MFC r299387:
r299387 (by cem):

netipsec: Fix minor style nit

Coverity points out that 'continue' is equivalent to 'break' in a do {}
while(false) loop.

CID: 1354983

MFC r295967:
Fix useless check. m_pkthdr.len should be equal to orglen.

MFC r285204:
Fill the port and protocol information in the SADB_ACQUIRE message
in case when security policy has it as required by RFC 2367.

PR: 192774

Approved by: re (delphij)

MFC r283146:
In the reply to SADB_X_SPDGET message use the same sequence number that
was in the request. Some IKE deamons expect it will the same. Linux and
NetBSD also follow this behaviour.

PR: 137309

MFC r283101:
Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARD
extension header type. The key_flush_sad() now will send SADB_EXPIRE
message when HARD lifetime expires. This is required by RFC 2367 and some
keying daemons rely on these messages. HARD lifetime messages have
precedence over SOFT lifetime messages, so now they will be checked first.
Also now SADB_EXPIRE messages will be send even the SA has not been used,
because keying daemons might want to rekey such SA.

PR: 200282, 200283

MFC r283102:
Change SA's state before sending SADB_EXPIRE message. This state will
be reported to keying daemon.

MFC r275390:
Remove unused declartations.

MFC r275437:
ANSIfy function declarations.

MFC r275438:
Remove __P() macro.

Sponsored by: Yandex LLC

MFC r275392:
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;

Sponsored by: Yandex LLC

MFC r279735:
Remove extra '&'. sin6 is already a pointer.

PR: 195011

MFC r275575:
key_getspacq() returns holding the spacq_lock. Unlock it in all cases.

Sponsored by: Yandex LLC

MFC r273904:
Use in_localip() instead of handmade implementation.

Sponsored by: Yandex LLC

MFC r266606:

Only do a ports check if this is a NAT-T SA. Otherwise other
lookups providing ports may get unexpected results.

MFC r285204:
Fill the port and protocol information in the SADB_ACQUIRE message
in case when security policy has it as required by RFC 2367.

PR: 192774

Approved by: re (delphij)

MFC r283146:
In the reply to SADB_X_SPDGET message use the same sequence number that
was in the request. Some IKE deamons expect it will the same. Linux and
NetBSD also follow this behaviour.

PR: 137309

MFC r283101:
Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARD
extension header type. The key_flush_sad() now will send SADB_EXPIRE
message when HARD lifetime expires. This is required by RFC 2367 and some
keying daemons rely on these messages. HARD lifetime messages have
precedence over SOFT lifetime messages, so now they will be checked first.
Also now SADB_EXPIRE messages will be send even the SA has not been used,
because keying daemons might want to rekey such SA.

PR: 200282, 200283

MFC r283102:
Change SA's state before sending SADB_EXPIRE message. This state will
be reported to keying daemon.

MFC r275390:
Remove unused declartations.

MFC r275437:
ANSIfy function declarations.

MFC r275438:
Remove __P() macro.

Sponsored by: Yandex LLC

MFC r275392:
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;

Sponsored by: Yandex LLC

MFC r279735:
Remove extra '&'. sin6 is already a pointer.

PR: 195011

MFC r275575:
key_getspacq() returns holding the spacq_lock. Unlock it in all cases.

Sponsored by: Yandex LLC

MFC r273904:
Use in_localip() instead of handmade implementation.

Sponsored by: Yandex LLC

MFC r266606:

Only do a ports check if this is a NAT-T SA. Otherwise other
lookups providing ports may get unexpected results.