[Swan] converting Pluto externs to file-statics, and more
Paul Wouters
paul at nohats.ca
Wed Jan 8 06:15:48 EET 2014
On Tue, 7 Jan 2014, D. Hugh Redelmeier wrote:
> Questions:
> ==========
>
> It looks as if programs/pluto/stubs.c is pointless. Can we delete it?
Done
> It looks as if a number of files are not compiled. Should these be
> deleted?
>
> programs/spi/spi.c
> programs/addconn/addconn.c
> programs/readwriteconf/readwriteconf.c
> programs/showhostkey/showhostkey.c
Those are definately used and installed. Why do you think those are not
compiled? Did you mistakenly run make from the programs directory and
have old/bogus .o files there (instead of in OBJ.*/programs/* ?
> These important-looking functions are not used. Should they be?
>
> linux/net/ipsec/pfkey_v2_parser.c:3561:int pfkey_build_reply(struct sadb_msg *pfkey_msg,
> programs/pf_key/pf_key.c:296: pfkey_print(msg, stdout);
> programs/pluto/state.c:363:void rehash_state(struct state *st)
> programs/pluto/state.c:883:void rekey_p2states_by_connection(struct connection *c)
> programs/pluto/state.c:1879:void replace_states_by_peer(const ip_address *peer)
> lib/libswan/certload.c:202:bool same_cert(const cert_t *a, const cert_t *b)
> lib/libswan/udpfromto.c:186:int sendfromto(int s, void *buf, size_t len, int flags,
> programs/pluto/kernel.c:3049:bool update_ipsec_sa(struct state *st USED_BY_KLIPS)
Those need looking at to see. I would have expected same_cert(),
sendfromto() and rehash_state() to be used at least.
> delete_p2states_by_connection
If not used, I suspect we will need it soon for IKEv2 to ensure that if
a parent dies, all children die along with it. Although than the name
might need to change.
> get_x509cert
> get_x509_private_key
Those might be a leftover from pre-NSS days. It depends a bit on whether
David is going to add openssl support or whether he is going to cross
compile nss for mips/arms etc.
> ikev2_acceptable_group
Not sure about this one
> kernel_alg_esp_sadb_alg
We might have obsoleted those in the last two libreswan releases with
some of our rewrites.
> Some things are only used by files that are not compiled. Should they
> too be deleted? For example, these are used by spi.c
> kernel_alg_proc_read
> kernel_alg_sadb_alg_get
I am pretty sure spi.c is compiled, so I would want to see an updated
list before we discuss what to do.
> These kernel externs appear pointless (a very small sample of the odd
> code):
> linux/net/ipsec/radij.c:464:unsigned char *dumper;
> modobj/radij.c:464:unsigned char *dumper;
> linux/net/ipsec/radij.c:465:int dumper_len;
> modobj/radij.c:465:int dumper_len;
That can probably go than. It is clearly only used in klips, not
userland.
Paul
More information about the Swan
mailing list