[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Tue Mar 9 12:42:18 UTC 2021
New commits:
commit 75a79b49298527b3e4c8200fa2dd30e06a4164f9
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Mar 8 22:46:24 2021 -0500
ip: make *_is_unset() and *_eq() more robust
Don't assume the gaps between struct fields are initialized. For
instance, in the below the 3-byte gap between .is_set and .version
contains garbage:
ip_address a = {
.is_set = true,
.version = afi == NULL ? 0 : afi->ip_version,
.bytes = *bytes,
};
0x7fffffffdda0: 0x01 0x4c 0x58 0x55 0x00 0x00 0x00 0x00
0x7fffffffdda8: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x7fffffffddb0: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
which means using:
ip_address a = <per-above>;
if (thingeq(a, unset_address)) ...
is not robust
- in *_is_unset() use !*->is_set
perhaps overkill as any default initialized structure should be all
zeros?
- in *_eq() use *_is_unset() and compare individual fields
- in endpoint_eq() do an exact match
i.e., drop the code treating ipproto=0 port=0 as wildcards
commit d149989613afe6f84932a00ec5dc6aae9b47b42e
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 25 14:40:45 2021 -0500
ip: allow numeric_to_selector("1.2.3.4/10:UDP:22")
remember, only tests are using this
commit 3c764e2f8f889b22a230545ee72efa511748c0d0
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Mar 8 22:30:09 2021 -0500
ip: rename .is_{address,endpoint,selector,subnet} to .is_set
now that all the types are distinct
Update pexpect_*(), and dump the raw address bytes.
More information about the Swan-commit
mailing list