[Swan] converting Pluto externs to file-statics, and more

Paul Wouters paul at nohats.ca
Wed Jan 8 06:15:48 EET 2014


On Tue, 7 Jan 2014, D. Hugh Redelmeier wrote:

> Questions:
> ==========
>
> It looks as if programs/pluto/stubs.c is pointless.  Can we delete it?

Done

> It looks as if a number of files are not compiled.  Should these be
> deleted?
>
> programs/spi/spi.c
> programs/addconn/addconn.c
> programs/readwriteconf/readwriteconf.c
> programs/showhostkey/showhostkey.c

Those are definately used and installed. Why do you think those are not
compiled? Did you mistakenly run make from the programs directory and
have old/bogus .o files there (instead of in OBJ.*/programs/* ?

> These important-looking functions are not used.  Should they be?
>
> linux/net/ipsec/pfkey_v2_parser.c:3561:int pfkey_build_reply(struct sadb_msg *pfkey_msg,
> programs/pf_key/pf_key.c:296:		pfkey_print(msg, stdout);
> programs/pluto/state.c:363:void rehash_state(struct state *st)
> programs/pluto/state.c:883:void rekey_p2states_by_connection(struct connection *c)
> programs/pluto/state.c:1879:void replace_states_by_peer(const ip_address *peer)
> lib/libswan/certload.c:202:bool same_cert(const cert_t *a, const cert_t *b)
> lib/libswan/udpfromto.c:186:int sendfromto(int s, void *buf, size_t len, int flags,
> programs/pluto/kernel.c:3049:bool update_ipsec_sa(struct state *st USED_BY_KLIPS)

Those need looking at to see. I would have expected same_cert(),
sendfromto() and rehash_state() to be used at least.

> delete_p2states_by_connection

If not used, I suspect we will need it soon for IKEv2 to ensure that if
a parent dies, all children die along with it. Although than the name
might need to change.

> get_x509cert
> get_x509_private_key

Those might be a leftover from pre-NSS days. It depends a bit on whether
David is going to add openssl support or whether he is going to cross
compile nss for mips/arms etc.

> ikev2_acceptable_group

Not sure about this one

> kernel_alg_esp_sadb_alg

We might have obsoleted those in the last two libreswan releases with
some of our rewrites.

> Some things are only used by files that are not compiled.  Should they
> too be deleted?  For example, these are used by spi.c
>  kernel_alg_proc_read
>  kernel_alg_sadb_alg_get

I am pretty sure spi.c is compiled, so I would want to see an updated
list before we discuss what to do.

> These kernel externs appear pointless (a very small sample of the odd
> code):
>  linux/net/ipsec/radij.c:464:unsigned char *dumper;
>  modobj/radij.c:464:unsigned char *dumper;
>  linux/net/ipsec/radij.c:465:int dumper_len;
>  modobj/radij.c:465:int dumper_len;

That can probably go than. It is clearly only used in klips, not
userland.

Paul


More information about the Swan mailing list