Menu
▾
▴
[Ipsec-tools-devel] [Patch 19/20] MIPv6, PF_KEY: remove_MAXNESTEDSA_weirdness.patch
|
From: <ar...@na...> - 2008-10-22 16:26:03
|
# This useless iph2[n] stuff is just annoying to read. Remove it.
#
# Copyright (C) 2008 - EADS - Arnaud Ebalard <ar...@na...>
Index: ipsec-tools/src/racoon/pfkey.c
===================================================================
--- ipsec-tools.orig/src/racoon/pfkey.c 2008-10-22 14:35:03.328736039 +0200
+++ ipsec-tools/src/racoon/pfkey.c 2008-10-22 14:47:13.008726577 +0200
@@ -1654,12 +1654,10 @@
struct sadb_msg *msg;
struct sadb_x_policy *xpl;
struct secpolicy *sp_out = NULL, *sp_in = NULL;
-#define MAXNESTEDSA 5 /* XXX */
- struct ph2handle *iph2[MAXNESTEDSA];
+ struct ph2handle *iph2;
struct sockaddr *src, *dst; /* IKE @ (for exchanges) */
struct sockaddr *sp_src, *sp_dst; /* SP @ (selectors). */
struct sockaddr *sa_src = NULL, *sa_dst = NULL ; /* SA @ */
- int n; /* # of phase 2 handler. */
#ifdef HAVE_SECCTX
struct sadb_x_sec_ctx *m_sec_ctx;
#endif /* HAVE_SECCTX */
@@ -1795,15 +1793,15 @@
* has to prcesss such a acquire message because racoon may
* lost the expire message.
*/
- iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
- if (iph2[0] != NULL) {
- if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
+ iph2 = getph2byid(src, dst, xpl->sadb_x_policy_id);
+ if (iph2 != NULL) {
+ if (iph2->status < PHASE2ST_ESTABLISHED) {
plog(LLV_DEBUG, LOCATION, NULL,
"ignore the acquire because ph2 found\n");
return -1;
}
- if (iph2[0]->status == PHASE2ST_EXPIRED)
- iph2[0] = NULL;
+ if (iph2->status == PHASE2ST_EXPIRED)
+ iph2 = NULL;
/*FALLTHROUGH*/
}
@@ -1860,34 +1858,30 @@
}
}
- memset(iph2, 0, MAXNESTEDSA);
-
- n = 0;
-
/* allocate a phase 2 */
- iph2[n] = newph2();
- if (iph2[n] == NULL) {
+ iph2 = newph2();
+ if (iph2 == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"failed to allocate phase2 entry.\n");
return -1;
}
- iph2[n]->side = INITIATOR;
- iph2[n]->spid = xpl->sadb_x_policy_id;
- iph2[n]->satype = msg->sadb_msg_satype;
- iph2[n]->seq = msg->sadb_msg_seq;
- iph2[n]->status = PHASE2ST_STATUS2;
+ iph2->side = INITIATOR;
+ iph2->spid = xpl->sadb_x_policy_id;
+ iph2->satype = msg->sadb_msg_satype;
+ iph2->seq = msg->sadb_msg_seq;
+ iph2->status = PHASE2ST_STATUS2;
/* set address used by IKE for the negotiation (might differ from
* SA address, i.e. might not be tunnel endpoints or addresses
* of transport mode SA) */
- iph2[n]->dst = dupsaddr(dst);
- if (iph2[n]->dst == NULL) {
- delph2(iph2[n]);
+ iph2->dst = dupsaddr(dst);
+ if (iph2->dst == NULL) {
+ delph2(iph2);
return -1;
}
- iph2[n]->src = dupsaddr(src);
- if (iph2[n]->src == NULL) {
- delph2(iph2[n]);
+ iph2->src = dupsaddr(src);
+ if (iph2->src == NULL) {
+ delph2(iph2);
return -1;
}
@@ -1897,42 +1891,35 @@
* used for the IKE exchanges. Those that need these addresses
* are for instance pk_sendupdate() or pk_sendgetspi() */
if (sa_src) {
- iph2[n]->sa_src = dupsaddr(sa_src);
- iph2[n]->sa_dst = dupsaddr(sa_dst);
+ iph2->sa_src = dupsaddr(sa_src);
+ iph2->sa_dst = dupsaddr(sa_dst);
}
- if (isakmp_get_sainfo(iph2[n], sp_out, sp_in) < 0) {
- delph2(iph2[n]);
+ if (isakmp_get_sainfo(iph2, sp_out, sp_in) < 0) {
+ delph2(iph2);
return -1;
}
#ifdef HAVE_SECCTX
if (m_sec_ctx) {
- set_secctx_in_proposal(iph2[n], spidx);
+ set_secctx_in_proposal(iph2, spidx);
}
#endif /* HAVE_SECCTX */
- insph2(iph2[n]);
+ insph2(iph2);
/* start isakmp initiation by using ident exchange */
/* XXX should be looped if there are multiple phase 2 handler. */
- if (isakmp_post_acquire(iph2[n]) < 0) {
+ if (isakmp_post_acquire(iph2) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"failed to begin ipsec sa negotication.\n");
- goto err;
+ remph2(iph2);
+ delph2(iph2);
+ return -1;
}
return 0;
-
-err:
- while (n >= 0) {
- remph2(iph2[n]);
- delph2(iph2[n]);
- iph2[n] = NULL;
- n--;
- }
- return -1;
}
static int
|