[Swan-dev] COOKIE_SIZE is IKEv1!

Andrew Cagney andrew.cagney at gmail.com
Mon Jul 16 12:29:45 UTC 2018


Hugh,

I see zero benefit in this change.

- COOKIE_SIZE is IKEv1 so should not appear in IKEv2 code at all!
IKEv2 has cookies but they are completely different, having nothing to
do with this value.
- I suspect IPSEC_DOI_SPI_SIZE is equally dubious

and by using magic macros we've just burried what should be simple numbers.

Andrew

---------- Forwarded message ---------
From: D. Hugh Redelmeier <hugh at vault.libreswan.fi>
Date: Sat, 14 Jul 2018 at 09:10
Subject: [Swan-commit] Changes to ref refs/heads/master
To: <swan-commit at lists.libreswan.org>


New commits:
commit 5618b2c31d6a80a3ffa2901c024e9db5448c7d9d
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Sat Jul 14 08:59:54 2018 -0400

    pluto: tidy aspects of IKEv2 proposal handling

    - clarify that COOKIE_SIZE is also the v2 IKE SPI size

    - replace magic numbers for v2 IKE SPI size and ESP SPI size

    - check that protocol IDs are OK in non-IKE context

    - clarify that "MUST be zero" applies to the SPI length
      and not the SPI itself

    - eliminate redundant tests for invalid SPI sizes

    - eliminate some casts

_______________________________________________
Swan-commit mailing list
Swan-commit at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


More information about the Swan-dev mailing list