| From: Andrew Cagney <andrew.cag...@gmail.com> | I'm wondering why we bother to write code like: | | return ikev1_out_generic(np, &isakmp_keyex_desc, outs, &z) && | out_zero(g->len, &z, "fake g^x") && | (close_output_pbs(&z), TRUE); | | that goes out of its way to terminate the construction of a packet the | moment there is a whiff of a problem
There are no good exception mechnisms. In security code, it is good to stop when things are going wrong. Not get further into the weeds. Simple abstraction: If I'm here in the code, nothing has gone wrong so far. Harder abstraction: If I'm here in the code, anything that's gone wrong will show up eventually (and isn't going to cause me problems). We've proven time and again, any subtlety in our code is an invitation to future breakage. _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
