[Swan-dev] COOKIE_SIZE is IKEv1!
Paul Wouters
paul at nohats.ca
Mon Jul 16 14:59:07 UTC 2018
If anything, is like to rename COOKIE_SIZE to SPI_SIZE (it’s the same for Ike v1/v2 and IPsec) to avoid confusion with the new ikev2 cookies (which we call dcookies)
But the we ought to rename st_cookie to st_spi as well.
No one but swans call these SPIs cookies.
Paul
Sent from my phone
> On Jul 16, 2018, at 10:36, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>
> | From: Andrew Cagney <andrew.cagney at gmail.com>
>
> | - COOKIE_SIZE is IKEv1 so should not appear in IKEv2 code at all!
> | IKEv2 has cookies but they are completely different, having nothing to
> | do with this value.
>
> COOKIE_SIZE is the size of the fields in the header that hold v2 IKE
> SPIs. This is by protocol design, not an accident. So this usage is
> correct.
>
> We call the fields isa_rcookie and isa_icookie. They end up in
> st_icookie and st_rcookie.
>
> If we want to give the size a v2 name, that's fine. It should be
> defined as COOKIE_SIZE, not 8, to make the relationship manifest.
> I'd prefer one name that shows both meanings but
> SIZE_IKEv1_COOKIE_IKEv2_IKE_SPI is unwieldy.
>
> I'm would be much less happy about about giving the fields two names.
> Aliasing a mutable thing is a really horrible trap.
>
> The current definition looks like this:
>
> /* COOKIE_SIZE is also IKEv2 IKE SPI size */
> #define COOKIE_SIZE 8
>
> So if someone is puzzled about a reference to COOKIE_SIZE in V2 code,
> they can look at the definition and discover this explanation.
>
> COOKIE_SIZE was already widely used in v2 code before my change. Many
> of those uses could be replaced by sizeofs.
>
> | - I suspect IPSEC_DOI_SPI_SIZE is equally dubious
>
> No, it is the size that is used in the kernel for ESP and AH SPIs.
> Nothing to do with the version of IKE. There might be another
> existing name for this, I haven't looked. If there is, it might be
> better. Good luck grepping for 4.
>
> | and by using magic macros we've just burried what should be simple numbers.
>
> This I completely disagree with. 8 means many things. COOKIE_SIZE
> shows what the heck the number is. And the name helps you find
> related uses. Good luck grepping for 8.
>
> We do not drop magic numbers into our code. I'm surprised you think
> that we should.
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list