It would save our time of thinking and reading the source (i.e.
eliminate the process of "what if the variable 'mobike' was 2 or more?
...aha it's just a bool").
This is still work in progress. I would continue if you maintainers are
positive on this proposal.
Index: sbin/iked/config.c
===================================================================
RCS file: /cvs/src/sbin/iked/config.c,v
retrieving revision 1.55
diff -u -r1.55 config.c
--- sbin/iked/config.c 24 Mar 2020 13:32:36 -0000 1.55
+++ sbin/iked/config.c 2 Apr 2020 15:45:44 -0000
@@ -22,6 +22,7 @@
#include <sys/socket.h>
#include <sys/uio.h>
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
@@ -39,7 +40,7 @@
#include "ikev2.h"
struct iked_sa *
-config_new_sa(struct iked *env, int initiator)
+config_new_sa(struct iked *env, bool initiator)
{
struct iked_sa *sa;
@@ -451,7 +452,7 @@
*/
int
-config_setcoupled(struct iked *env, unsigned int couple)
+config_setcoupled(struct iked *env, bool couple)
{
unsigned int type;
@@ -465,11 +466,11 @@
config_getcoupled(struct iked *env, unsigned int type)
{
return (pfkey_couple(env->sc_pfkey, &env->sc_sas,
- type == IMSG_CTL_COUPLE ? 1 : 0));
+ type == IMSG_CTL_COUPLE));
}
int
-config_setmode(struct iked *env, unsigned int passive)
+config_setmode(struct iked *env, bool passive)
{
unsigned int type;
@@ -482,17 +483,17 @@
int
config_getmode(struct iked *env, unsigned int type)
{
- uint8_t old;
+ bool old;
unsigned char *mode[] = { "active", "passive" };
- old = env->sc_passive ? 1 : 0;
- env->sc_passive = type == IMSG_CTL_PASSIVE ? 1 : 0;
+ old = env->sc_passive;
+ env->sc_passive = (type == IMSG_CTL_PASSIVE);
if (old == env->sc_passive)
return (0);
log_debug("%s: mode %s -> %s", __func__,
- mode[old], mode[env->sc_passive]);
+ mode[old ? 1 : 0], mode[env->sc_passive ? 1 : 0]);
return (0);
}
@@ -848,22 +849,22 @@
int
config_setmobike(struct iked *env)
{
- unsigned int boolval;
+ bool val;
- boolval = env->sc_mobike;
+ val = env->sc_mobike;
proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CTL_MOBIKE,
- &boolval, sizeof(boolval));
+ &val, sizeof(val));
return (0);
}
int
config_getmobike(struct iked *env, struct imsg *imsg)
{
- unsigned int boolval;
+ bool mobike;
- IMSG_SIZE_CHECK(imsg, &boolval);
- memcpy(&boolval, imsg->data, sizeof(boolval));
- env->sc_mobike = boolval;
+ IMSG_SIZE_CHECK(imsg, &mobike);
+ memcpy(&mobike, imsg->data, sizeof(mobike));
+ env->sc_mobike = mobike;
log_debug("%s: %smobike", __func__, env->sc_mobike ? "" : "no ");
return (0);
}
@@ -871,22 +872,22 @@
int
config_setfragmentation(struct iked *env)
{
- unsigned int boolval;
+ bool fragmentation;
- boolval = env->sc_frag;
+ fragmentation = env->sc_frag;
proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CTL_FRAGMENTATION,
- &boolval, sizeof(boolval));
+ &fragmentation, sizeof(fragmentation));
return (0);
}
int
config_getfragmentation(struct iked *env, struct imsg *imsg)
{
- unsigned int boolval;
+ bool fragmentation;
- IMSG_SIZE_CHECK(imsg, &boolval);
- memcpy(&boolval, imsg->data, sizeof(boolval));
- env->sc_frag = boolval;
+ IMSG_SIZE_CHECK(imsg, &fragmentation);
+ memcpy(&fragmentation, imsg->data, sizeof(fragmentation));
+ env->sc_frag = fragmentation;
log_debug("%s: %sfragmentation", __func__, env->sc_frag ? "" : "no ");
return (0);
}
Index: sbin/iked/crypto.c
===================================================================
RCS file: /cvs/src/sbin/iked/crypto.c,v
retrieving revision 1.23
diff -u -r1.23 crypto.c
--- sbin/iked/crypto.c 14 Feb 2020 13:02:31 -0000 1.23
+++ sbin/iked/crypto.c 2 Apr 2020 15:45:44 -0000
@@ -21,6 +21,7 @@
#include <sys/socket.h>
#include <sys/uio.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@@ -504,7 +505,7 @@
if (prf == NULL || prf->hash_priv == NULL)
fatalx("dsa_new: invalid PRF");
dsa.dsa_priv = prf->hash_priv;
- dsa.dsa_hmac = 1;
+ dsa.dsa_hmac = true;
break;
case IKEV2_AUTH_DSS_SIG:
dsa.dsa_priv = EVP_dss1();
Index: sbin/iked/iked.c
===================================================================
RCS file: /cvs/src/sbin/iked/iked.c,v
retrieving revision 1.41
diff -u -r1.41 iked.c
--- sbin/iked/iked.c 16 Jan 2020 20:05:00 -0000 1.41
+++ sbin/iked/iked.c 2 Apr 2020 15:45:44 -0000
@@ -22,6 +22,7 @@
#include <sys/wait.h>
#include <sys/uio.h>
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
@@ -261,10 +262,10 @@
config_setmobike(env);
config_setfragmentation(env);
config_setnattport(env);
- config_setcoupled(env, env->sc_decoupled ? 0 : 1);
+ config_setcoupled(env, !env->sc_decoupled);
config_setocsp(env);
/* Must be last */
- config_setmode(env, env->sc_passive ? 1 : 0);
+ config_setmode(env, env->sc_passive);
return (0);
}
@@ -295,10 +296,10 @@
config_setmobike(env);
config_setfragmentation(env);
config_setnattport(env);
- config_setcoupled(env, env->sc_decoupled ? 0 : 1);
+ config_setcoupled(env, !env->sc_decoupled);
config_setocsp(env);
/* Must be last */
- config_setmode(env, env->sc_passive ? 1 : 0);
+ config_setmode(env, env->sc_passive);
} else {
config_setreset(env, reset, PROC_IKEV2);
config_setreset(env, reset, PROC_CERT);
@@ -309,7 +310,8 @@
parent_sig_handler(int sig, short event, void *arg)
{
struct privsep *ps = arg;
- int die = 0, status, fail, id;
+ bool die = false, fail;
+ int status, id;
pid_t pid;
char *cause;
@@ -331,7 +333,7 @@
break;
case SIGTERM:
case SIGINT:
- die = 1;
+ die = true;
/* FALLTHROUGH */
case SIGCHLD:
do {
@@ -341,14 +343,14 @@
if (pid <= 0)
continue;
- fail = 0;
+ fail = false;
if (WIFSIGNALED(status)) {
- fail = 1;
+ fail = true;
len = asprintf(&cause, "terminated; signal %d",
WTERMSIG(status));
} else if (WIFEXITED(status)) {
if (WEXITSTATUS(status) != 0) {
- fail = 1;
+ fail = true;
len = asprintf(&cause,
"exited abnormally");
} else
@@ -359,7 +361,7 @@
if (len == -1)
fatal("asprintf");
- die = 1;
+ die = true;
for (id = 0; id < PROC_MAX; id++)
if (pid == ps->ps_pid[id]) {
Index: sbin/iked/iked.h
===================================================================
RCS file: /cvs/src/sbin/iked/iked.h,v
retrieving revision 1.139
diff -u -r1.139 iked.h
--- sbin/iked/iked.h 1 Apr 2020 21:09:26 -0000 1.139
+++ sbin/iked/iked.h 2 Apr 2020 15:45:44 -0000
@@ -22,6 +22,7 @@
#include <sys/queue.h>
#include <arpa/inet.h>
#include <limits.h>
+#include <stdbool.h>
#include <imsg.h>
#include <openssl/evp.h>
@@ -174,13 +175,13 @@
unsigned int csa_dir; /* in/out */
uint64_t csa_peerspi; /* peer relation */
- uint8_t csa_loaded; /* pfkey done */
- uint8_t csa_rekey; /* will be deleted */
- uint8_t csa_allocated; /* from the kernel */
- uint8_t csa_persistent;/* do not rekey */
- uint8_t csa_esn; /* use ESN */
- uint8_t csa_transport; /* transport mode */
- uint8_t csa_acquired; /* no rekey for me */
+ bool csa_loaded; /* pfkey done */
+ bool csa_rekey; /* will be deleted */
+ bool csa_allocated; /* from the kernel */
+ bool csa_persistent;/* do not rekey */
+ bool csa_esn; /* use ESN */
+ bool csa_transport; /* transport mode */
+ bool csa_acquired; /* no rekey for me */
struct iked_spi csa_spi;
@@ -329,7 +330,7 @@
struct ibuf *dsa_keydata; /* public, private or shared key */
void *dsa_key; /* parsed public or private key */
void *dsa_cert; /* parsed certificate */
- int dsa_hmac; /* HMAC or public/private key */
+ bool dsa_hmac; /* HMAC or public/private key */
int dsa_sign; /* Sign or verify operation */
};
@@ -358,8 +359,8 @@
struct iked_sahdr {
uint64_t sh_ispi; /* Initiator SPI */
uint64_t sh_rspi; /* Responder SPI */
- unsigned int sh_initiator; /* Is initiator? */
-} __packed;
+ bool sh_initiator; /* Is initiator? */
+};
struct iked_kex {
struct ibuf *kex_inonce; /* Ni */
@@ -410,9 +411,9 @@
struct iked_frag sa_fragments;
- int sa_natt; /* for IKE messages */
- int sa_udpencap; /* for pfkey */
- int sa_usekeepalive;/* NAT-T keepalive */
+ bool sa_natt; /* for IKE messages */
+ bool sa_udpencap; /* for pfkey */
+ bool sa_usekeepalive;/* NAT-T keepalive */
int sa_state;
unsigned int sa_stateflags;
@@ -452,7 +453,7 @@
struct ibuf *sa_1stmsg; /* for initiator AUTH */
struct ibuf *sa_2ndmsg; /* for responder AUTH */
struct iked_id sa_localauth; /* local AUTH message */
- int sa_sigsha2; /* use SHA2 for
signatures */
+ bool sa_sigsha2; /* use SHA2 for
signatures */
struct iked_id sa_iid; /* initiator id */
struct iked_id sa_rid; /* responder id */
@@ -479,11 +480,11 @@
struct iked_ipcomp sa_ipcompi; /* IPcomp initator */
struct iked_ipcomp sa_ipcompr; /* IPcomp responder */
- int sa_mobike; /* MOBIKE */
- int sa_frag; /* fragmentation */
+ bool sa_mobike; /* MOBIKE */
+ bool sa_frag; /* fragmentation */
- int sa_use_transport_mode; /* peer
requested */
- int sa_used_transport_mode; /* we enabled
*/
+ bool sa_use_transport_mode; /* peer
requested */
+ bool sa_used_transport_mode; /* we enabled
*/
struct iked_timer sa_timer; /* SA timeouts */
#define IKED_IKE_SA_EXCHANGE_TIMEOUT 300 /* 5 minutes */
@@ -535,14 +536,14 @@
struct iked_socket *msg_sock;
int msg_fd;
- int msg_response;
- int msg_responded;
- int msg_valid;
- int msg_natt;
- int msg_natt_rcvd;
+ bool msg_response;
+ bool msg_responded;
+ bool msg_valid;
+ bool msg_natt;
+ bool msg_natt_rcvd;
int msg_nat_detected;
int msg_error;
- int msg_e;
+ bool msg_e;
struct iked_message *msg_parent;
/* Associated policy and SA */
@@ -569,7 +570,7 @@
uint16_t msg_flags;
/* MOBIKE */
- int msg_update_sa_addresses;
+ bool msg_update_sa_addresses;
struct ibuf *msg_cookie2;
/* Parse stack */
@@ -664,12 +665,12 @@
char sc_conffile[PATH_MAX];
uint32_t sc_opts;
- uint8_t sc_passive;
- uint8_t sc_decoupled;
+ bool sc_passive;
+ bool sc_decoupled;
in_port_t sc_nattport;
- uint8_t sc_mobike; /* MOBIKE */
- uint8_t sc_frag; /* fragmentation */
+ bool sc_mobike; /* MOBIKE */
+ bool sc_frag; /* fragmentation */
struct iked_policies sc_policies;
struct iked_policy *sc_defaultcon;
@@ -724,7 +725,7 @@
void config_free_fragments(struct iked_frag *);
void config_free_sa(struct iked *, struct iked_sa *);
struct iked_sa *
- config_new_sa(struct iked *, int);
+ config_new_sa(struct iked *, bool);
struct iked_user *
config_new_user(struct iked *, struct iked_user *);
uint64_t
@@ -742,9 +743,9 @@
struct iked_transform *
config_add_transform(struct iked_proposal *,
unsigned int, unsigned int, unsigned int, unsigned int);
-int config_setcoupled(struct iked *, unsigned int);
+int config_setcoupled(struct iked *, bool);
int config_getcoupled(struct iked *, unsigned int);
-int config_setmode(struct iked *, unsigned int);
+int config_setmode(struct iked *, bool);
int config_getmode(struct iked *, unsigned int);
int config_setreset(struct iked *, unsigned int, enum privsep_procid);
int config_getreset(struct iked *, struct imsg *);
@@ -789,8 +790,7 @@
void sa_stateflags(struct iked_sa *, unsigned int);
int sa_stateok(struct iked_sa *, int);
struct iked_sa *
- sa_new(struct iked *, uint64_t, uint64_t, unsigned int,
- struct iked_policy *);
+ sa_new(struct iked *, uint64_t, uint64_t, bool, struct iked_policy *);
void sa_free(struct iked *, struct iked_sa *);
void sa_free_flows(struct iked *, struct iked_saflows *);
int sa_address(struct iked_sa *, struct iked_addr *,
@@ -801,7 +801,7 @@
void flow_free(struct iked_flow *);
int flow_equal(struct iked_flow *, struct iked_flow *);
struct iked_sa *
- sa_lookup(struct iked *, uint64_t, uint64_t, unsigned int);
+ sa_lookup(struct iked *, uint64_t, uint64_t, bool);
struct iked_user *
user_lookup(struct iked *, const char *);
int proposals_negotiate(struct iked_proposals *, struct iked_proposals *,
@@ -865,7 +865,7 @@
int ikev2_policy2id(struct iked_static_id *, struct iked_id *, int);
int ikev2_childsa_enable(struct iked *, struct iked_sa *);
int ikev2_childsa_delete(struct iked *, struct iked_sa *,
- uint8_t, uint64_t, uint64_t *, int);
+ uint8_t, uint64_t, uint64_t *, bool);
void ikev2_ikesa_recv_delete(struct iked *, struct iked_sa *);
void ikev2_ike_sa_timeout(struct iked *env, void *);
void ikev2_ike_sa_setreason(struct iked_sa *, char *);
@@ -904,14 +904,14 @@
struct ibuf *
ikev2_msg_init(struct iked *, struct iked_message *,
struct sockaddr_storage *, socklen_t,
- struct sockaddr_storage *, socklen_t, int);
+ struct sockaddr_storage *, socklen_t, bool);
struct iked_message *
ikev2_msg_copy(struct iked *, struct iked_message *);
void ikev2_msg_cleanup(struct iked *, struct iked_message *);
uint32_t
ikev2_msg_id(struct iked *, struct iked_sa *);
struct ibuf
- *ikev2_msg_auth(struct iked *, struct iked_sa *, int);
+ *ikev2_msg_auth(struct iked *, struct iked_sa *, bool);
int ikev2_msg_authsign(struct iked *, struct iked_sa *,
struct iked_auth *, struct ibuf *);
int ikev2_msg_authverify(struct iked *, struct iked_sa *,
@@ -929,7 +929,7 @@
int ikev2_msg_integr(struct iked *, struct iked_sa *, struct ibuf *);
int ikev2_msg_frompeer(struct iked_message *);
struct iked_socket *
- ikev2_msg_getsocket(struct iked *, int, int);
+ ikev2_msg_getsocket(struct iked *, int, bool);
int ikev2_msg_retransmit_response(struct iked *, struct iked_sa *,
struct iked_message *);
void ikev2_msg_prevail(struct iked *, struct iked_msgqueue *,
@@ -956,7 +956,7 @@
int eap_parse(struct iked *, struct iked_sa *, void *, int);
/* pfkey.c */
-int pfkey_couple(int, struct iked_sas *, int);
+int pfkey_couple(int, struct iked_sas *, bool);
int pfkey_flow_add(int fd, struct iked_flow *);
int pfkey_flow_delete(int fd, struct iked_flow *);
int pfkey_sa_init(int, struct iked_childsa *, uint32_t *);
Index: sbin/iked/ikev2.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2.c,v
retrieving revision 1.208
diff -u -r1.208 ikev2.c
--- sbin/iked/ikev2.c 1 Apr 2020 21:09:27 -0000 1.208
+++ sbin/iked/ikev2.c 2 Apr 2020 15:45:45 -0000
@@ -27,6 +27,7 @@
#include <netinet/ip_ipsp.h>
#include <arpa/inet.h>
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
@@ -96,7 +97,7 @@
int ikev2_send_create_child_sa(struct iked *, struct iked_sa *,
struct iked_spi *, uint8_t);
int ikev2_ikesa_enable(struct iked *, struct iked_sa *, struct iked_sa *);
-void ikev2_ikesa_delete(struct iked *, struct iked_sa *, int);
+void ikev2_ikesa_delete(struct iked *, struct iked_sa *, bool);
int ikev2_nonce_cmp(struct ibuf *, struct ibuf *);
int ikev2_init_create_child_sa(struct iked *, struct iked_message *);
int ikev2_resp_create_child_sa(struct iked *, struct iked_message *);
@@ -121,25 +122,25 @@
unsigned int);
int ikev2_childsa_negotiate(struct iked *, struct iked_sa *,
- struct iked_kex *, struct iked_proposals *, int, int, int);
+ struct iked_kex *, struct iked_proposals *, bool, int, bool);
int ikev2_childsa_delete_proposed(struct iked *, struct iked_sa *,
struct iked_proposals *);
int ikev2_valid_proposal(struct iked_proposal *,
- struct iked_transform **, struct iked_transform **, int *);
+ struct iked_transform **, struct iked_transform **, bool *);
int ikev2_handle_notifies(struct iked *, struct iked_message *);
ssize_t ikev2_add_proposals(struct iked *, struct iked_sa *, struct
ibuf *,
- struct iked_proposals *, uint8_t, int, int, int);
+ struct iked_proposals *, uint8_t, bool, bool, bool);
ssize_t ikev2_add_cp(struct iked *, struct iked_sa *, struct ibuf *);
ssize_t ikev2_add_transform(struct ibuf *,
uint8_t, uint8_t, uint16_t, uint16_t);
ssize_t ikev2_add_ts(struct ibuf *, struct ikev2_payload **, ssize_t,
- struct iked_sa *, int);
+ struct iked_sa *, bool);
ssize_t ikev2_add_certreq(struct ibuf *, struct ikev2_payload **,
ssize_t,
struct ibuf *, uint8_t);
ssize_t ikev2_add_ipcompnotify(struct iked *, struct ibuf *,
- struct ikev2_payload **, ssize_t, struct iked_sa *, int);
+ struct ikev2_payload **, ssize_t, struct iked_sa *, bool);
ssize_t ikev2_add_ts_payload(struct ibuf *, unsigned int, struct
iked_sa *);
ssize_t ikev2_add_error(struct iked *, struct ibuf *, struct
iked_message *);
int ikev2_add_data(struct ibuf *, void *, size_t);
@@ -484,8 +485,9 @@
{
struct ike_header *hdr;
struct iked_sa *sa;
- unsigned int initiator, flag = 0;
+ unsigned int flag = 0;
int r;
+ bool initiator;
hdr = ibuf_seek(msg->msg_data, msg->msg_offset, sizeof(*hdr));
@@ -493,8 +495,9 @@
(betoh32(hdr->ike_length) - msg->msg_offset))
return;
- initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? 0 : 1;
- msg->msg_response = (hdr->ike_flags & IKEV2_FLAG_RESPONSE) ? 1 : 0;
+ initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? false : true;
+ msg->msg_response =
+ (hdr->ike_flags & IKEV2_FLAG_RESPONSE) ? true : false;
msg->msg_sa = sa_lookup(env,
betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi),
initiator);
@@ -913,9 +916,9 @@
if (ikev2_handle_notifies(env, msg) != 0)
return;
- if (sa && msg->msg_nat_detected && sa->sa_natt == 0 &&
+ if (sa && msg->msg_nat_detected != 0 && !sa->sa_natt &&
(sock = ikev2_msg_getsocket(env,
- sa->sa_local.addr_af, 1)) != NULL) {
+ sa->sa_local.addr_af, true)) != NULL) {
/*
* Update address information and use the NAT-T
* port and socket, if available.
@@ -929,8 +932,8 @@
msg->msg_fd = sa->sa_fd = sock->sock_fd;
msg->msg_sock = sock;
- sa->sa_natt = 1;
- sa->sa_udpencap = 1;
+ sa->sa_natt = true;
+ sa->sa_udpencap = true;
log_debug("%s: detected NAT, enabling UDP encapsulation,"
" updated SA to peer %s local %s", __func__,
@@ -1028,7 +1031,7 @@
struct iked_socket *sock;
in_port_t port;
- if ((sock = ikev2_msg_getsocket(env, peer->addr_af, 0)) == NULL)
+ if ((sock = ikev2_msg_getsocket(env, peer->addr_af, false)) == NULL)
return (-1);
if (retry != NULL) {
@@ -1105,7 +1108,7 @@
if ((pld = ikev2_add_payload(buf)) == NULL)
goto done;
if ((len = ikev2_add_proposals(env, sa, buf, &pol->pol_proposals,
- IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0, 0)) == -1)
+ IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, false, false)) == -1)
goto done;
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1)
@@ -1146,7 +1149,7 @@
if (ntohs(port) == env->sc_nattport) {
/* Enforce NAT-T on the initiator side */
log_debug("%s: enforcing NAT-T", __func__);
- req.msg_natt = sa->sa_natt = sa->sa_udpencap = 1;
+ req.msg_natt = sa->sa_natt = sa->sa_udpencap = true;
}
if ((len = ikev2_add_nat_detection(env, buf, &pld, &req, len))
== -1)
@@ -1317,7 +1320,7 @@
if ((pld = ikev2_add_payload(e)) == NULL)
goto done;
if ((len = ikev2_add_proposals(env, sa, e, &pol->pol_proposals, 0,
- sa->sa_hdr.sh_initiator, 0, 1)) == -1)
+ sa->sa_hdr.sh_initiator, false, true)) == -1)
goto done;
if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1)
@@ -1378,7 +1381,7 @@
}
if (ret)
- ikev2_childsa_delete(env, sa, 0, 0, NULL, 1);
+ ikev2_childsa_delete(env, sa, 0, 0, NULL, true);
return (ret);
}
@@ -1651,7 +1654,7 @@
ssize_t
ikev2_add_ts(struct ibuf *e, struct ikev2_payload **pld, ssize_t len,
- struct iked_sa *sa, int reverse)
+ struct iked_sa *sa, bool reverse)
{
if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSi) == -1)
return (-1);
@@ -1714,7 +1717,7 @@
ssize_t
ikev2_add_ipcompnotify(struct iked *env, struct ibuf *e,
struct ikev2_payload **pld, ssize_t len, struct iked_sa *sa,
- int initiator)
+ bool initiator)
{
struct iked_childsa csa;
struct iked_ipcomp *ic;
@@ -2137,8 +2140,8 @@
ssize_t
ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
- struct iked_proposals *proposals, uint8_t protoid, int initiator,
- int sendikespi, int skipdh)
+ struct iked_proposals *proposals, uint8_t protoid, bool initiator,
+ bool sendikespi, bool skipdh)
{
struct ikev2_sa_proposal *sap = NULL;
struct iked_transform *xform;
@@ -2386,7 +2389,7 @@
ret = ikev2_msg_send_encrypt(env, sa, &buf,
IKEV2_EXCHANGE_INFORMATIONAL, firstpayload, 1);
if (ret != -1)
- msg->msg_responded = 1;
+ msg->msg_responded = true;
done:
ibuf_release(buf);
return (ret);
@@ -2456,11 +2459,11 @@
if (sa->sa_fragments.frag_count != 0)
return;
- msg->msg_valid = 1;
+ msg->msg_valid = true;
- if (msg->msg_natt && sa->sa_natt == 0) {
+ if (msg->msg_natt && !sa->sa_natt) {
log_debug("%s: NAT-T message received, updated SA", __func__);
- sa->sa_natt = 1;
+ sa->sa_natt = true;
}
switch (hdr->ike_exchange) {
@@ -2539,9 +2542,9 @@
if ((msg->msg_flags & IKED_MSG_FLAGS_MOBIKE) && env->sc_mobike) {
log_debug("%s: mobike enabled", __func__);
- sa->sa_mobike = 1;
+ sa->sa_mobike = true;
/* enforce natt */
- sa->sa_natt = 1;
+ sa->sa_natt = true;
}
if ((msg->msg_flags & IKED_MSG_FLAGS_NO_ADDITIONAL_SAS)
@@ -2610,12 +2613,12 @@
if (msg->msg_nat_detected & IKED_MSG_NAT_DST_IP) {
/* Send keepalive, since we are behind a NAT-gw */
- sa->sa_usekeepalive = 1;
+ sa->sa_usekeepalive = true;
}
/* Signature hash algorithm */
if (msg->msg_flags & IKED_MSG_FLAGS_SIGSHA2)
- sa->sa_sigsha2 = 1;
+ sa->sa_sigsha2 = true;
return (0);
}
@@ -2636,10 +2639,10 @@
log_debug("%s: called by initiator", __func__);
return (-1);
}
- if (msg->msg_nat_detected && sa->sa_udpencap == 0) {
+ if (msg->msg_nat_detected != 0 && !sa->sa_udpencap) {
log_debug("%s: detected NAT, enabling UDP encapsulation",
__func__);
- sa->sa_udpencap = 1;
+ sa->sa_udpencap = true;
}
if ((buf = ikev2_msg_init(env, &resp,
@@ -2662,7 +2665,7 @@
if ((pld = ikev2_add_payload(buf)) == NULL)
goto done;
if ((len = ikev2_add_proposals(env, sa, buf, &sa->sa_proposals,
- IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0, 0)) == -1)
+ IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, false, false)) == -1)
goto done;
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1)
@@ -3098,7 +3101,7 @@
if ((pld = ikev2_add_payload(e)) == NULL)
goto done;
if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 0,
- sa->sa_hdr.sh_initiator, 0, 1)) == -1)
+ sa->sa_hdr.sh_initiator, false, true)) == -1)
goto done;
if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1)
@@ -3121,7 +3124,7 @@
done:
if (ret)
- ikev2_childsa_delete(env, sa, 0, 0, NULL, 1);
+ ikev2_childsa_delete(env, sa, 0, 0, NULL, true);
ibuf_release(e);
return (ret);
}
@@ -3286,7 +3289,8 @@
uint8_t firstpayload;
uint32_t spi;
ssize_t len = 0;
- int initiator, ret = -1;
+ int ret = -1;
+ bool initiator;
if (rekey)
log_debug("%s: rekeying %s spi %s", __func__,
@@ -3305,7 +3309,7 @@
ibuf_release(sa->sa_simult);
sa->sa_simult = NULL;
sa->sa_rekeyspi = 0; /* clear rekey spi */
- initiator = sa->sa_hdr.sh_initiator ? 1 : 0;
+ initiator = sa->sa_hdr.sh_initiator;
if (rekey &&
((csa = childsa_lookup(sa, rekey->spi,
@@ -3356,7 +3360,7 @@
}
if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals,
- protoid, 1, 0, 0)) == -1)
+ protoid, true, false, false)) == -1)
goto done;
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1)
@@ -3425,8 +3429,8 @@
IKEV2_EXCHANGE_CREATE_CHILD_SA, firstpayload, 0);
if (ret == 0) {
if (rekey) {
- csa->csa_rekey = 1;
- csb->csa_rekey = 1;
+ csa->csa_rekey = true;
+ csb->csa_rekey = true;
/*
* Remember the peer spi of the rekeyed
* SA for ikev2_init_create_child_sa().
@@ -3496,7 +3500,7 @@
/* just reuse the old IKE SA proposals */
if ((len = ikev2_add_proposals(env, nsa, e, &sa->sa_proposals,
- IKEV2_SAPROTO_IKE, 1, 1, 0)) == -1)
+ IKEV2_SAPROTO_IKE, true, true, false)) == -1)
goto done;
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1)
@@ -3769,11 +3773,11 @@
sa->sa_stateflags &= ~IKED_REQ_CHILDSA;
if (ret)
- ikev2_childsa_delete(env, sa, 0, 0, NULL, 1);
+ ikev2_childsa_delete(env, sa, 0, 0, NULL, true);
else if (csa) {
/* delete the rekeyed SA pair */
ikev2_childsa_delete(env, sa, csa->csa_saproto,
- csa->csa_peerspi, NULL, 0);
+ csa->csa_peerspi, NULL, false);
}
ibuf_release(buf);
return (ret);
@@ -3902,7 +3906,7 @@
}
void
-ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, int initiator)
+ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, bool initiator)
{
struct ibuf *buf = NULL;
struct ikev2_delete *del;
@@ -3979,11 +3983,12 @@
struct ibuf *e = NULL, *nonce = NULL;
uint8_t firstpayload;
ssize_t len = 0;
- int initiator, protoid, rekeying = 1;
+ int protoid, rekeying = 1;
int ret = -1;
int pfs = 0;
+ bool initiator;
- initiator = sa->sa_hdr.sh_initiator ? 1 : 0;
+ initiator = sa->sa_hdr.sh_initiator;
if (!ikev2_msg_frompeer(msg) || msg->msg_prop == NULL)
return (0);
@@ -4023,7 +4028,7 @@
log_debug("%s: Ignore IKE SA rekey: waiting for Child "
"SA response.", __func__);
/* Ignore, don't send error */
- msg->msg_valid = 0;
+ msg->msg_valid = false;
return (0);
}
@@ -4103,8 +4108,8 @@
msg->msg_error = IKEV2_N_CHILD_SA_NOT_FOUND;
goto fail;
}
- csa->csa_rekey = 1;
- csa->csa_peersa->csa_rekey = 1;
+ csa->csa_rekey = true;
+ csa->csa_peersa->csa_rekey = true;
}
/* Update initiator's nonce */
@@ -4166,7 +4171,7 @@
if ((len = ikev2_add_proposals(env, nsa ? nsa : sa, e,
nsa ? &nsa->sa_proposals : &proposals,
- protoid, 0, nsa ? 1 : 0, 0)) == -1)
+ protoid, false, nsa != NULL, false)) == -1)
goto done;
if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1)
@@ -4231,7 +4236,7 @@
done:
if (ret && protoid != IKEV2_SAPROTO_IKE)
- ikev2_childsa_delete(env, sa, 0, 0, NULL, 1);
+ ikev2_childsa_delete(env, sa, 0, 0, NULL, true);
ibuf_release(e);
config_free_proposals(&proposals, 0);
config_free_kex(kextmp);
@@ -4428,7 +4433,7 @@
sah.sa_hdr.sh_rspi = betoh64(hdr->ike_rspi);
sah.sa_hdr.sh_ispi = betoh64(hdr->ike_ispi);
sah.sa_hdr.sh_initiator =
- hdr->ike_flags & IKEV2_FLAG_INITIATOR ? 0 : 1;
+ hdr->ike_flags & IKEV2_FLAG_INITIATOR ? false : true;
resp.msg_msgid = ikev2_msg_id(env, &sah);
@@ -5236,8 +5241,8 @@
int
ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa,
- struct iked_kex *kex, struct iked_proposals *proposals, int initiator,
- int pfs, int acquired)
+ struct iked_kex *kex, struct iked_proposals *proposals, bool initiator,
+ int pfs, bool acquired)
{
struct iked_proposal *prop;
struct iked_transform *xform, *encrxf = NULL, *integrxf = NULL;
@@ -5250,7 +5255,8 @@
uint32_t spi = 0;
unsigned int i;
size_t ilen = 0;
- int esn, skip, ret = -1;
+ int skip, ret = -1;
+ bool esn;
if (!sa_stateok(sa, IKEV2_STATE_VALID))
return (-1);
@@ -5264,7 +5270,7 @@
ic = NULL;
/* reset state */
- sa->sa_used_transport_mode = 0;
+ sa->sa_used_transport_mode = false;
/* We need to determine the key material length first */
TAILQ_FOREACH(prop, proposals, prop_entry) {
@@ -5425,7 +5431,7 @@
if ((ret = pfkey_sa_init(env->sc_pfkey, csa,
&spi)) != 0)
goto done;
- csa->csa_allocated = 1;
+ csa->csa_allocated = true;
csa->csa_peerspi = prop->prop_peerspi.spi;
csa->csa_spi.spi = prop->prop_localspi.spi = spi;
@@ -5459,7 +5465,7 @@
/* Set up initiator's SPIs */
csb->csa_spi.spi = csa->csa_peerspi;
csb->csa_peerspi = csa->csa_spi.spi;
- csb->csa_allocated = csa->csa_allocated ? 0 : 1;
+ csb->csa_allocated = !csa->csa_allocated;
csb->csa_dir = csa->csa_dir == IPSP_DIRECTION_IN ?
IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN;
csb->csa_local = csa->csa_peer;
@@ -5497,7 +5503,7 @@
if (initiator) {
csa2->csa_spi.spi = ic->ic_cpi_out;
csa2->csa_peerspi = ic->ic_cpi_in;
- csa2->csa_allocated = 0;
+ csa2->csa_allocated = false;
/* make sure IPCOMP CPIs are not reused */
ic->ic_transform = 0;
ic->ic_cpi_in = ic->ic_cpi_out = 0;
@@ -5508,24 +5514,24 @@
ic->ic_cpi_in = spi;
csa2->csa_spi.spi = ic->ic_cpi_in;
csa2->csa_peerspi = ic->ic_cpi_out;
- csa2->csa_allocated = 1;
+ csa2->csa_allocated = true;
}
csa2->csa_spi.spi_size = 2;
memcpy(csb2, csa2, sizeof(*csb2));
csb2->csa_spi.spi = csa2->csa_peerspi;
csb2->csa_peerspi = csa2->csa_spi.spi;
- csb2->csa_allocated = csa2->csa_allocated ? 0 : 1;
+ csb2->csa_allocated = !csa2->csa_allocated;
csb2->csa_dir = csa2->csa_dir == IPSP_DIRECTION_IN ?
IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN;
csb2->csa_local = csa2->csa_peer;
csb2->csa_peer = csa2->csa_local;
/* link IPComp and ESP SAs, switch ESP to transport */
- csa->csa_transport = 1;
+ csa->csa_transport = true;
csa->csa_bundled = csa2;
csa2->csa_bundled = csa;
- csb->csa_transport = 1;
+ csb->csa_transport = true;
csb->csa_bundled = csb2;
csb2->csa_bundled = csb;
csa2 = NULL;
@@ -5545,7 +5551,7 @@
ret = 0;
done:
- sa->sa_use_transport_mode = 0; /* reset state after use */
+ sa->sa_use_transport_mode = false; /* reset state after
use */
ibuf_release(dhsecret);
ibuf_release(keymat);
ibuf_release(seed);
@@ -5599,8 +5605,8 @@
log_debug("%s: replaced CHILD SA %p with %p spi %s",
__func__, ocsa, csa, print_spi(ocsa->csa_spi.spi,
ocsa->csa_spi.spi_size));
- ocsa->csa_loaded = 0;
- ocsa->csa_rekey = 1; /* prevent re-loading */
+ ocsa->csa_loaded = false;
+ ocsa->csa_rekey = true; /* prevent re-loading */
RB_REMOVE(iked_activesas, &env->sc_activesas, ocsa);
}
@@ -5697,7 +5703,7 @@
int
ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, uint8_t saproto,
- uint64_t spi, uint64_t *spiptr, int cleanup)
+ uint64_t spi, uint64_t *spiptr, bool cleanup)
{
struct iked_childsa *csa, *csatmp = NULL, *ipcomp;
uint64_t peerspi = 0;
@@ -5754,10 +5760,11 @@
int
ikev2_valid_proposal(struct iked_proposal *prop,
- struct iked_transform **exf, struct iked_transform **ixf, int *esn)
+ struct iked_transform **exf, struct iked_transform **ixf, bool *esn)
{
struct iked_transform *xform, *encrxf, *integrxf;
- unsigned int i, doesn = 0;
+ unsigned int i;
+ bool doesn = false;
switch (prop->prop_protoid) {
case IKEV2_SAPROTO_ESP:
@@ -5776,7 +5783,7 @@
integrxf = xform;
else if (xform->xform_type == IKEV2_XFORMTYPE_ESN &&
xform->xform_id == IKEV2_XFORMESN_ESN)
- doesn = 1;
+ doesn = true;
}
if (prop->prop_protoid == IKEV2_SAPROTO_IKE) {
@@ -5860,11 +5867,11 @@
struct iked_childsa *csa;
TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
- csa->csa_persistent = 1;
- csa->csa_rekey = 0;
+ csa->csa_persistent = true;
+ csa->csa_rekey = false;
}
- (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, 1);
+ (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, true);
}
/* return 0 if processed, -1 if busy */
@@ -5912,7 +5919,7 @@
struct iked_sa *sa;
struct ikev2_delete *del;
uint32_t spi32;
- int acquired;
+ bool acquired;
key.csa_spi = *drop;
csa = RB_FIND(iked_activesas, &env->sc_activesas, &key);
@@ -5927,8 +5934,8 @@
}
RB_REMOVE(iked_activesas, &env->sc_activesas, csa);
- csa->csa_loaded = 0;
- csa->csa_rekey = 1; /* prevent re-loading */
+ csa->csa_loaded = false;
+ csa->csa_rekey = true; /* prevent re-loading */
if (sa == NULL) {
log_debug("%s: failed to find a parent SA", __func__);
return (0);
@@ -5941,7 +5948,7 @@
acquired = csa->csa_acquired;
if (ikev2_childsa_delete(env, sa, csa->csa_saproto,
- csa->csa_peerspi, NULL, 0))
+ csa->csa_peerspi, NULL, false))
log_debug("%s: failed to delete CHILD SA %s", __func__,
print_spi(csa->csa_peerspi, drop->spi_size));
Index: sbin/iked/ikev2_msg.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v
retrieving revision 1.64
diff -u -r1.64 ikev2_msg.c
--- sbin/iked/ikev2_msg.c 10 Mar 2020 09:42:40 -0000 1.64
+++ sbin/iked/ikev2_msg.c 2 Apr 2020 15:45:45 -0000
@@ -26,6 +26,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
@@ -81,7 +82,7 @@
env->sc_nattport) {
if (memcmp(&natt, buf, sizeof(natt)) != 0)
return;
- msg.msg_natt = 1;
+ msg.msg_natt = true;
off = sizeof(natt);
} else
off = 0;
@@ -135,17 +136,17 @@
struct ibuf *
ikev2_msg_init(struct iked *env, struct iked_message *msg,
struct sockaddr_storage *peer, socklen_t peerlen,
- struct sockaddr_storage *local, socklen_t locallen, int response)
+ struct sockaddr_storage *local, socklen_t locallen, bool response)
{
bzero(msg, sizeof(*msg));
memcpy(&msg->msg_peer, peer, peerlen);
msg->msg_peerlen = peerlen;
memcpy(&msg->msg_local, local, locallen);
msg->msg_locallen = locallen;
- msg->msg_response = response ? 1 : 0;
+ msg->msg_response = response;
msg->msg_fd = -1;
msg->msg_data = ibuf_static();
- msg->msg_e = 0;
+ msg->msg_e = false;
msg->msg_parent = msg; /* has to be set */
TAILQ_INIT(&msg->msg_proposals);
@@ -782,7 +783,7 @@
}
struct ibuf *
-ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response)
+ikev2_msg_auth(struct iked *env, struct iked_sa *sa, bool response)
{
struct ibuf *authmsg = NULL, *nonce, *prfkey, *buf;
uint8_t *ptr;
@@ -1025,7 +1026,7 @@
}
struct iked_socket *
-ikev2_msg_getsocket(struct iked *env, int af, int natt)
+ikev2_msg_getsocket(struct iked *env, int af, bool natt)
{
switch (af) {
case AF_INET:
Index: sbin/iked/ikev2_pld.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2_pld.c,v
retrieving revision 1.79
diff -u -r1.79 ikev2_pld.c
--- sbin/iked/ikev2_pld.c 16 Mar 2020 09:13:01 -0000 1.79
+++ sbin/iked/ikev2_pld.c 2 Apr 2020 15:45:45 -0000
@@ -26,6 +26,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
@@ -1035,7 +1036,7 @@
}
print_hex(md, 0, sizeof(md));
/* remember for MOBIKE */
- msg->msg_parent->msg_natt_rcvd = 1;
+ msg->msg_parent->msg_natt_rcvd = true;
break;
case IKEV2_N_AUTHENTICATION_FAILED:
if (!msg->msg_e) {
@@ -1189,7 +1190,7 @@
" notification (policy)", __func__);
return (0);
}
- msg->msg_sa->sa_use_transport_mode = 1;
+ msg->msg_sa->sa_use_transport_mode = true;
break;
case IKEV2_N_UPDATE_SA_ADDRESSES:
if (!msg->msg_e) {
@@ -1207,7 +1208,7 @@
" notification: %zu", __func__, len);
return (0);
}
- msg->msg_parent->msg_update_sa_addresses = 1;
+ msg->msg_parent->msg_update_sa_addresses = true;
break;
case IKEV2_N_COOKIE2:
if (!msg->msg_e) {
@@ -1368,7 +1369,7 @@
ret = ikev2_send_ike_e(env, sa, resp,
IKEV2_PAYLOAD_NONE,
IKEV2_EXCHANGE_INFORMATIONAL, 1);
- msg->msg_parent->msg_responded = 1;
+ msg->msg_parent->msg_responded = true;
ibuf_release(resp);
ikev2_ikesa_recv_delete(env, sa);
} else {
@@ -1419,7 +1420,7 @@
}
if (ikev2_childsa_delete(env, sa, del.del_protoid, spi,
- &localspi[i], 0) == -1)
+ &localspi[i], false) == -1)
failed++;
else
found++;
@@ -1475,7 +1476,7 @@
if (found) {
ret = ikev2_send_ike_e(env, sa, resp, IKEV2_PAYLOAD_DELETE,
IKEV2_EXCHANGE_INFORMATIONAL, 1);
- msg->msg_parent->msg_responded = 1;
+ msg->msg_parent->msg_responded = true;
} else {
/* XXX should we send an INVALID_SPI notification? */
ret = 0;
@@ -1749,7 +1750,7 @@
bzero(&emsg, sizeof(emsg));
memcpy(&emsg, msg, sizeof(*msg));
emsg.msg_data = e;
- emsg.msg_e = 1;
+ emsg.msg_e = true;
emsg.msg_parent = msg;
TAILQ_INIT(&emsg.msg_proposals);
@@ -1790,9 +1791,9 @@
if (ikev2_msg_frompeer(msg)) {
e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e);
} else {
- sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1;
+ sa->sa_hdr.sh_initiator = !sa->sa_hdr.sh_initiator;
e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e);
- sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1;
+ sa->sa_hdr.sh_initiator = !sa->sa_hdr.sh_initiator;
}
if (e == NULL)
@@ -1804,7 +1805,7 @@
bzero(&emsg, sizeof(emsg));
memcpy(&emsg, msg, sizeof(*msg));
emsg.msg_data = e;
- emsg.msg_e = 1;
+ emsg.msg_e = true;
emsg.msg_parent = msg;
TAILQ_INIT(&emsg.msg_proposals);
Index: sbin/iked/parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.90
diff -u -r1.90 parse.y
--- sbin/iked/parse.y 28 Mar 2020 21:05:19 -0000 1.90
+++ sbin/iked/parse.y 2 Apr 2020 15:45:45 -0000
@@ -43,6 +43,7 @@
#include <limits.h>
#include <netdb.h>
#include <stdarg.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -103,10 +104,10 @@
static struct iked *env = NULL;
static int debug = 0;
static int rules = 0;
-static int passive = 0;
-static int decouple = 0;
-static int mobike = 1;
-static int fragmentation = 0;
+static bool passive = false;
+static bool decouple = false;
+static bool mobike = true;
+static bool fragmentation = false;
static char *ocsp_url = NULL;
struct ipsec_xf {
@@ -467,14 +468,14 @@
}
;
-set : SET ACTIVE { passive = 0; }
- | SET PASSIVE { passive = 1; }
- | SET COUPLE { decouple = 0; }
- | SET DECOUPLE { decouple = 1; }
- | SET FRAGMENTATION { fragmentation = 1; }
- | SET NOFRAGMENTATION { fragmentation = 0; }
- | SET MOBIKE { mobike = 1; }
- | SET NOMOBIKE { mobike = 0; }
+set : SET ACTIVE { passive = false; }
+ | SET PASSIVE { passive = true; }
+ | SET COUPLE { decouple = false; }
+ | SET DECOUPLE { decouple = true; }
+ | SET FRAGMENTATION { fragmentation = true; }
+ | SET NOFRAGMENTATION { fragmentation = false; }
+ | SET MOBIKE { mobike = true; }
+ | SET NOMOBIKE { mobike = false; }
| SET OCSP STRING {
if ((ocsp_url = strdup($3)) == NULL) {
yyerror("cannot set ocsp_url");
@@ -1653,20 +1654,20 @@
free(ocsp_url);
- mobike = 1;
- fragmentation = 0;
- decouple = passive = 0;
+ mobike = true;
+ fragmentation = false;
+ decouple = passive = false;
ocsp_url = NULL;
if (env->sc_opts & IKED_OPT_PASSIVE)
- passive = 1;
+ passive = true;
yyparse();
errors = file->errors;
popfile();
- env->sc_passive = passive ? 1 : 0;
- env->sc_decoupled = decouple ? 1 : 0;
+ env->sc_passive = passive;
+ env->sc_decoupled = decouple;
env->sc_mobike = mobike;
env->sc_frag = fragmentation;
env->sc_ocsp_url = ocsp_url;
Index: sbin/iked/pfkey.c
===================================================================
RCS file: /cvs/src/sbin/iked/pfkey.c,v
retrieving revision 1.63
diff -u -r1.63 pfkey.c
--- sbin/iked/pfkey.c 14 Jan 2020 22:28:29 -0000 1.63
+++ sbin/iked/pfkey.c 2 Apr 2020 15:45:45 -0000
@@ -29,6 +29,7 @@
#include <err.h>
#include <errno.h>
+#include <stdbool.h>
#include <stdio.h>
#include <poll.h>
#include <string.h>
@@ -49,7 +50,7 @@
#define IKED_SADB_UPDATE_SA_ADDRESSES 0xff
static uint32_t sadb_msg_seq = 0;
-static unsigned int sadb_decoupled = 0;
+static bool sadb_decoupled = false;
static struct event pfkey_timer_ev;
static struct timeval pfkey_timer_tv;
@@ -117,7 +118,7 @@
int pfkey_process(struct iked *, struct pfkey_message *);
int
-pfkey_couple(int sd, struct iked_sas *sas, int couple)
+pfkey_couple(int sd, struct iked_sas *sas, bool couple)
{
struct iked_sa *sa;
struct iked_flow *flow;
@@ -132,10 +133,10 @@
return (0);
log_debug("%s: kernel %s -> %s", __func__,
- mode[sadb_decoupled], mode[!sadb_decoupled]);
+ mode[sadb_decoupled ? 0 : 1], mode[sadb_decoupled ? 1 : 0]);
/* Allow writes to the PF_KEY socket */
- sadb_decoupled = 0;
+ sadb_decoupled = false;
RB_FOREACH(sa, iked_sas, sas) {
TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
@@ -1336,7 +1337,7 @@
}
}
- sa->csa_loaded = 1;
+ sa->csa_loaded = true;
return (0);
}
@@ -1372,7 +1373,7 @@
if (pfkey_sa(fd, satype, SADB_DELETE, sa) == -1)
return (-1);
- sa->csa_loaded = 0;
+ sa->csa_loaded = false;
return (0);
}
Index: sbin/iked/policy.c
===================================================================
RCS file: /cvs/src/sbin/iked/policy.c,v
retrieving revision 1.57
diff -u -r1.57 policy.c
--- sbin/iked/policy.c 10 Mar 2020 18:54:52 -0000 1.57
+++ sbin/iked/policy.c 2 Apr 2020 15:45:45 -0000
@@ -22,6 +22,7 @@
#include <sys/uio.h>
#include <sys/tree.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@@ -345,8 +346,8 @@
}
struct iked_sa *
-sa_new(struct iked *env, uint64_t ispi, uint64_t rspi,
- unsigned int initiator, struct iked_policy *pol)
+sa_new(struct iked *env, uint64_t ispi, uint64_t rspi, bool initiator,
+ struct iked_policy *pol)
{
struct iked_sa *sa;
struct iked_sa *old;
@@ -587,8 +588,7 @@
}
struct iked_sa *
-sa_lookup(struct iked *env, uint64_t ispi, uint64_t rspi,
- unsigned int initiator)
+sa_lookup(struct iked *env, uint64_t ispi, uint64_t rspi, bool initiator)
{
struct iked_sa *sa, key;
