	&ipcp,			/* IDX_IPCP */
 	&ipv6cp,		/* IDX_IPV6CP */
 	&pap,			/* IDX_PAP */
 	&chap,			/* IDX_CHAP */
 };
 static void
 sppp_change_phase(struct sppp *sp, int phase)
+{
 	STDDCL;
 	KASSERT(SPPP_WLOCKED(sp));
 	if (sp->pp_phase == phase)
 		return;
 	sp->pp_phase = phase;
 	if (phase == SPPP_PHASE_NETWORK)
 		if_link_state_change(ifp, LINK_STATE_UP);
 	else
 		if_link_state_change(ifp, LINK_STATE_DOWN);
 	if (debug)
+	{
 		log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
 			sppp_phase_name(sp->pp_phase));
+	}
+}
 /*
  * Exported functions, comprising our interface to the lower layer.
  */
 /*
  * Process the received packet.
  */
 void
 sppp_input(struct ifnet *ifp, struct mbuf *m)
+{
 	struct ppp_header *h = NULL;
 	pktqueue_t *pktq = NULL;
 	struct ifqueue *inq = NULL;
 	uint16_t protocol;
 	struct sppp *sp = (struct sppp *)ifp;
 	int debug = ifp->if_flags & IFF_DEBUG;
 	int isr = 0;
 	SPPP_LOCK(sp, RW_READER);
 	if (ifp->if_flags & IFF_UP) {
 		/* Count received bytes, add hardware framing */
 		if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes);
 		/* Note time of last receive */
 		sp->pp_last_receive = time_uptime;
+	}
 	if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
 		/* Too small packet, drop it. */
 		if (debug)
 			log(LOG_DEBUG,
 			    "%s: input packet is too small, %d bytes\n",
 			    ifp->if_xname, m->m_pkthdr.len);
 	  drop:
 		if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1);
 		m_freem(m);
 		SPPP_UNLOCK(sp);
 		return;
+	}
 	if (sp->pp_flags & PP_NOFRAMING) {
 		memcpy(&protocol, mtod(m, void *), 2);
 		protocol = ntohs(protocol);
 		m_adj(m, 2);
 	} else {
 		/* Get PPP header. */
 		h = mtod(m, struct ppp_header *);
 		m_adj(m, PPP_HEADER_LEN);
 		switch (h->address) {
 		case PPP_ALLSTATIONS:
 			if (h->control != PPP_UI)
 				goto invalid;
 			if (sp->pp_flags & PP_CISCO) {
 				if (debug)
 					log(LOG_DEBUG,
 					    "%s: PPP packet in Cisco mode "
 					    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
 					    ifp->if_xname,
 					    h->address, h->control, ntohs(h->protocol));
 				goto drop;
+			}
 			break;
 		case CISCO_MULTICAST:
 		case CISCO_UNICAST:
 			/* Don't check the control field here (RFC 1547). */
 			if (! (sp->pp_flags & PP_CISCO)) {
 				if (debug)
 					log(LOG_DEBUG,
 					    "%s: Cisco packet in PPP mode "
 					    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
 					    ifp->if_xname,
 					    h->address, h->control, ntohs(h->protocol));
 				goto drop;
+			}
 			switch (ntohs(h->protocol)) {
 			default:
 				if_statinc(ifp, if_noproto);
 				goto invalid;
 			case CISCO_KEEPALIVE:
 				SPPP_UNLOCK(sp);
 				sppp_cisco_input((struct sppp *) ifp, m);
 				m_freem(m);
 				return;
 #ifdef INET
 			case ETHERTYPE_IP:
 				pktq = ip_pktq;
 				break;
 #endif
 #ifdef INET6
 			case ETHERTYPE_IPV6:
 				pktq = ip6_pktq;
 				break;
 #endif
+			}
 			goto queue_pkt;
 		default:        /* Invalid PPP packet. */
 		  invalid:
 			if (debug)
 				log(LOG_DEBUG,
 				    "%s: invalid input packet "
 				    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
 				    ifp->if_xname,
 				    h->address, h->control, ntohs(h->protocol));
 			goto drop;
+		}
 		protocol = ntohs(h->protocol);
+	}
 	switch (protocol) {
 	default:
 		if (sp->state[IDX_LCP] == STATE_OPENED) {
 			uint16_t prot = htons(protocol);
 			SPPP_UPGRADE(sp);
 			sppp_cp_send(sp, PPP_LCP, PROTO_REJ,
 			    ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
 			    &prot);
 			SPPP_DOWNGRADE(sp);
+		}
 		if (debug)
 			log(LOG_DEBUG,
 			    "%s: invalid input protocol "
 			    "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol));
 		if_statinc(ifp, if_noproto);
 		goto drop;
 	case PPP_LCP:
 		SPPP_UNLOCK(sp);
 		sppp_cp_input(&lcp, sp, m);
 		m_freem(m);
 		return;
 	case PPP_PAP:
 		SPPP_UNLOCK(sp);
 		if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
 			sppp_pap_input(sp, m);
+		}
 		m_freem(m);
 		return;
 	case PPP_CHAP:
 		SPPP_UNLOCK(sp);
 		if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
 			sppp_chap_input(sp, m);
+		}
 		m_freem(m);
 		return;
 #ifdef INET
 	case PPP_IPCP:
 		SPPP_UNLOCK(sp);
 		if (sp->pp_phase == SPPP_PHASE_NETWORK) {
 			sppp_cp_input(&ipcp, sp, m);
+		}
 		m_freem(m);
 		return;
 	case PPP_IP:
 		if (sp->state[IDX_IPCP] == STATE_OPENED) {
 			sp->pp_last_activity = time_uptime;
 			pktq = ip_pktq;
+		}
 		break;
 #endif
 #ifdef INET6
 	case PPP_IPV6CP:
 		SPPP_UNLOCK(sp);
 		if (sp->pp_phase == SPPP_PHASE_NETWORK) {
 			sppp_cp_input(&ipv6cp, sp, m);
+		}
 		m_freem(m);
 		return;
 	case PPP_IPV6:
 		if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
 			sp->pp_last_activity = time_uptime;
 			pktq = ip6_pktq;
+		}
 		break;
 #endif
+	}
 queue_pkt:
 	if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) {
 		goto drop;
+	}
 	/* Check queue. */
 	if (__predict_true(pktq)) {
 		if (__predict_false(!pktq_enqueue(pktq, m, 0))) {
 			goto drop;
+		}
 		SPPP_UNLOCK(sp);
 		return;
+	}
 	SPPP_UNLOCK(sp);
 	IFQ_LOCK(inq);
 	if (IF_QFULL(inq)) {
 		/* Queue overflow. */
 		IF_DROP(inq);
 		IFQ_UNLOCK(inq);
 		if (debug)
 			log(LOG_DEBUG, "%s: protocol queue overflow\n",
 				ifp->if_xname);
 		SPPP_LOCK(sp, RW_READER);
 		goto drop;
+	}
 	IF_ENQUEUE(inq, m);
 	IFQ_UNLOCK(inq);
 	schednetisr(isr);
+}
 /*
  * Enqueue transmit packet.
  */
 static int
 sppp_output(struct ifnet *ifp, struct mbuf *m,
     const struct sockaddr *dst, const struct rtentry *rt)
+{
 	struct sppp *sp = (struct sppp *) ifp;
 	struct ppp_header *h = NULL;
 #ifndef SPPPSUBR_MPSAFE
 	struct ifqueue *ifq = NULL;		/* XXX */
 #endif
 	int s, error = 0;
 	uint16_t protocol;
 	size_t pktlen;
 	s = splnet();
 	SPPP_LOCK(sp, RW_READER);
 	sp->pp_last_activity = time_uptime;
 	if ((ifp->if_flags & IFF_UP) == 0 ||
 	    (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
 		SPPP_UNLOCK(sp);
 		splx(s);
 		m_freem(m);
 		return (ENETDOWN);
+	}
 	if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
 		/*
 		 * Interface is not yet running, but auto-dial.  Need
 		 * to start LCP for it.
 		 */
 		ifp->if_flags |= IFF_RUNNING;
 		SPPP_UNLOCK(sp);
 		splx(s);
 		SPPP_LOCK(sp, RW_WRITER);
 		lcp.Open(sp);
 		SPPP_UNLOCK(sp);
 		s = splnet();
 		SPPP_LOCK(sp, RW_READER);
+	}
 	/*
 	 * If the queueing discipline needs packet classification,
 	 * do it before prepending link headers.
 	 */
 	IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family);
 #ifdef INET
 	if (dst->sa_family == AF_INET) {
 		struct ip *ip = NULL;
 #ifndef SPPPSUBR_MPSAFE
 		struct tcphdr *th = NULL;
 #endif
 		if (m->m_len >= sizeof(struct ip)) {
 			ip = mtod(m, struct ip *);
 #ifndef SPPPSUBR_MPSAFE
 			if (ip->ip_p == IPPROTO_TCP &&
 			    m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
 			    sizeof(struct tcphdr)) {
 				th = (struct tcphdr *)
 				    ((char *)ip + (ip->ip_hl << 2));
+			}
 #endif
 		} else
 			ip = NULL;
 		/*
 		 * When using dynamic local IP address assignment by using
 		 * 0.0.0.0 as a local address, the first TCP session will
 		 * not connect because the local TCP checksum is computed
 		 * using 0.0.0.0 which will later become our real IP address
 		 * so the TCP checksum computed at the remote end will
 		 * become invalid. So we
 		 * - don't let packets with src ip addr 0 thru
 		 * - we flag TCP packets with src ip 0 as an error
 		 */
 		if (ip && ip->ip_src.s_addr == INADDR_ANY) {
 			uint8_t proto = ip->ip_p;
 			SPPP_UNLOCK(sp);
 			splx(s);
 			m_freem(m);
 			if (proto == IPPROTO_TCP)
 				return (EADDRNOTAVAIL);
 			else
 				return (0);
+		}
 #ifndef SPPPSUBR_MPSAFE
 		/*
 		 * Put low delay, telnet, rlogin and ftp control packets
 		 * in front of the queue.
 		 */
 		if (!IF_QFULL(&sp->pp_fastq) &&
 		    ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) ||
 		     (th && (INTERACTIVE(ntohs(th->th_sport)) ||
 		      INTERACTIVE(ntohs(th->th_dport))))))
 			ifq = &sp->pp_fastq;
 #endif /* !SPPPSUBR_MPSAFE */
+	}
 #endif
 #ifdef INET6
 	if (dst->sa_family == AF_INET6) {
 		/* XXX do something tricky here? */
+	}
 #endif
 	if ((sp->pp_flags & PP_NOFRAMING) == 0) {
 		/*
 		 * Prepend general data packet PPP header. For now, IP only.
 		 */
 		M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT);
 		if (! m) {
 			if (ifp->if_flags & IFF_DEBUG)
 				log(LOG_DEBUG, "%s: no memory for transmit header\n",
 					ifp->if_xname);
 			if_statinc(ifp, if_oerrors);
 			SPPP_UNLOCK(sp);
 			splx(s);
 			return (ENOBUFS);
+		}
 		/*
 		 * May want to check size of packet
 		 * (albeit due to the implementation it's always enough)
 		 */
 		h = mtod(m, struct ppp_header *);
 		if (sp->pp_flags & PP_CISCO) {
 			h->address = CISCO_UNICAST;        /* unicast address */
 			h->control = 0;
 		} else {
 			h->address = PPP_ALLSTATIONS;        /* broadcast address */
 			h->control = PPP_UI;                 /* Unnumbered Info */
+		}
+	}
 	switch (dst->sa_family) {
 #ifdef INET
 	case AF_INET:   /* Internet Protocol */
 		if (sp->pp_flags & PP_CISCO)
 			protocol = htons(ETHERTYPE_IP);
 		else {
 			/*
 			 * Don't choke with an ENETDOWN early.  It's
 			 * possible that we just started dialing out,
 			 * so don't drop the packet immediately.  If
 			 * we notice that we run out of buffer space
 			 * below, we will however remember that we are
 			 * not ready to carry IP packets, and return
 			 * ENETDOWN, as opposed to ENOBUFS.
 			 */
 			protocol = htons(PPP_IP);
 			if (sp->state[IDX_IPCP] != STATE_OPENED)
 				error = ENETDOWN;
+		}
 		break;
 #endif
 #ifdef INET6
 	case AF_INET6:   /* Internet Protocol version 6 */
 		if (sp->pp_flags & PP_CISCO)
 			protocol = htons(ETHERTYPE_IPV6);
 		else {
 			/*
 			 * Don't choke with an ENETDOWN early.  It's
 			 * possible that we just started dialing out,
 			 * so don't drop the packet immediately.  If
 			 * we notice that we run out of buffer space
 			 * below, we will however remember that we are
 			 * not ready to carry IP packets, and return
 			 * ENETDOWN, as opposed to ENOBUFS.
 			 */
 			protocol = htons(PPP_IPV6);
 			if (sp->state[IDX_IPV6CP] != STATE_OPENED)
 				error = ENETDOWN;
+		}
 		break;
 #endif
 	default:
 		m_freem(m);
 		if_statinc(ifp, if_oerrors);
 		SPPP_UNLOCK(sp);
 		splx(s);
 		return (EAFNOSUPPORT);
+	}
 	if (sp->pp_flags & PP_NOFRAMING) {
 		M_PREPEND(m, 2, M_DONTWAIT);
 		if (m == NULL) {
 			if (ifp->if_flags & IFF_DEBUG)
 				log(LOG_DEBUG, "%s: no memory for transmit header\n",
 					ifp->if_xname);
 			if_statinc(ifp, if_oerrors);
 			SPPP_UNLOCK(sp);
 			splx(s);
 			return (ENOBUFS);
+		}
 		*mtod(m, uint16_t *) = protocol;
 	} else {
 		h->protocol = protocol;
+	}
 	pktlen = m->m_pkthdr.len;
 #ifdef SPPPSUBR_MPSAFE
 	SPPP_UNLOCK(sp);
 	error = if_transmit_lock(ifp, m);
 	SPPP_LOCK(sp, RW_READER);
 	if (error == 0)
 		if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes);
 #else /* !SPPPSUBR_MPSAFE */
 	error = ifq_enqueue2(ifp, ifq, m);
 	if (error == 0) {
 		/*
 		 * Count output packets and bytes.
 		 * The packet length includes header + additional hardware
 		 * framing according to RFC 1333.
 		 */
 		if (!(ifp->if_flags & IFF_OACTIVE)) {
 			SPPP_UNLOCK(sp);
 			if_start_lock(ifp);
 			SPPP_LOCK(sp, RW_READER);
+		}
 		if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes);
+	}
 #endif /* !SPPPSUBR_MPSAFE */
 	SPPP_UNLOCK(sp);
 	splx(s);
 	return error;
+}
 static int
 sppp_mediachange(struct ifnet *ifp)
+{
 	return (0);
+}
 static void
 sppp_mediastatus(struct ifnet *ifp, struct ifmediareq *imr)
+{
-	struct sppp *sp = (struct sppp *)ifp;
+	int link_state;
 	SPPP_LOCK(sp, RW_WRITER);
-	switch (ifp->if_link_state) {
+	link_state = atomic_load_relaxed(&ifp->if_link_state);
 	switch (link_state) {
 	case LINK_STATE_UP:
 		imr->ifm_status = IFM_AVALID | IFM_ACTIVE;
 		break;
 	case LINK_STATE_DOWN:
 		imr->ifm_status = IFM_AVALID;
 		break;
 	default:
 		/* Should be impossible as we set link state down in attach. */
 		imr->ifm_status = 0;
 		break;
+	}
 	SPPP_UNLOCK(sp);
+}
 void
 sppp_attach(struct ifnet *ifp)
+{
 	struct sppp *sp = (struct sppp *) ifp;
 	/* Initialize keepalive handler. */
 	if (! spppq) {
 		callout_init(&keepalive_ch, CALLOUT_MPSAFE);
 		callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
+	}
 	if (! spppq_lock)
 		spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET);
 	/* Insert new entry into the keepalive list. */
 	sp->pp_next = spppq;
 	spppq = sp;
 	sp->pp_if.if_type = IFT_PPP;
 	sp->pp_if.if_output = sppp_output;
 	sp->pp_fastq.ifq_maxlen = 32;
 	sp->pp_cpq.ifq_maxlen = 20;
 	sp->pp_loopcnt = 0;
 	sp->pp_alivecnt = 0;
 	sp->pp_last_activity = 0;
 	sp->pp_last_receive = 0;
 	sp->pp_maxalive = DEFAULT_MAXALIVECNT;
 	sp->pp_max_noreceive = DEFAULT_NORECV_TIME;
 	sp->pp_idle_timeout = 0;
 	memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq));
 	memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq));
 	sp->pp_auth_failures = 0;
 	sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES;
 	sp->pp_phase = SPPP_PHASE_DEAD;
 	sp->pp_up = sppp_notify_up;
 	sp->pp_down = sppp_notify_down;
 	rw_init(&sp->pp_lock);
 	if_alloc_sadl(ifp);
 	/* Lets not beat about the bush, we know we're down. */
 	ifp->if_link_state = LINK_STATE_DOWN;
 	/* There is no media for PPP, but it's needed to report link status. */
 	ifmedia_init(&sp->pp_im, 0, sppp_mediachange, sppp_mediastatus);
 	memset(&sp->myauth, 0, sizeof sp->myauth);
 	memset(&sp->hisauth, 0, sizeof sp->hisauth);
 	SPPP_LOCK(sp, RW_WRITER);
 	sppp_lcp_init(sp);
 	sppp_ipcp_init(sp);
 	sppp_ipv6cp_init(sp);
 	sppp_pap_init(sp);
 	sppp_chap_init(sp);
 	SPPP_UNLOCK(sp);
+}
 void
 sppp_detach(struct ifnet *ifp)
+{
 	struct sppp **q, *p, *sp = (struct sppp *) ifp;
 	/* Remove the entry from the keepalive list. */
 	SPPPQ_LOCK();
 	for (q = &spppq; (p = *q); q = &p->pp_next)
 		if (p == sp) {
 			*q = p->pp_next;
 			break;
+		}
 	SPPPQ_UNLOCK();
 	if (! spppq) {
 		/* Stop keepalive handler. */
 		callout_stop(&keepalive_ch);
 		mutex_obj_free(spppq_lock);
 		spppq_lock = NULL;
+	}
 	SPPP_LOCK(sp, RW_WRITER);
 	/* to avoid workqueue enqueued */
 	atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1);
 	workqueue_wait(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk);
 	workqueue_destroy(sp->ipcp.update_addrs_wq);
 	pcq_destroy(sp->ipcp.update_addrs_q);
 	callout_stop(&sp->ch[IDX_LCP]);
 	callout_stop(&sp->ch[IDX_IPCP]);
 	callout_stop(&sp->ch[IDX_PAP]);
 	callout_stop(&sp->ch[IDX_CHAP]);
 #ifdef INET6
 	callout_stop(&sp->ch[IDX_IPV6CP]);
 #endif
 	callout_stop(&sp->pap_my_to_ch);
 	/* free authentication info */
 	if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF);
 	if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF);
 	if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF);
 	if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF);
 	SPPP_UNLOCK(sp);
 	rw_destroy(&sp->pp_lock);
 	ifmedia_fini(&sp->pp_im);
+}
 /*
  * Flush the interface output queue.
  */
 void
 sppp_flush(struct ifnet *ifp)
+{
 	struct sppp *sp = (struct sppp *) ifp;
 	SPPP_LOCK(sp, RW_WRITER);
 	IFQ_PURGE(&sp->pp_if.if_snd);
 	IF_PURGE(&sp->pp_fastq);
 	IF_PURGE(&sp->pp_cpq);
 	SPPP_UNLOCK(sp);
+}
 /*
  * Check if the output queue is empty.
  */
 int
 sppp_isempty(struct ifnet *ifp)
+{
 	struct sppp *sp = (struct sppp *) ifp;
 	int empty, s;
 	s = splnet();
 	SPPP_LOCK(sp, RW_READER);
 	empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) &&
 		IFQ_IS_EMPTY(&sp->pp_if.if_snd);
 	SPPP_UNLOCK(sp);
 	splx(s);
 	return (empty);
+}
 /*
  * Get next packet to send.
  */
 struct mbuf *
 sppp_dequeue(struct ifnet *ifp)
+{
 	struct sppp *sp = (struct sppp *) ifp;
 	struct mbuf *m;
 	int s;
 	s = splnet();
 	SPPP_LOCK(sp, RW_WRITER);
 	/*
 	 * Process only the control protocol queue until we have at
 	 * least one NCP open.
+	 *
 	 * Do always serve all three queues in Cisco mode.
 	 */
 	IF_DEQUEUE(&sp->pp_cpq, m);
 	if (m == NULL &&
 	    (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
 		IF_DEQUEUE(&sp->pp_fastq, m);
 		if (m == NULL)
 			IFQ_DEQUEUE(&sp->pp_if.if_snd, m);
+	}
 	SPPP_UNLOCK(sp);
 	splx(s);
 	return m;
+}
 /*
  * Process an ioctl request.  Called on low priority level.
  */
 int
 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
+{
 	struct lwp *l = curlwp;	/* XXX */
 	struct ifreq *ifr = (struct ifreq *) data;
 	struct ifaddr *ifa = (struct ifaddr *) data;
 	struct sppp *sp = (struct sppp *) ifp;
 	int s, error=0, going_up, going_down;
 	u_short newmode;
 	s = splnet();
 	switch (cmd) {
 	case SIOCINITIFADDR:
 		ifa->ifa_rtrequest = p2p_rtrequest;
 		break;
 	case SIOCSIFFLAGS:
 		if ((error = ifioctl_common(ifp, cmd, data)) != 0)
 			break;
 		SPPP_LOCK(sp, RW_WRITER);
 		going_up = ifp->if_flags & IFF_UP &&
 			(ifp->if_flags & IFF_RUNNING) == 0;
 		going_down = (ifp->if_flags & IFF_UP) == 0 &&
 			ifp->if_flags & IFF_RUNNING;
 		newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
 		if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
 			/* sanity */
 			newmode = IFF_PASSIVE;
 			ifp->if_flags &= ~IFF_AUTO;
+		}
 		if (going_up || going_down) {
 			lcp.Close(sp);
+		}
 		if (going_up && newmode == 0) {
 			/* neither auto-dial nor passive */
 			ifp->if_flags |= IFF_RUNNING;
 			if (!(sp->pp_flags & PP_CISCO))
 				lcp.Open(sp);
 		} else if (going_down) {
 			SPPP_UNLOCK(sp);
 			sppp_flush(ifp);
 			SPPP_LOCK(sp, RW_WRITER);
 			ifp->if_flags &= ~IFF_RUNNING;
+		}
 		SPPP_UNLOCK(sp);
 		break;
 	case SIOCSIFMTU:
 		if (ifr->ifr_mtu < PPP_MINMRU ||
 		    ifr->ifr_mtu > sp->lcp.their_mru) {
 			error = EINVAL;
 			break;
+		}
 		/*FALLTHROUGH*/
 	case SIOCGIFMTU:
 		if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET)
 			error = 0;
 		break;
 	case SIOCADDMULTI:
 	case SIOCDELMULTI:
 		break;
 	case SPPPSETAUTHCFG:
 	case SPPPSETLCPCFG:
 	case SPPPSETIDLETO:
 	case SPPPSETAUTHFAILURE:
 	case SPPPSETDNSOPTS:
 	case SPPPSETKEEPALIVE:
 #if defined(COMPAT_50) || defined(MODULAR)
 	case __SPPPSETIDLETO50:
 	case __SPPPSETKEEPALIVE50:
 #endif /* COMPAT_50 || MODULAR */
 		error = kauth_authorize_network(l->l_cred,
 		    KAUTH_NETWORK_INTERFACE,
 		    KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
 		    NULL);
 		if (error)
 			break;
 		error = sppp_params(sp, cmd, data);
 		break;
 	case SPPPGETAUTHCFG:
 	case SPPPGETLCPCFG:
 	case SPPPGETAUTHFAILURES:
 		error = kauth_authorize_network(l->l_cred,
 		    KAUTH_NETWORK_INTERFACE,
 		    KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd,
 		    NULL);
 		if (error)
 			break;
 		error = sppp_params(sp, cmd, data);
 		break;
 	case SPPPGETSTATUS:
 	case SPPPGETSTATUSNCP:
 	case SPPPGETIDLETO:
 	case SPPPGETDNSOPTS:
 	case SPPPGETDNSADDRS:
 	case SPPPGETKEEPALIVE:
 #if defined(COMPAT_50) || defined(MODULAR)
 	case __SPPPGETIDLETO50:
 	case __SPPPGETKEEPALIVE50:
 #endif /* COMPAT_50 || MODULAR */
 		error = sppp_params(sp, cmd, data);
 		break;
 	case SIOCGIFMEDIA:
 		error = ifmedia_ioctl(ifp, ifr, &sp->pp_im, cmd);
 		break;
 	default:
 		error = ifioctl_common(ifp, cmd, data);
 		break;
+	}
 	splx(s);
 	return (error);
+}
 /*
  * Cisco framing implementation.
  */
 /*
  * Handle incoming Cisco keepalive protocol packets.
  */
 static void
 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
+{
 	STDDCL;
 	struct cisco_packet *h;
 #ifdef INET
 	uint32_t me, mymask = 0;	/* XXX: GCC */
 #endif
 	SPPP_LOCK(sp, RW_WRITER);
 	if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
 		if (debug)
 			log(LOG_DEBUG,
 			    "%s: cisco invalid packet length: %d bytes\n",
 			    ifp->if_xname, m->m_pkthdr.len);
 		SPPP_UNLOCK(sp);
 		return;
+	}
 	h = mtod(m, struct cisco_packet *);
 	if (debug)
 		log(LOG_DEBUG,
 		    "%s: cisco input: %d bytes "
 		    "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
 		    ifp->if_xname, m->m_pkthdr.len,
 		    ntohl(h->type), h->par1, h->par2, (u_int)h->rel,
 		    (u_int)h->time0, (u_int)h->time1);
 	switch (ntohl(h->type)) {
 	default:
 		if (debug)
 			addlog("%s: cisco unknown packet type: 0x%x\n",
 			       ifp->if_xname, ntohl(h->type));
 		break;
 	case CISCO_ADDR_REPLY:
 		/* Reply on address request, ignore */
 		break;
 	case CISCO_KEEPALIVE_REQ:
 		sp->pp_alivecnt = 0;
 		sp->pp_rseq[IDX_LCP] = ntohl(h->par1);
 		if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
 			/* Local and remote sequence numbers are equal.
 			 * Probably, the line is in loopback mode. */
 			if (sp->pp_loopcnt >= LOOPALIVECNT) {
 				printf ("%s: loopback\n",
 					ifp->if_xname);
 				sp->pp_loopcnt = 0;
 				if (ifp->if_flags & IFF_UP) {
 					SPPP_UNLOCK(sp);
 					if_down(ifp);
 					SPPP_LOCK(sp, RW_WRITER);
 					IF_PURGE(&sp->pp_cpq);
+				}
+			}
 			++sp->pp_loopcnt;
 			/* Generate new local sequence number */
 			sp->pp_seq[IDX_LCP] = cprng_fast32();
 			break;
+		}
 		sp->pp_loopcnt = 0;
 		if (! (ifp->if_flags & IFF_UP) &&
 		    (ifp->if_flags & IFF_RUNNING)) {
 			SPPP_UNLOCK(sp);
 			if_up(ifp);
 			SPPP_LOCK(sp, RW_WRITER);
+		}
 		break;
 	case CISCO_ADDR_REQ:
 #ifdef INET
 		sppp_get_ip_addrs(sp, &me, 0, &mymask);
 		if (me != 0L)
 			sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
 #endif
 		break;
+	}
 	SPPP_UNLOCK(sp);
+}
 /*
  * Send Cisco keepalive packet.
  */
 static void
 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2)
+{
 	STDDCL;
 	struct ppp_header *h;
 	struct cisco_packet *ch;
 	struct mbuf *m;
 	uint32_t t;
 	KASSERT(SPPP_WLOCKED(sp));
 	t = time_uptime * 1000;
 	MGETHDR(m, M_DONTWAIT, MT_DATA);
 	if (! m)
 		return;
 	m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
 	m_reset_rcvif(m);
 	h = mtod(m, struct ppp_header *);
 	h->address = CISCO_MULTICAST;
 	h->control = 0;
 	h->protocol = htons(CISCO_KEEPALIVE);
 	ch = (struct cisco_packet *)(h + 1);
 	ch->type = htonl(type);
 	ch->par1 = htonl(par1);
 	ch->par2 = htonl(par2);
 	ch->rel = -1;
 	ch->time0 = htons((u_short)(t >> 16));
 	ch->time1 = htons((u_short) t);
 	if (debug)
 		log(LOG_DEBUG,
 		    "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
 			ifp->if_xname, ntohl(ch->type), ch->par1,
 			ch->par2, (u_int)ch->rel, (u_int)ch->time0,
 			(u_int)ch->time1);
 	if (IF_QFULL(&sp->pp_cpq)) {
 		IF_DROP(&sp->pp_fastq);
 		IF_DROP(&ifp->if_snd);
 		m_freem(m);
 		if_statinc(ifp, if_oerrors);
 		return;
+	}
 	if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes);
 	IF_ENQUEUE(&sp->pp_cpq, m);
 	if (! (ifp->if_flags & IFF_OACTIVE)) {
 		SPPP_UNLOCK(sp);
 		if_start_lock(ifp);
 		SPPP_LOCK(sp, RW_WRITER);
+	}
+}
 /*
  * PPP protocol implementation.
  */
 /*
  * Send PPP control protocol packet.
  */
 static void
 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
 	     u_char ident, u_short len, void *data)
+{
 	STDDCL;
 	struct lcp_header *lh;
 	struct mbuf *m;
 	size_t pkthdrlen;
 	KASSERT(SPPP_WLOCKED(sp));
 	pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
 	if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
 		len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
 	MGETHDR(m, M_DONTWAIT, MT_DATA);
 	if (! m) {
 		return;
+	}
 	m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
 	m_reset_rcvif(m);
 	if (sp->pp_flags & PP_NOFRAMING) {
 		*mtod(m, uint16_t *) = htons(proto);
 		lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2);
 	} else {
 		struct ppp_header *h;
 		h = mtod(m, struct ppp_header *);
 		h->address = PPP_ALLSTATIONS;        /* broadcast address */
 		h->control = PPP_UI;                 /* Unnumbered Info */
 		h->protocol = htons(proto);         /* Link Control Protocol */
 		lh = (struct lcp_header *)(h + 1);
+	}
 	lh->type = type;
 	lh->ident = ident;
 	lh->len = htons(LCP_HEADER_LEN + len);
 	if (len)
 		memcpy(lh + 1, data, len);
 	if (debug) {
 		log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d",
 		    ifp->if_xname,
 		    sppp_proto_name(proto),
 		    sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len));
 		if (len)
 			sppp_print_bytes((u_char *)(lh + 1), len);
 		addlog(">\n");
+	}
 	if (IF_QFULL(&sp->pp_cpq)) {
 		IF_DROP(&sp->pp_fastq);
 		IF_DROP(&ifp->if_snd);
 		m_freem(m);
 		if_statinc(ifp, if_oerrors);
 		return;
+	}
 	if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes);
 	IF_ENQUEUE(&sp->pp_cpq, m);
 	if (! (ifp->if_flags & IFF_OACTIVE)) {
 		SPPP_UNLOCK(sp);
 		if_start_lock(ifp);
 		SPPP_LOCK(sp, RW_WRITER);
+	}
+}
 /*
  * Handle incoming PPP control protocol packets.
  */
 static void
 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
+{
 	STDDCL;
 	struct lcp_header *h;
 	int printlen, len = m->m_pkthdr.len;
 	int rv;
 	u_char *p;
 	uint32_t u32;
 	SPPP_LOCK(sp, RW_WRITER);
 	if (len < 4) {
 		if (debug)
 			log(LOG_DEBUG,
 			    "%s: %s invalid packet length: %d bytes\n",
 			    ifp->if_xname, cp->name, len);
 		SPPP_UNLOCK(sp);
 		return;
+	}
 	h = mtod(m, struct lcp_header *);
 	if (debug) {
 		printlen = ntohs(h->len);
 		log(LOG_DEBUG,
 		    "%s: %s input(%s): <%s id=0x%x len=%d",
 		    ifp->if_xname, cp->name,
 		    sppp_state_name(sp->state[cp->protoidx]),
 		    sppp_cp_type_name(h->type), h->ident, printlen);
 		if (len < printlen)
 			printlen = len;
 		if (printlen > 4)
 			sppp_print_bytes((u_char *)(h + 1), printlen - 4);
 		addlog(">\n");
+	}
 	if (len > ntohs(h->len))
 		len = ntohs(h->len);
 	p = (u_char *)(h + 1);
 	switch (h->type) {
 	case CONF_REQ:
 		if (len < 4) {
 			if (debug)
 				addlog("%s: %s invalid conf-req length %d\n",
 				       ifp->if_xname, cp->name,
 				       len);
 			if_statinc(ifp, if_ierrors);
 			break;
+		}
 		/* handle states where RCR doesn't get a SCA/SCN */
 		switch (sp->state[cp->protoidx]) {
 		case STATE_CLOSING:
 		case STATE_STOPPING:
 			SPPP_UNLOCK(sp);
 			return;
 		case STATE_CLOSED:
 			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
 , 0);
 			SPPP_UNLOCK(sp);
 			return;
+		}
 		rv = (cp->RCR)(sp, h, len);
 		if (rv < 0) {
 			/* fatal error, shut down */
 			(cp->tld)(sp);
 			sppp_lcp_tlf(sp);
 			SPPP_UNLOCK(sp);
 			return;
+		}
 		switch (sp->state[cp->protoidx]) {
 		case STATE_OPENED:
 			(cp->tld)(sp);
 			(cp->scr)(sp);
 			/* fall through... */
 		case STATE_ACK_SENT:
 		case STATE_REQ_SENT:
 			sppp_cp_change_state(cp, sp, rv?
 					     STATE_ACK_SENT: STATE_REQ_SENT);
 			break;
 		case STATE_STOPPED:
 			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
 			(cp->scr)(sp);
 			sppp_cp_change_state(cp, sp, rv?
 					     STATE_ACK_SENT: STATE_REQ_SENT);
 			break;
 		case STATE_ACK_RCVD:
 			if (rv) {
 				sppp_cp_change_state(cp, sp, STATE_OPENED);
 				if (debug)
 					log(LOG_DEBUG, "%s: %s tlu\n",
 					    ifp->if_xname,
 					    cp->name);
 				(cp->tlu)(sp);
 			} else
 				sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
 			break;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
 	case CONF_ACK:
 		if (h->ident != sp->confid[cp->protoidx]) {
 			if (debug)
 				addlog("%s: %s id mismatch 0x%x != 0x%x\n",
 				       ifp->if_xname, cp->name,
 				       h->ident, sp->confid[cp->protoidx]);
 			if_statinc(ifp, if_ierrors);
 			break;
+		}
 		switch (sp->state[cp->protoidx]) {
 		case STATE_CLOSED:
 		case STATE_STOPPED:
 			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
 			break;
 		case STATE_CLOSING:
 		case STATE_STOPPING:
 			break;
 		case STATE_REQ_SENT:
 			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
 			sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
 			break;
 		case STATE_OPENED:
 			(cp->tld)(sp);
 			/* fall through */
 		case STATE_ACK_RCVD:
 			(cp->scr)(sp);
 			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
 			break;
 		case STATE_ACK_SENT:
 			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
 			sppp_cp_change_state(cp, sp, STATE_OPENED);
 			if (debug)
 				log(LOG_DEBUG, "%s: %s tlu\n",
 				       ifp->if_xname, cp->name);
 			(cp->tlu)(sp);
 			break;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
 	case CONF_NAK:
 	case CONF_REJ:
 		if (h->ident != sp->confid[cp->protoidx]) {
 			if (debug)
 				addlog("%s: %s id mismatch 0x%x != 0x%x\n",
 				       ifp->if_xname, cp->name,
 				       h->ident, sp->confid[cp->protoidx]);
 			if_statinc(ifp, if_ierrors);
 			break;
+		}
 		if (h->type == CONF_NAK)
 			(cp->RCN_nak)(sp, h, len);
 		else /* CONF_REJ */
 			(cp->RCN_rej)(sp, h, len);
 		switch (sp->state[cp->protoidx]) {
 		case STATE_CLOSED:
 		case STATE_STOPPED:
 			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
 			break;
 		case STATE_REQ_SENT:
 		case STATE_ACK_SENT:
 			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
 			(cp->scr)(sp);
 			break;
 		case STATE_OPENED:
 			(cp->tld)(sp);
 			/* fall through */
 		case STATE_ACK_RCVD:
 			sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
 			(cp->scr)(sp);
 			break;
 		case STATE_CLOSING:
 		case STATE_STOPPING:
 			break;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
 	case TERM_REQ:
 		switch (sp->state[cp->protoidx]) {
 		case STATE_ACK_RCVD:
 		case STATE_ACK_SENT:
 			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
 			/* fall through */
 		case STATE_CLOSED:
 		case STATE_STOPPED:
 		case STATE_CLOSING:
 		case STATE_STOPPING:
 		case STATE_REQ_SENT:
 		  sta:
 			/* Send Terminate-Ack packet. */
 			if (debug)
 				log(LOG_DEBUG, "%s: %s send terminate-ack\n",
 				    ifp->if_xname, cp->name);
 			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
 			break;
 		case STATE_OPENED:
 			(cp->tld)(sp);
 			sp->rst_counter[cp->protoidx] = 0;
 			sppp_cp_change_state(cp, sp, STATE_STOPPING);
 			goto sta;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
 	case TERM_ACK:
 		switch (sp->state[cp->protoidx]) {
 		case STATE_CLOSED:
 		case STATE_STOPPED:
 		case STATE_REQ_SENT:
 		case STATE_ACK_SENT:
 			break;
 		case STATE_CLOSING:
 			(cp->tlf)(sp);
 			sppp_cp_change_state(cp, sp, STATE_CLOSED);
 			sppp_lcp_check_and_close(sp);
 			break;
 		case STATE_STOPPING:
 			(cp->tlf)(sp);
 			sppp_cp_change_state(cp, sp, STATE_STOPPED);
 			sppp_lcp_check_and_close(sp);
 			break;
 		case STATE_ACK_RCVD:
 			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
 			break;
 		case STATE_OPENED:
 			(cp->tld)(sp);
 			(cp->scr)(sp);
 			sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
 			break;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
 	case CODE_REJ:
 		/* XXX catastrophic rejects (RXJ-) aren't handled yet. */
 		log(LOG_INFO,
 		    "%s: %s: ignoring RXJ (%s) for code ?, "
 		    "danger will robinson\n",
 		    ifp->if_xname, cp->name,
 		    sppp_cp_type_name(h->type));
 		switch (sp->state[cp->protoidx]) {
 		case STATE_CLOSED:
 		case STATE_STOPPED:
 		case STATE_REQ_SENT:
 		case STATE_ACK_SENT:
 		case STATE_CLOSING:
 		case STATE_STOPPING:
 		case STATE_OPENED:
 			break;
 		case STATE_ACK_RCVD:
 			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
 			break;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
 	case PROTO_REJ:
+	    {
 		int catastrophic;
 		const struct cp *upper;
 		int i;
 		uint16_t proto;
 		catastrophic = 0;
 		upper = NULL;
 		proto = p[0] << 8 | p[1];
 		for (i = 0; i < IDX_COUNT; i++) {
 			if (cps[i]->proto == proto) {
 				upper = cps[i];
 				break;
+			}
+		}
 		if (upper == NULL)
 			catastrophic++;
 		if (debug)
 			log(LOG_INFO,
 			    "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
 			    ifp->if_xname, cp->name, catastrophic ? '-' : '+',
 			    sppp_cp_type_name(h->type), proto,
 			    upper ? upper->name : "unknown",
 			    upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
 		/*
 		 * if we got RXJ+ against conf-req, the peer does not implement
 		 * this particular protocol type.  terminate the protocol.
 		 */
 		if (upper && !catastrophic) {
 			if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
 				upper->Close(sp);
 				break;
+			}
+		}
 		/* XXX catastrophic rejects (RXJ-) aren't handled yet. */
 		switch (sp->state[cp->protoidx]) {
 		case STATE_CLOSED:
 		case STATE_STOPPED:
 		case STATE_REQ_SENT:
 		case STATE_ACK_SENT:
 		case STATE_CLOSING:
 		case STATE_STOPPING:
 		case STATE_OPENED:
 			break;
 		case STATE_ACK_RCVD:
 			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
 			break;
 		default:
 			printf("%s: %s illegal %s in state %s\n",
 			       ifp->if_xname, cp->name,
 			       sppp_cp_type_name(h->type),
 			       sppp_state_name(sp->state[cp->protoidx]));
 			if_statinc(ifp, if_ierrors);
+		}
 		break;
+	    }
 	case DISC_REQ:
 		if (cp->proto != PPP_LCP)
 			goto illegal;
 		/* Discard the packet. */
 		break;
 	case ECHO_REQ:
 		if (cp->proto != PPP_LCP)
 			goto illegal;
 		if (sp->state[cp->protoidx] != STATE_OPENED) {
 			if (debug)
 				addlog("%s: lcp echo req but lcp closed\n",
 				       ifp->if_xname);
 			if_statinc(ifp, if_ierrors);
 			break;
+		}
 		if (len < 8) {
 			if (debug)
 				addlog("%s: invalid lcp echo request "
 				       "packet length: %d bytes\n",
 				       ifp->if_xname, len);
 			break;
+		}
 		memcpy(&u32, h + 1, sizeof u32);
 		if (ntohl(u32) == sp->lcp.magic) {
 			/* Line loopback mode detected. */
 			printf("%s: loopback\n", ifp->if_xname);
 			SPPP_UNLOCK(sp);
 			if_down(ifp);
 			SPPP_LOCK(sp, RW_WRITER);
 			IF_PURGE(&sp->pp_cpq);
 			/* Shut down the PPP link. */
 			/* XXX */
 			lcp.Down(sp);
 			lcp.Up(sp);
 			break;
+		}
 		u32 = htonl(sp->lcp.magic);
 		memcpy(h + 1, &u32, sizeof u32);
 		if (debug)
 			addlog("%s: got lcp echo req, sending echo rep\n",
 			       ifp->if_xname);
 		sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4,
 		    h + 1);
 		break;
 	case ECHO_REPLY:
 		if (cp->proto != PPP_LCP)
 			goto illegal;
 		if (h->ident != sp->lcp.echoid) {
 			if_statinc(ifp, if_ierrors);
 			break;
+		}
 		if (len < 8) {
 			if (debug)
 				addlog("%s: lcp invalid echo reply "
 				       "packet length: %d bytes\n",
 				       ifp->if_xname, len);
 			break;
+		}
 		if (debug)
 			addlog("%s: lcp got echo rep\n",
 			       ifp->if_xname);
 		memcpy(&u32, h + 1, sizeof u32);
 		if (ntohl(u32) != sp->lcp.magic)
 			sp->pp_alivecnt = 0;
 		break;
 	default:
 		/* Unknown packet type -- send Code-Reject packet. */
 	  illegal:
 		if (debug)
 			addlog("%s: %s send code-rej for 0x%x\n",
 			       ifp->if_xname, cp->name, h->type);
 		sppp_cp_send(sp, cp->proto, CODE_REJ,
 		    ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
 		if_statinc(ifp, if_ierrors);
+	}
 	SPPP_UNLOCK(sp);
+}
 /*
  * The generic part of all Up/Down/Open/Close/TO event handlers.
  * Basically, the state transition handling in the automaton.
  */
 static void
 sppp_up_event(const struct cp *cp, struct sppp *sp)
+{
 	STDDCL;
 	KASSERT(SPPP_WLOCKED(sp));
 	if (debug)
 		log(LOG_DEBUG, "%s: %s up(%s)\n",
 		    ifp->if_xname, cp->name,
 		    sppp_state_name(sp->state[cp->protoidx]));
 	switch (sp->state[cp->protoidx]) {
 	case STATE_INITIAL:
 		sppp_cp_change_state(cp, sp, STATE_CLOSED);
 		break;
 	case STATE_STARTING:
 		sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
 		(cp->scr)(sp);
 		sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
 		break;
 	default:
 		printf("%s: %s illegal up in state %s\n",
 		       ifp->if_xname, cp->name,
 		       sppp_state_name(sp->state[cp->protoidx]));
+	}
+}
 static void
 sppp_down_event(const struct cp *cp, struct sppp *sp)
+{
 	STDDCL;
 	KASSERT(SPPP_WLOCKED(sp));
 	if (debug)
 		log(LOG_DEBUG, "%s: %s down(%s)\n",
 		    ifp->if_xname, cp->name,
 		    sppp_state_name(sp->state[cp->protoidx]));
 	switch (sp->state[cp->protoidx]) {
 	case STATE_CLOSED:
 	case STATE_CLOSING:
 		sppp_cp_change_state(cp, sp, STATE_INITIAL);
 		break;
 	case STATE_STOPPED:
 		(cp->tls)(sp);
 		/* fall through */
 	case STATE_STOPPING:
 	case STATE_REQ_SENT:
 	case STATE_ACK_RCVD:
 	case STATE_ACK_SENT:
 		sppp_cp_change_state(cp, sp, STATE_STARTING);
 		break;