[Swan-dev] clanger: complete_v1_state_transition

D. Hugh Redelmeier hugh at mimosa.com
Sun Jun 10 20:57:55 UTC 2018


There is some long-standing code in complete_v1_state_transition that
looks fishy.  clang thinks so, but just for a shallow reason.

Can someone who understands DPD logic look at this?

		/*
		 * make sure that a DPD event gets created for a new phase 1
		 * SA.
		 */
		if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)) {
			if (deltasecs(st->st_connection->dpd_delay) > 0 &&
			    deltasecs(st->st_connection->dpd_timeout) > 0) {
				/* don't ignore failure */
				/* ??? in fact, we do ignore this:
				 * result is NEVER used
				 * (clang 3.4 noticed this)
				 */
				stf_status s = dpd_init(st);

				if (!pexpect(s != STF_FAIL))
					result = STF_FAIL; /* ??? fall through !?! */
				/* ??? result not subsequently used. Looks bad! */
			}
		}


More information about the Swan-dev mailing list