From: <ar...@na...> - 2008-10-22 16:26:03
|
# This useless iph2[n] stuff is just annoying to read. Remove it. # # Copyright (C) 2008 - EADS - Arnaud Ebalard <ar...@na...> Index: ipsec-tools/src/racoon/pfkey.c =================================================================== --- ipsec-tools.orig/src/racoon/pfkey.c 2008-10-22 14:35:03.328736039 +0200 +++ ipsec-tools/src/racoon/pfkey.c 2008-10-22 14:47:13.008726577 +0200 @@ -1654,12 +1654,10 @@ struct sadb_msg *msg; struct sadb_x_policy *xpl; struct secpolicy *sp_out = NULL, *sp_in = NULL; -#define MAXNESTEDSA 5 /* XXX */ - struct ph2handle *iph2[MAXNESTEDSA]; + struct ph2handle *iph2; struct sockaddr *src, *dst; /* IKE @ (for exchanges) */ struct sockaddr *sp_src, *sp_dst; /* SP @ (selectors). */ struct sockaddr *sa_src = NULL, *sa_dst = NULL ; /* SA @ */ - int n; /* # of phase 2 handler. */ #ifdef HAVE_SECCTX struct sadb_x_sec_ctx *m_sec_ctx; #endif /* HAVE_SECCTX */ @@ -1795,15 +1793,15 @@ * has to prcesss such a acquire message because racoon may * lost the expire message. */ - iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id); - if (iph2[0] != NULL) { - if (iph2[0]->status < PHASE2ST_ESTABLISHED) { + iph2 = getph2byid(src, dst, xpl->sadb_x_policy_id); + if (iph2 != NULL) { + if (iph2->status < PHASE2ST_ESTABLISHED) { plog(LLV_DEBUG, LOCATION, NULL, "ignore the acquire because ph2 found\n"); return -1; } - if (iph2[0]->status == PHASE2ST_EXPIRED) - iph2[0] = NULL; + if (iph2->status == PHASE2ST_EXPIRED) + iph2 = NULL; /*FALLTHROUGH*/ } @@ -1860,34 +1858,30 @@ } } - memset(iph2, 0, MAXNESTEDSA); - - n = 0; - /* allocate a phase 2 */ - iph2[n] = newph2(); - if (iph2[n] == NULL) { + iph2 = newph2(); + if (iph2 == NULL) { plog(LLV_ERROR, LOCATION, NULL, "failed to allocate phase2 entry.\n"); return -1; } - iph2[n]->side = INITIATOR; - iph2[n]->spid = xpl->sadb_x_policy_id; - iph2[n]->satype = msg->sadb_msg_satype; - iph2[n]->seq = msg->sadb_msg_seq; - iph2[n]->status = PHASE2ST_STATUS2; + iph2->side = INITIATOR; + iph2->spid = xpl->sadb_x_policy_id; + iph2->satype = msg->sadb_msg_satype; + iph2->seq = msg->sadb_msg_seq; + iph2->status = PHASE2ST_STATUS2; /* set address used by IKE for the negotiation (might differ from * SA address, i.e. might not be tunnel endpoints or addresses * of transport mode SA) */ - iph2[n]->dst = dupsaddr(dst); - if (iph2[n]->dst == NULL) { - delph2(iph2[n]); + iph2->dst = dupsaddr(dst); + if (iph2->dst == NULL) { + delph2(iph2); return -1; } - iph2[n]->src = dupsaddr(src); - if (iph2[n]->src == NULL) { - delph2(iph2[n]); + iph2->src = dupsaddr(src); + if (iph2->src == NULL) { + delph2(iph2); return -1; } @@ -1897,42 +1891,35 @@ * used for the IKE exchanges. Those that need these addresses * are for instance pk_sendupdate() or pk_sendgetspi() */ if (sa_src) { - iph2[n]->sa_src = dupsaddr(sa_src); - iph2[n]->sa_dst = dupsaddr(sa_dst); + iph2->sa_src = dupsaddr(sa_src); + iph2->sa_dst = dupsaddr(sa_dst); } - if (isakmp_get_sainfo(iph2[n], sp_out, sp_in) < 0) { - delph2(iph2[n]); + if (isakmp_get_sainfo(iph2, sp_out, sp_in) < 0) { + delph2(iph2); return -1; } #ifdef HAVE_SECCTX if (m_sec_ctx) { - set_secctx_in_proposal(iph2[n], spidx); + set_secctx_in_proposal(iph2, spidx); } #endif /* HAVE_SECCTX */ - insph2(iph2[n]); + insph2(iph2); /* start isakmp initiation by using ident exchange */ /* XXX should be looped if there are multiple phase 2 handler. */ - if (isakmp_post_acquire(iph2[n]) < 0) { + if (isakmp_post_acquire(iph2) < 0) { plog(LLV_ERROR, LOCATION, NULL, "failed to begin ipsec sa negotication.\n"); - goto err; + remph2(iph2); + delph2(iph2); + return -1; } return 0; - -err: - while (n >= 0) { - remph2(iph2[n]); - delph2(iph2[n]); - iph2[n] = NULL; - n--; - } - return -1; } static int |