There is some long-standing code in complete_v1_state_transition that
looks fishy. clang thinks so, but just for a shallow reason.
Can someone who understands DPD logic look at this?
/*
* make sure that a DPD event gets created for a new phase 1
* SA.
*/
if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)) {
if (deltasecs(st->st_connection->dpd_delay) > 0 &&
deltasecs(st->st_connection->dpd_timeout) > 0) {
/* don't ignore failure */
/* ??? in fact, we do ignore this:
* result is NEVER used
* (clang 3.4 noticed this)
*/
stf_status s = dpd_init(st);
if (!pexpect(s != STF_FAIL))
result = STF_FAIL; /* ??? fall through
!?! */
/* ??? result not subsequently used. Looks bad!
*/
}
}
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
