On Tue, 7 Jan 2014, D. Hugh Redelmeier wrote:
Questions:
==========
It looks as if programs/pluto/stubs.c is pointless. Can we delete it?
Done
It looks as if a number of files are not compiled. Should these be
deleted?
programs/spi/spi.c
programs/addconn/addconn.c
programs/readwriteconf/readwriteconf.c
programs/showhostkey/showhostkey.c
Those are definately used and installed. Why do you think those are not
compiled? Did you mistakenly run make from the programs directory and
have old/bogus .o files there (instead of in OBJ.*/programs/* ?
These important-looking functions are not used. Should they be?
linux/net/ipsec/pfkey_v2_parser.c:3561:int pfkey_build_reply(struct sadb_msg
*pfkey_msg,
programs/pf_key/pf_key.c:296: pfkey_print(msg, stdout);
programs/pluto/state.c:363:void rehash_state(struct state *st)
programs/pluto/state.c:883:void rekey_p2states_by_connection(struct connection
*c)
programs/pluto/state.c:1879:void replace_states_by_peer(const ip_address *peer)
lib/libswan/certload.c:202:bool same_cert(const cert_t *a, const cert_t *b)
lib/libswan/udpfromto.c:186:int sendfromto(int s, void *buf, size_t len, int
flags,
programs/pluto/kernel.c:3049:bool update_ipsec_sa(struct state *st
USED_BY_KLIPS)
Those need looking at to see. I would have expected same_cert(),
sendfromto() and rehash_state() to be used at least.
delete_p2states_by_connection
If not used, I suspect we will need it soon for IKEv2 to ensure that if
a parent dies, all children die along with it. Although than the name
might need to change.
get_x509cert
get_x509_private_key
Those might be a leftover from pre-NSS days. It depends a bit on whether
David is going to add openssl support or whether he is going to cross
compile nss for mips/arms etc.
ikev2_acceptable_group
Not sure about this one
kernel_alg_esp_sadb_alg
We might have obsoleted those in the last two libreswan releases with
some of our rewrites.
Some things are only used by files that are not compiled. Should they
too be deleted? For example, these are used by spi.c
kernel_alg_proc_read
kernel_alg_sadb_alg_get
I am pretty sure spi.c is compiled, so I would want to see an updated
list before we discuss what to do.
These kernel externs appear pointless (a very small sample of the odd
code):
linux/net/ipsec/radij.c:464:unsigned char *dumper;
modobj/radij.c:464:unsigned char *dumper;
linux/net/ipsec/radij.c:465:int dumper_len;
modobj/radij.c:465:int dumper_len;
That can probably go than. It is clearly only used in klips, not
userland.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
