| From: Andrew Cagney <[email protected]> | Er, don't we already have functions to boilerplate at least SK payloads?
Yes, but I hadn't noticed. Unfortunate. I was fixing five copies of code in ikev2_parent.c. I didn't change the code much, I just factored it out. These previously existing functions are used four times in ikev2_send.c. Why were they not used in ikev2_parent.c too? The ikev2_send.c version looks a bit nicer. They should replace the functions I wrote. It would be good if close_v2sk_payload could handle fragmenting (I said that about end_encrypted_payload in the commit). Current oddity: the payload size is padded before fragmentation and after. I imagine that only after is correct. Another oddity: currently not all messages can be fragmented by our code. If that were handled in close_v2sk_payload, we could fragment any encrypted packet. start_encrypted_payload and end_encrypted_payload support SK and SKF payloads. It would be good if open_v2sk_payload and close_v2sk_payload could too. If start_encrypted_payload and end_encrypted_payload are replaced, move_pbs_previous_np and ikev2_padup_pre_encrypt become unused and should be deleted. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
