It would save our time of thinking and reading the source (i.e. eliminate the process of "what if the variable 'mobike' was 2 or more? ...aha it's just a bool").
This is still work in progress. I would continue if you maintainers are positive on this proposal. Index: sbin/iked/config.c =================================================================== RCS file: /cvs/src/sbin/iked/config.c,v retrieving revision 1.55 diff -u -r1.55 config.c --- sbin/iked/config.c 24 Mar 2020 13:32:36 -0000 1.55 +++ sbin/iked/config.c 2 Apr 2020 15:45:44 -0000 @@ -22,6 +22,7 @@ #include <sys/socket.h> #include <sys/uio.h> +#include <stdbool.h> #include <stdlib.h> #include <stdio.h> #include <unistd.h> @@ -39,7 +40,7 @@ #include "ikev2.h" struct iked_sa * -config_new_sa(struct iked *env, int initiator) +config_new_sa(struct iked *env, bool initiator) { struct iked_sa *sa; @@ -451,7 +452,7 @@ */ int -config_setcoupled(struct iked *env, unsigned int couple) +config_setcoupled(struct iked *env, bool couple) { unsigned int type; @@ -465,11 +466,11 @@ config_getcoupled(struct iked *env, unsigned int type) { return (pfkey_couple(env->sc_pfkey, &env->sc_sas, - type == IMSG_CTL_COUPLE ? 1 : 0)); + type == IMSG_CTL_COUPLE)); } int -config_setmode(struct iked *env, unsigned int passive) +config_setmode(struct iked *env, bool passive) { unsigned int type; @@ -482,17 +483,17 @@ int config_getmode(struct iked *env, unsigned int type) { - uint8_t old; + bool old; unsigned char *mode[] = { "active", "passive" }; - old = env->sc_passive ? 1 : 0; - env->sc_passive = type == IMSG_CTL_PASSIVE ? 1 : 0; + old = env->sc_passive; + env->sc_passive = (type == IMSG_CTL_PASSIVE); if (old == env->sc_passive) return (0); log_debug("%s: mode %s -> %s", __func__, - mode[old], mode[env->sc_passive]); + mode[old ? 1 : 0], mode[env->sc_passive ? 1 : 0]); return (0); } @@ -848,22 +849,22 @@ int config_setmobike(struct iked *env) { - unsigned int boolval; + bool val; - boolval = env->sc_mobike; + val = env->sc_mobike; proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CTL_MOBIKE, - &boolval, sizeof(boolval)); + &val, sizeof(val)); return (0); } int config_getmobike(struct iked *env, struct imsg *imsg) { - unsigned int boolval; + bool mobike; - IMSG_SIZE_CHECK(imsg, &boolval); - memcpy(&boolval, imsg->data, sizeof(boolval)); - env->sc_mobike = boolval; + IMSG_SIZE_CHECK(imsg, &mobike); + memcpy(&mobike, imsg->data, sizeof(mobike)); + env->sc_mobike = mobike; log_debug("%s: %smobike", __func__, env->sc_mobike ? "" : "no "); return (0); } @@ -871,22 +872,22 @@ int config_setfragmentation(struct iked *env) { - unsigned int boolval; + bool fragmentation; - boolval = env->sc_frag; + fragmentation = env->sc_frag; proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CTL_FRAGMENTATION, - &boolval, sizeof(boolval)); + &fragmentation, sizeof(fragmentation)); return (0); } int config_getfragmentation(struct iked *env, struct imsg *imsg) { - unsigned int boolval; + bool fragmentation; - IMSG_SIZE_CHECK(imsg, &boolval); - memcpy(&boolval, imsg->data, sizeof(boolval)); - env->sc_frag = boolval; + IMSG_SIZE_CHECK(imsg, &fragmentation); + memcpy(&fragmentation, imsg->data, sizeof(fragmentation)); + env->sc_frag = fragmentation; log_debug("%s: %sfragmentation", __func__, env->sc_frag ? "" : "no "); return (0); } Index: sbin/iked/crypto.c =================================================================== RCS file: /cvs/src/sbin/iked/crypto.c,v retrieving revision 1.23 diff -u -r1.23 crypto.c --- sbin/iked/crypto.c 14 Feb 2020 13:02:31 -0000 1.23 +++ sbin/iked/crypto.c 2 Apr 2020 15:45:44 -0000 @@ -21,6 +21,7 @@ #include <sys/socket.h> #include <sys/uio.h> +#include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> @@ -504,7 +505,7 @@ if (prf == NULL || prf->hash_priv == NULL) fatalx("dsa_new: invalid PRF"); dsa.dsa_priv = prf->hash_priv; - dsa.dsa_hmac = 1; + dsa.dsa_hmac = true; break; case IKEV2_AUTH_DSS_SIG: dsa.dsa_priv = EVP_dss1(); Index: sbin/iked/iked.c =================================================================== RCS file: /cvs/src/sbin/iked/iked.c,v retrieving revision 1.41 diff -u -r1.41 iked.c --- sbin/iked/iked.c 16 Jan 2020 20:05:00 -0000 1.41 +++ sbin/iked/iked.c 2 Apr 2020 15:45:44 -0000 @@ -22,6 +22,7 @@ #include <sys/wait.h> #include <sys/uio.h> +#include <stdbool.h> #include <stdlib.h> #include <stdio.h> #include <unistd.h> @@ -261,10 +262,10 @@ config_setmobike(env); config_setfragmentation(env); config_setnattport(env); - config_setcoupled(env, env->sc_decoupled ? 0 : 1); + config_setcoupled(env, !env->sc_decoupled); config_setocsp(env); /* Must be last */ - config_setmode(env, env->sc_passive ? 1 : 0); + config_setmode(env, env->sc_passive); return (0); } @@ -295,10 +296,10 @@ config_setmobike(env); config_setfragmentation(env); config_setnattport(env); - config_setcoupled(env, env->sc_decoupled ? 0 : 1); + config_setcoupled(env, !env->sc_decoupled); config_setocsp(env); /* Must be last */ - config_setmode(env, env->sc_passive ? 1 : 0); + config_setmode(env, env->sc_passive); } else { config_setreset(env, reset, PROC_IKEV2); config_setreset(env, reset, PROC_CERT); @@ -309,7 +310,8 @@ parent_sig_handler(int sig, short event, void *arg) { struct privsep *ps = arg; - int die = 0, status, fail, id; + bool die = false, fail; + int status, id; pid_t pid; char *cause; @@ -331,7 +333,7 @@ break; case SIGTERM: case SIGINT: - die = 1; + die = true; /* FALLTHROUGH */ case SIGCHLD: do { @@ -341,14 +343,14 @@ if (pid <= 0) continue; - fail = 0; + fail = false; if (WIFSIGNALED(status)) { - fail = 1; + fail = true; len = asprintf(&cause, "terminated; signal %d", WTERMSIG(status)); } else if (WIFEXITED(status)) { if (WEXITSTATUS(status) != 0) { - fail = 1; + fail = true; len = asprintf(&cause, "exited abnormally"); } else @@ -359,7 +361,7 @@ if (len == -1) fatal("asprintf"); - die = 1; + die = true; for (id = 0; id < PROC_MAX; id++) if (pid == ps->ps_pid[id]) { Index: sbin/iked/iked.h =================================================================== RCS file: /cvs/src/sbin/iked/iked.h,v retrieving revision 1.139 diff -u -r1.139 iked.h --- sbin/iked/iked.h 1 Apr 2020 21:09:26 -0000 1.139 +++ sbin/iked/iked.h 2 Apr 2020 15:45:44 -0000 @@ -22,6 +22,7 @@ #include <sys/queue.h> #include <arpa/inet.h> #include <limits.h> +#include <stdbool.h> #include <imsg.h> #include <openssl/evp.h> @@ -174,13 +175,13 @@ unsigned int csa_dir; /* in/out */ uint64_t csa_peerspi; /* peer relation */ - uint8_t csa_loaded; /* pfkey done */ - uint8_t csa_rekey; /* will be deleted */ - uint8_t csa_allocated; /* from the kernel */ - uint8_t csa_persistent;/* do not rekey */ - uint8_t csa_esn; /* use ESN */ - uint8_t csa_transport; /* transport mode */ - uint8_t csa_acquired; /* no rekey for me */ + bool csa_loaded; /* pfkey done */ + bool csa_rekey; /* will be deleted */ + bool csa_allocated; /* from the kernel */ + bool csa_persistent;/* do not rekey */ + bool csa_esn; /* use ESN */ + bool csa_transport; /* transport mode */ + bool csa_acquired; /* no rekey for me */ struct iked_spi csa_spi; @@ -329,7 +330,7 @@ struct ibuf *dsa_keydata; /* public, private or shared key */ void *dsa_key; /* parsed public or private key */ void *dsa_cert; /* parsed certificate */ - int dsa_hmac; /* HMAC or public/private key */ + bool dsa_hmac; /* HMAC or public/private key */ int dsa_sign; /* Sign or verify operation */ }; @@ -358,8 +359,8 @@ struct iked_sahdr { uint64_t sh_ispi; /* Initiator SPI */ uint64_t sh_rspi; /* Responder SPI */ - unsigned int sh_initiator; /* Is initiator? */ -} __packed; + bool sh_initiator; /* Is initiator? */ +}; struct iked_kex { struct ibuf *kex_inonce; /* Ni */ @@ -410,9 +411,9 @@ struct iked_frag sa_fragments; - int sa_natt; /* for IKE messages */ - int sa_udpencap; /* for pfkey */ - int sa_usekeepalive;/* NAT-T keepalive */ + bool sa_natt; /* for IKE messages */ + bool sa_udpencap; /* for pfkey */ + bool sa_usekeepalive;/* NAT-T keepalive */ int sa_state; unsigned int sa_stateflags; @@ -452,7 +453,7 @@ struct ibuf *sa_1stmsg; /* for initiator AUTH */ struct ibuf *sa_2ndmsg; /* for responder AUTH */ struct iked_id sa_localauth; /* local AUTH message */ - int sa_sigsha2; /* use SHA2 for signatures */ + bool sa_sigsha2; /* use SHA2 for signatures */ struct iked_id sa_iid; /* initiator id */ struct iked_id sa_rid; /* responder id */ @@ -479,11 +480,11 @@ struct iked_ipcomp sa_ipcompi; /* IPcomp initator */ struct iked_ipcomp sa_ipcompr; /* IPcomp responder */ - int sa_mobike; /* MOBIKE */ - int sa_frag; /* fragmentation */ + bool sa_mobike; /* MOBIKE */ + bool sa_frag; /* fragmentation */ - int sa_use_transport_mode; /* peer requested */ - int sa_used_transport_mode; /* we enabled */ + bool sa_use_transport_mode; /* peer requested */ + bool sa_used_transport_mode; /* we enabled */ struct iked_timer sa_timer; /* SA timeouts */ #define IKED_IKE_SA_EXCHANGE_TIMEOUT 300 /* 5 minutes */ @@ -535,14 +536,14 @@ struct iked_socket *msg_sock; int msg_fd; - int msg_response; - int msg_responded; - int msg_valid; - int msg_natt; - int msg_natt_rcvd; + bool msg_response; + bool msg_responded; + bool msg_valid; + bool msg_natt; + bool msg_natt_rcvd; int msg_nat_detected; int msg_error; - int msg_e; + bool msg_e; struct iked_message *msg_parent; /* Associated policy and SA */ @@ -569,7 +570,7 @@ uint16_t msg_flags; /* MOBIKE */ - int msg_update_sa_addresses; + bool msg_update_sa_addresses; struct ibuf *msg_cookie2; /* Parse stack */ @@ -664,12 +665,12 @@ char sc_conffile[PATH_MAX]; uint32_t sc_opts; - uint8_t sc_passive; - uint8_t sc_decoupled; + bool sc_passive; + bool sc_decoupled; in_port_t sc_nattport; - uint8_t sc_mobike; /* MOBIKE */ - uint8_t sc_frag; /* fragmentation */ + bool sc_mobike; /* MOBIKE */ + bool sc_frag; /* fragmentation */ struct iked_policies sc_policies; struct iked_policy *sc_defaultcon; @@ -724,7 +725,7 @@ void config_free_fragments(struct iked_frag *); void config_free_sa(struct iked *, struct iked_sa *); struct iked_sa * - config_new_sa(struct iked *, int); + config_new_sa(struct iked *, bool); struct iked_user * config_new_user(struct iked *, struct iked_user *); uint64_t @@ -742,9 +743,9 @@ struct iked_transform * config_add_transform(struct iked_proposal *, unsigned int, unsigned int, unsigned int, unsigned int); -int config_setcoupled(struct iked *, unsigned int); +int config_setcoupled(struct iked *, bool); int config_getcoupled(struct iked *, unsigned int); -int config_setmode(struct iked *, unsigned int); +int config_setmode(struct iked *, bool); int config_getmode(struct iked *, unsigned int); int config_setreset(struct iked *, unsigned int, enum privsep_procid); int config_getreset(struct iked *, struct imsg *); @@ -789,8 +790,7 @@ void sa_stateflags(struct iked_sa *, unsigned int); int sa_stateok(struct iked_sa *, int); struct iked_sa * - sa_new(struct iked *, uint64_t, uint64_t, unsigned int, - struct iked_policy *); + sa_new(struct iked *, uint64_t, uint64_t, bool, struct iked_policy *); void sa_free(struct iked *, struct iked_sa *); void sa_free_flows(struct iked *, struct iked_saflows *); int sa_address(struct iked_sa *, struct iked_addr *, @@ -801,7 +801,7 @@ void flow_free(struct iked_flow *); int flow_equal(struct iked_flow *, struct iked_flow *); struct iked_sa * - sa_lookup(struct iked *, uint64_t, uint64_t, unsigned int); + sa_lookup(struct iked *, uint64_t, uint64_t, bool); struct iked_user * user_lookup(struct iked *, const char *); int proposals_negotiate(struct iked_proposals *, struct iked_proposals *, @@ -865,7 +865,7 @@ int ikev2_policy2id(struct iked_static_id *, struct iked_id *, int); int ikev2_childsa_enable(struct iked *, struct iked_sa *); int ikev2_childsa_delete(struct iked *, struct iked_sa *, - uint8_t, uint64_t, uint64_t *, int); + uint8_t, uint64_t, uint64_t *, bool); void ikev2_ikesa_recv_delete(struct iked *, struct iked_sa *); void ikev2_ike_sa_timeout(struct iked *env, void *); void ikev2_ike_sa_setreason(struct iked_sa *, char *); @@ -904,14 +904,14 @@ struct ibuf * ikev2_msg_init(struct iked *, struct iked_message *, struct sockaddr_storage *, socklen_t, - struct sockaddr_storage *, socklen_t, int); + struct sockaddr_storage *, socklen_t, bool); struct iked_message * ikev2_msg_copy(struct iked *, struct iked_message *); void ikev2_msg_cleanup(struct iked *, struct iked_message *); uint32_t ikev2_msg_id(struct iked *, struct iked_sa *); struct ibuf - *ikev2_msg_auth(struct iked *, struct iked_sa *, int); + *ikev2_msg_auth(struct iked *, struct iked_sa *, bool); int ikev2_msg_authsign(struct iked *, struct iked_sa *, struct iked_auth *, struct ibuf *); int ikev2_msg_authverify(struct iked *, struct iked_sa *, @@ -929,7 +929,7 @@ int ikev2_msg_integr(struct iked *, struct iked_sa *, struct ibuf *); int ikev2_msg_frompeer(struct iked_message *); struct iked_socket * - ikev2_msg_getsocket(struct iked *, int, int); + ikev2_msg_getsocket(struct iked *, int, bool); int ikev2_msg_retransmit_response(struct iked *, struct iked_sa *, struct iked_message *); void ikev2_msg_prevail(struct iked *, struct iked_msgqueue *, @@ -956,7 +956,7 @@ int eap_parse(struct iked *, struct iked_sa *, void *, int); /* pfkey.c */ -int pfkey_couple(int, struct iked_sas *, int); +int pfkey_couple(int, struct iked_sas *, bool); int pfkey_flow_add(int fd, struct iked_flow *); int pfkey_flow_delete(int fd, struct iked_flow *); int pfkey_sa_init(int, struct iked_childsa *, uint32_t *); Index: sbin/iked/ikev2.c =================================================================== RCS file: /cvs/src/sbin/iked/ikev2.c,v retrieving revision 1.208 diff -u -r1.208 ikev2.c --- sbin/iked/ikev2.c 1 Apr 2020 21:09:27 -0000 1.208 +++ sbin/iked/ikev2.c 2 Apr 2020 15:45:45 -0000 @@ -27,6 +27,7 @@ #include <netinet/ip_ipsp.h> #include <arpa/inet.h> +#include <stdbool.h> #include <stdlib.h> #include <stdio.h> #include <unistd.h> @@ -96,7 +97,7 @@ int ikev2_send_create_child_sa(struct iked *, struct iked_sa *, struct iked_spi *, uint8_t); int ikev2_ikesa_enable(struct iked *, struct iked_sa *, struct iked_sa *); -void ikev2_ikesa_delete(struct iked *, struct iked_sa *, int); +void ikev2_ikesa_delete(struct iked *, struct iked_sa *, bool); int ikev2_nonce_cmp(struct ibuf *, struct ibuf *); int ikev2_init_create_child_sa(struct iked *, struct iked_message *); int ikev2_resp_create_child_sa(struct iked *, struct iked_message *); @@ -121,25 +122,25 @@ unsigned int); int ikev2_childsa_negotiate(struct iked *, struct iked_sa *, - struct iked_kex *, struct iked_proposals *, int, int, int); + struct iked_kex *, struct iked_proposals *, bool, int, bool); int ikev2_childsa_delete_proposed(struct iked *, struct iked_sa *, struct iked_proposals *); int ikev2_valid_proposal(struct iked_proposal *, - struct iked_transform **, struct iked_transform **, int *); + struct iked_transform **, struct iked_transform **, bool *); int ikev2_handle_notifies(struct iked *, struct iked_message *); ssize_t ikev2_add_proposals(struct iked *, struct iked_sa *, struct ibuf *, - struct iked_proposals *, uint8_t, int, int, int); + struct iked_proposals *, uint8_t, bool, bool, bool); ssize_t ikev2_add_cp(struct iked *, struct iked_sa *, struct ibuf *); ssize_t ikev2_add_transform(struct ibuf *, uint8_t, uint8_t, uint16_t, uint16_t); ssize_t ikev2_add_ts(struct ibuf *, struct ikev2_payload **, ssize_t, - struct iked_sa *, int); + struct iked_sa *, bool); ssize_t ikev2_add_certreq(struct ibuf *, struct ikev2_payload **, ssize_t, struct ibuf *, uint8_t); ssize_t ikev2_add_ipcompnotify(struct iked *, struct ibuf *, - struct ikev2_payload **, ssize_t, struct iked_sa *, int); + struct ikev2_payload **, ssize_t, struct iked_sa *, bool); ssize_t ikev2_add_ts_payload(struct ibuf *, unsigned int, struct iked_sa *); ssize_t ikev2_add_error(struct iked *, struct ibuf *, struct iked_message *); int ikev2_add_data(struct ibuf *, void *, size_t); @@ -484,8 +485,9 @@ { struct ike_header *hdr; struct iked_sa *sa; - unsigned int initiator, flag = 0; + unsigned int flag = 0; int r; + bool initiator; hdr = ibuf_seek(msg->msg_data, msg->msg_offset, sizeof(*hdr)); @@ -493,8 +495,9 @@ (betoh32(hdr->ike_length) - msg->msg_offset)) return; - initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? 0 : 1; - msg->msg_response = (hdr->ike_flags & IKEV2_FLAG_RESPONSE) ? 1 : 0; + initiator = (hdr->ike_flags & IKEV2_FLAG_INITIATOR) ? false : true; + msg->msg_response = + (hdr->ike_flags & IKEV2_FLAG_RESPONSE) ? true : false; msg->msg_sa = sa_lookup(env, betoh64(hdr->ike_ispi), betoh64(hdr->ike_rspi), initiator); @@ -913,9 +916,9 @@ if (ikev2_handle_notifies(env, msg) != 0) return; - if (sa && msg->msg_nat_detected && sa->sa_natt == 0 && + if (sa && msg->msg_nat_detected != 0 && !sa->sa_natt && (sock = ikev2_msg_getsocket(env, - sa->sa_local.addr_af, 1)) != NULL) { + sa->sa_local.addr_af, true)) != NULL) { /* * Update address information and use the NAT-T * port and socket, if available. @@ -929,8 +932,8 @@ msg->msg_fd = sa->sa_fd = sock->sock_fd; msg->msg_sock = sock; - sa->sa_natt = 1; - sa->sa_udpencap = 1; + sa->sa_natt = true; + sa->sa_udpencap = true; log_debug("%s: detected NAT, enabling UDP encapsulation," " updated SA to peer %s local %s", __func__, @@ -1028,7 +1031,7 @@ struct iked_socket *sock; in_port_t port; - if ((sock = ikev2_msg_getsocket(env, peer->addr_af, 0)) == NULL) + if ((sock = ikev2_msg_getsocket(env, peer->addr_af, false)) == NULL) return (-1); if (retry != NULL) { @@ -1105,7 +1108,7 @@ if ((pld = ikev2_add_payload(buf)) == NULL) goto done; if ((len = ikev2_add_proposals(env, sa, buf, &pol->pol_proposals, - IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0, 0)) == -1) + IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, false, false)) == -1) goto done; if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) @@ -1146,7 +1149,7 @@ if (ntohs(port) == env->sc_nattport) { /* Enforce NAT-T on the initiator side */ log_debug("%s: enforcing NAT-T", __func__); - req.msg_natt = sa->sa_natt = sa->sa_udpencap = 1; + req.msg_natt = sa->sa_natt = sa->sa_udpencap = true; } if ((len = ikev2_add_nat_detection(env, buf, &pld, &req, len)) == -1) @@ -1317,7 +1320,7 @@ if ((pld = ikev2_add_payload(e)) == NULL) goto done; if ((len = ikev2_add_proposals(env, sa, e, &pol->pol_proposals, 0, - sa->sa_hdr.sh_initiator, 0, 1)) == -1) + sa->sa_hdr.sh_initiator, false, true)) == -1) goto done; if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) @@ -1378,7 +1381,7 @@ } if (ret) - ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); + ikev2_childsa_delete(env, sa, 0, 0, NULL, true); return (ret); } @@ -1651,7 +1654,7 @@ ssize_t ikev2_add_ts(struct ibuf *e, struct ikev2_payload **pld, ssize_t len, - struct iked_sa *sa, int reverse) + struct iked_sa *sa, bool reverse) { if (ikev2_next_payload(*pld, len, IKEV2_PAYLOAD_TSi) == -1) return (-1); @@ -1714,7 +1717,7 @@ ssize_t ikev2_add_ipcompnotify(struct iked *env, struct ibuf *e, struct ikev2_payload **pld, ssize_t len, struct iked_sa *sa, - int initiator) + bool initiator) { struct iked_childsa csa; struct iked_ipcomp *ic; @@ -2137,8 +2140,8 @@ ssize_t ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf, - struct iked_proposals *proposals, uint8_t protoid, int initiator, - int sendikespi, int skipdh) + struct iked_proposals *proposals, uint8_t protoid, bool initiator, + bool sendikespi, bool skipdh) { struct ikev2_sa_proposal *sap = NULL; struct iked_transform *xform; @@ -2386,7 +2389,7 @@ ret = ikev2_msg_send_encrypt(env, sa, &buf, IKEV2_EXCHANGE_INFORMATIONAL, firstpayload, 1); if (ret != -1) - msg->msg_responded = 1; + msg->msg_responded = true; done: ibuf_release(buf); return (ret); @@ -2456,11 +2459,11 @@ if (sa->sa_fragments.frag_count != 0) return; - msg->msg_valid = 1; + msg->msg_valid = true; - if (msg->msg_natt && sa->sa_natt == 0) { + if (msg->msg_natt && !sa->sa_natt) { log_debug("%s: NAT-T message received, updated SA", __func__); - sa->sa_natt = 1; + sa->sa_natt = true; } switch (hdr->ike_exchange) { @@ -2539,9 +2542,9 @@ if ((msg->msg_flags & IKED_MSG_FLAGS_MOBIKE) && env->sc_mobike) { log_debug("%s: mobike enabled", __func__); - sa->sa_mobike = 1; + sa->sa_mobike = true; /* enforce natt */ - sa->sa_natt = 1; + sa->sa_natt = true; } if ((msg->msg_flags & IKED_MSG_FLAGS_NO_ADDITIONAL_SAS) @@ -2610,12 +2613,12 @@ if (msg->msg_nat_detected & IKED_MSG_NAT_DST_IP) { /* Send keepalive, since we are behind a NAT-gw */ - sa->sa_usekeepalive = 1; + sa->sa_usekeepalive = true; } /* Signature hash algorithm */ if (msg->msg_flags & IKED_MSG_FLAGS_SIGSHA2) - sa->sa_sigsha2 = 1; + sa->sa_sigsha2 = true; return (0); } @@ -2636,10 +2639,10 @@ log_debug("%s: called by initiator", __func__); return (-1); } - if (msg->msg_nat_detected && sa->sa_udpencap == 0) { + if (msg->msg_nat_detected != 0 && !sa->sa_udpencap) { log_debug("%s: detected NAT, enabling UDP encapsulation", __func__); - sa->sa_udpencap = 1; + sa->sa_udpencap = true; } if ((buf = ikev2_msg_init(env, &resp, @@ -2662,7 +2665,7 @@ if ((pld = ikev2_add_payload(buf)) == NULL) goto done; if ((len = ikev2_add_proposals(env, sa, buf, &sa->sa_proposals, - IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, 0, 0)) == -1) + IKEV2_SAPROTO_IKE, sa->sa_hdr.sh_initiator, false, false)) == -1) goto done; if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_KE) == -1) @@ -3098,7 +3101,7 @@ if ((pld = ikev2_add_payload(e)) == NULL) goto done; if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, 0, - sa->sa_hdr.sh_initiator, 0, 1)) == -1) + sa->sa_hdr.sh_initiator, false, true)) == -1) goto done; if ((len = ikev2_add_ts(e, &pld, len, sa, 0)) == -1) @@ -3121,7 +3124,7 @@ done: if (ret) - ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); + ikev2_childsa_delete(env, sa, 0, 0, NULL, true); ibuf_release(e); return (ret); } @@ -3286,7 +3289,8 @@ uint8_t firstpayload; uint32_t spi; ssize_t len = 0; - int initiator, ret = -1; + int ret = -1; + bool initiator; if (rekey) log_debug("%s: rekeying %s spi %s", __func__, @@ -3305,7 +3309,7 @@ ibuf_release(sa->sa_simult); sa->sa_simult = NULL; sa->sa_rekeyspi = 0; /* clear rekey spi */ - initiator = sa->sa_hdr.sh_initiator ? 1 : 0; + initiator = sa->sa_hdr.sh_initiator; if (rekey && ((csa = childsa_lookup(sa, rekey->spi, @@ -3356,7 +3360,7 @@ } if ((len = ikev2_add_proposals(env, sa, e, &sa->sa_proposals, - protoid, 1, 0, 0)) == -1) + protoid, true, false, false)) == -1) goto done; if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) @@ -3425,8 +3429,8 @@ IKEV2_EXCHANGE_CREATE_CHILD_SA, firstpayload, 0); if (ret == 0) { if (rekey) { - csa->csa_rekey = 1; - csb->csa_rekey = 1; + csa->csa_rekey = true; + csb->csa_rekey = true; /* * Remember the peer spi of the rekeyed * SA for ikev2_init_create_child_sa(). @@ -3496,7 +3500,7 @@ /* just reuse the old IKE SA proposals */ if ((len = ikev2_add_proposals(env, nsa, e, &sa->sa_proposals, - IKEV2_SAPROTO_IKE, 1, 1, 0)) == -1) + IKEV2_SAPROTO_IKE, true, true, false)) == -1) goto done; if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) @@ -3769,11 +3773,11 @@ sa->sa_stateflags &= ~IKED_REQ_CHILDSA; if (ret) - ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); + ikev2_childsa_delete(env, sa, 0, 0, NULL, true); else if (csa) { /* delete the rekeyed SA pair */ ikev2_childsa_delete(env, sa, csa->csa_saproto, - csa->csa_peerspi, NULL, 0); + csa->csa_peerspi, NULL, false); } ibuf_release(buf); return (ret); @@ -3902,7 +3906,7 @@ } void -ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, int initiator) +ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, bool initiator) { struct ibuf *buf = NULL; struct ikev2_delete *del; @@ -3979,11 +3983,12 @@ struct ibuf *e = NULL, *nonce = NULL; uint8_t firstpayload; ssize_t len = 0; - int initiator, protoid, rekeying = 1; + int protoid, rekeying = 1; int ret = -1; int pfs = 0; + bool initiator; - initiator = sa->sa_hdr.sh_initiator ? 1 : 0; + initiator = sa->sa_hdr.sh_initiator; if (!ikev2_msg_frompeer(msg) || msg->msg_prop == NULL) return (0); @@ -4023,7 +4028,7 @@ log_debug("%s: Ignore IKE SA rekey: waiting for Child " "SA response.", __func__); /* Ignore, don't send error */ - msg->msg_valid = 0; + msg->msg_valid = false; return (0); } @@ -4103,8 +4108,8 @@ msg->msg_error = IKEV2_N_CHILD_SA_NOT_FOUND; goto fail; } - csa->csa_rekey = 1; - csa->csa_peersa->csa_rekey = 1; + csa->csa_rekey = true; + csa->csa_peersa->csa_rekey = true; } /* Update initiator's nonce */ @@ -4166,7 +4171,7 @@ if ((len = ikev2_add_proposals(env, nsa ? nsa : sa, e, nsa ? &nsa->sa_proposals : &proposals, - protoid, 0, nsa ? 1 : 0, 0)) == -1) + protoid, false, nsa != NULL, false)) == -1) goto done; if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_NONCE) == -1) @@ -4231,7 +4236,7 @@ done: if (ret && protoid != IKEV2_SAPROTO_IKE) - ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); + ikev2_childsa_delete(env, sa, 0, 0, NULL, true); ibuf_release(e); config_free_proposals(&proposals, 0); config_free_kex(kextmp); @@ -4428,7 +4433,7 @@ sah.sa_hdr.sh_rspi = betoh64(hdr->ike_rspi); sah.sa_hdr.sh_ispi = betoh64(hdr->ike_ispi); sah.sa_hdr.sh_initiator = - hdr->ike_flags & IKEV2_FLAG_INITIATOR ? 0 : 1; + hdr->ike_flags & IKEV2_FLAG_INITIATOR ? false : true; resp.msg_msgid = ikev2_msg_id(env, &sah); @@ -5236,8 +5241,8 @@ int ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, - struct iked_kex *kex, struct iked_proposals *proposals, int initiator, - int pfs, int acquired) + struct iked_kex *kex, struct iked_proposals *proposals, bool initiator, + int pfs, bool acquired) { struct iked_proposal *prop; struct iked_transform *xform, *encrxf = NULL, *integrxf = NULL; @@ -5250,7 +5255,8 @@ uint32_t spi = 0; unsigned int i; size_t ilen = 0; - int esn, skip, ret = -1; + int skip, ret = -1; + bool esn; if (!sa_stateok(sa, IKEV2_STATE_VALID)) return (-1); @@ -5264,7 +5270,7 @@ ic = NULL; /* reset state */ - sa->sa_used_transport_mode = 0; + sa->sa_used_transport_mode = false; /* We need to determine the key material length first */ TAILQ_FOREACH(prop, proposals, prop_entry) { @@ -5425,7 +5431,7 @@ if ((ret = pfkey_sa_init(env->sc_pfkey, csa, &spi)) != 0) goto done; - csa->csa_allocated = 1; + csa->csa_allocated = true; csa->csa_peerspi = prop->prop_peerspi.spi; csa->csa_spi.spi = prop->prop_localspi.spi = spi; @@ -5459,7 +5465,7 @@ /* Set up initiator's SPIs */ csb->csa_spi.spi = csa->csa_peerspi; csb->csa_peerspi = csa->csa_spi.spi; - csb->csa_allocated = csa->csa_allocated ? 0 : 1; + csb->csa_allocated = !csa->csa_allocated; csb->csa_dir = csa->csa_dir == IPSP_DIRECTION_IN ? IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN; csb->csa_local = csa->csa_peer; @@ -5497,7 +5503,7 @@ if (initiator) { csa2->csa_spi.spi = ic->ic_cpi_out; csa2->csa_peerspi = ic->ic_cpi_in; - csa2->csa_allocated = 0; + csa2->csa_allocated = false; /* make sure IPCOMP CPIs are not reused */ ic->ic_transform = 0; ic->ic_cpi_in = ic->ic_cpi_out = 0; @@ -5508,24 +5514,24 @@ ic->ic_cpi_in = spi; csa2->csa_spi.spi = ic->ic_cpi_in; csa2->csa_peerspi = ic->ic_cpi_out; - csa2->csa_allocated = 1; + csa2->csa_allocated = true; } csa2->csa_spi.spi_size = 2; memcpy(csb2, csa2, sizeof(*csb2)); csb2->csa_spi.spi = csa2->csa_peerspi; csb2->csa_peerspi = csa2->csa_spi.spi; - csb2->csa_allocated = csa2->csa_allocated ? 0 : 1; + csb2->csa_allocated = !csa2->csa_allocated; csb2->csa_dir = csa2->csa_dir == IPSP_DIRECTION_IN ? IPSP_DIRECTION_OUT : IPSP_DIRECTION_IN; csb2->csa_local = csa2->csa_peer; csb2->csa_peer = csa2->csa_local; /* link IPComp and ESP SAs, switch ESP to transport */ - csa->csa_transport = 1; + csa->csa_transport = true; csa->csa_bundled = csa2; csa2->csa_bundled = csa; - csb->csa_transport = 1; + csb->csa_transport = true; csb->csa_bundled = csb2; csb2->csa_bundled = csb; csa2 = NULL; @@ -5545,7 +5551,7 @@ ret = 0; done: - sa->sa_use_transport_mode = 0; /* reset state after use */ + sa->sa_use_transport_mode = false; /* reset state after use */ ibuf_release(dhsecret); ibuf_release(keymat); ibuf_release(seed); @@ -5599,8 +5605,8 @@ log_debug("%s: replaced CHILD SA %p with %p spi %s", __func__, ocsa, csa, print_spi(ocsa->csa_spi.spi, ocsa->csa_spi.spi_size)); - ocsa->csa_loaded = 0; - ocsa->csa_rekey = 1; /* prevent re-loading */ + ocsa->csa_loaded = false; + ocsa->csa_rekey = true; /* prevent re-loading */ RB_REMOVE(iked_activesas, &env->sc_activesas, ocsa); } @@ -5697,7 +5703,7 @@ int ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, uint8_t saproto, - uint64_t spi, uint64_t *spiptr, int cleanup) + uint64_t spi, uint64_t *spiptr, bool cleanup) { struct iked_childsa *csa, *csatmp = NULL, *ipcomp; uint64_t peerspi = 0; @@ -5754,10 +5760,11 @@ int ikev2_valid_proposal(struct iked_proposal *prop, - struct iked_transform **exf, struct iked_transform **ixf, int *esn) + struct iked_transform **exf, struct iked_transform **ixf, bool *esn) { struct iked_transform *xform, *encrxf, *integrxf; - unsigned int i, doesn = 0; + unsigned int i; + bool doesn = false; switch (prop->prop_protoid) { case IKEV2_SAPROTO_ESP: @@ -5776,7 +5783,7 @@ integrxf = xform; else if (xform->xform_type == IKEV2_XFORMTYPE_ESN && xform->xform_id == IKEV2_XFORMESN_ESN) - doesn = 1; + doesn = true; } if (prop->prop_protoid == IKEV2_SAPROTO_IKE) { @@ -5860,11 +5867,11 @@ struct iked_childsa *csa; TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { - csa->csa_persistent = 1; - csa->csa_rekey = 0; + csa->csa_persistent = true; + csa->csa_rekey = false; } - (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); + (void)ikev2_childsa_delete(env, sa, 0, 0, NULL, true); } /* return 0 if processed, -1 if busy */ @@ -5912,7 +5919,7 @@ struct iked_sa *sa; struct ikev2_delete *del; uint32_t spi32; - int acquired; + bool acquired; key.csa_spi = *drop; csa = RB_FIND(iked_activesas, &env->sc_activesas, &key); @@ -5927,8 +5934,8 @@ } RB_REMOVE(iked_activesas, &env->sc_activesas, csa); - csa->csa_loaded = 0; - csa->csa_rekey = 1; /* prevent re-loading */ + csa->csa_loaded = false; + csa->csa_rekey = true; /* prevent re-loading */ if (sa == NULL) { log_debug("%s: failed to find a parent SA", __func__); return (0); @@ -5941,7 +5948,7 @@ acquired = csa->csa_acquired; if (ikev2_childsa_delete(env, sa, csa->csa_saproto, - csa->csa_peerspi, NULL, 0)) + csa->csa_peerspi, NULL, false)) log_debug("%s: failed to delete CHILD SA %s", __func__, print_spi(csa->csa_peerspi, drop->spi_size)); Index: sbin/iked/ikev2_msg.c =================================================================== RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v retrieving revision 1.64 diff -u -r1.64 ikev2_msg.c --- sbin/iked/ikev2_msg.c 10 Mar 2020 09:42:40 -0000 1.64 +++ sbin/iked/ikev2_msg.c 2 Apr 2020 15:45:45 -0000 @@ -26,6 +26,7 @@ #include <netinet/in.h> #include <arpa/inet.h> +#include <stdbool.h> #include <stdlib.h> #include <stdio.h> #include <unistd.h> @@ -81,7 +82,7 @@ env->sc_nattport) { if (memcmp(&natt, buf, sizeof(natt)) != 0) return; - msg.msg_natt = 1; + msg.msg_natt = true; off = sizeof(natt); } else off = 0; @@ -135,17 +136,17 @@ struct ibuf * ikev2_msg_init(struct iked *env, struct iked_message *msg, struct sockaddr_storage *peer, socklen_t peerlen, - struct sockaddr_storage *local, socklen_t locallen, int response) + struct sockaddr_storage *local, socklen_t locallen, bool response) { bzero(msg, sizeof(*msg)); memcpy(&msg->msg_peer, peer, peerlen); msg->msg_peerlen = peerlen; memcpy(&msg->msg_local, local, locallen); msg->msg_locallen = locallen; - msg->msg_response = response ? 1 : 0; + msg->msg_response = response; msg->msg_fd = -1; msg->msg_data = ibuf_static(); - msg->msg_e = 0; + msg->msg_e = false; msg->msg_parent = msg; /* has to be set */ TAILQ_INIT(&msg->msg_proposals); @@ -782,7 +783,7 @@ } struct ibuf * -ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response) +ikev2_msg_auth(struct iked *env, struct iked_sa *sa, bool response) { struct ibuf *authmsg = NULL, *nonce, *prfkey, *buf; uint8_t *ptr; @@ -1025,7 +1026,7 @@ } struct iked_socket * -ikev2_msg_getsocket(struct iked *env, int af, int natt) +ikev2_msg_getsocket(struct iked *env, int af, bool natt) { switch (af) { case AF_INET: Index: sbin/iked/ikev2_pld.c =================================================================== RCS file: /cvs/src/sbin/iked/ikev2_pld.c,v retrieving revision 1.79 diff -u -r1.79 ikev2_pld.c --- sbin/iked/ikev2_pld.c 16 Mar 2020 09:13:01 -0000 1.79 +++ sbin/iked/ikev2_pld.c 2 Apr 2020 15:45:45 -0000 @@ -26,6 +26,7 @@ #include <netinet/in.h> #include <arpa/inet.h> +#include <stdbool.h> #include <stdlib.h> #include <stdio.h> #include <unistd.h> @@ -1035,7 +1036,7 @@ } print_hex(md, 0, sizeof(md)); /* remember for MOBIKE */ - msg->msg_parent->msg_natt_rcvd = 1; + msg->msg_parent->msg_natt_rcvd = true; break; case IKEV2_N_AUTHENTICATION_FAILED: if (!msg->msg_e) { @@ -1189,7 +1190,7 @@ " notification (policy)", __func__); return (0); } - msg->msg_sa->sa_use_transport_mode = 1; + msg->msg_sa->sa_use_transport_mode = true; break; case IKEV2_N_UPDATE_SA_ADDRESSES: if (!msg->msg_e) { @@ -1207,7 +1208,7 @@ " notification: %zu", __func__, len); return (0); } - msg->msg_parent->msg_update_sa_addresses = 1; + msg->msg_parent->msg_update_sa_addresses = true; break; case IKEV2_N_COOKIE2: if (!msg->msg_e) { @@ -1368,7 +1369,7 @@ ret = ikev2_send_ike_e(env, sa, resp, IKEV2_PAYLOAD_NONE, IKEV2_EXCHANGE_INFORMATIONAL, 1); - msg->msg_parent->msg_responded = 1; + msg->msg_parent->msg_responded = true; ibuf_release(resp); ikev2_ikesa_recv_delete(env, sa); } else { @@ -1419,7 +1420,7 @@ } if (ikev2_childsa_delete(env, sa, del.del_protoid, spi, - &localspi[i], 0) == -1) + &localspi[i], false) == -1) failed++; else found++; @@ -1475,7 +1476,7 @@ if (found) { ret = ikev2_send_ike_e(env, sa, resp, IKEV2_PAYLOAD_DELETE, IKEV2_EXCHANGE_INFORMATIONAL, 1); - msg->msg_parent->msg_responded = 1; + msg->msg_parent->msg_responded = true; } else { /* XXX should we send an INVALID_SPI notification? */ ret = 0; @@ -1749,7 +1750,7 @@ bzero(&emsg, sizeof(emsg)); memcpy(&emsg, msg, sizeof(*msg)); emsg.msg_data = e; - emsg.msg_e = 1; + emsg.msg_e = true; emsg.msg_parent = msg; TAILQ_INIT(&emsg.msg_proposals); @@ -1790,9 +1791,9 @@ if (ikev2_msg_frompeer(msg)) { e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); } else { - sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; + sa->sa_hdr.sh_initiator = !sa->sa_hdr.sh_initiator; e = ikev2_msg_decrypt(env, msg->msg_sa, msg->msg_data, e); - sa->sa_hdr.sh_initiator = sa->sa_hdr.sh_initiator ? 0 : 1; + sa->sa_hdr.sh_initiator = !sa->sa_hdr.sh_initiator; } if (e == NULL) @@ -1804,7 +1805,7 @@ bzero(&emsg, sizeof(emsg)); memcpy(&emsg, msg, sizeof(*msg)); emsg.msg_data = e; - emsg.msg_e = 1; + emsg.msg_e = true; emsg.msg_parent = msg; TAILQ_INIT(&emsg.msg_proposals); Index: sbin/iked/parse.y =================================================================== RCS file: /cvs/src/sbin/iked/parse.y,v retrieving revision 1.90 diff -u -r1.90 parse.y --- sbin/iked/parse.y 28 Mar 2020 21:05:19 -0000 1.90 +++ sbin/iked/parse.y 2 Apr 2020 15:45:45 -0000 @@ -43,6 +43,7 @@ #include <limits.h> #include <netdb.h> #include <stdarg.h> +#include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -103,10 +104,10 @@ static struct iked *env = NULL; static int debug = 0; static int rules = 0; -static int passive = 0; -static int decouple = 0; -static int mobike = 1; -static int fragmentation = 0; +static bool passive = false; +static bool decouple = false; +static bool mobike = true; +static bool fragmentation = false; static char *ocsp_url = NULL; struct ipsec_xf { @@ -467,14 +468,14 @@ } ; -set : SET ACTIVE { passive = 0; } - | SET PASSIVE { passive = 1; } - | SET COUPLE { decouple = 0; } - | SET DECOUPLE { decouple = 1; } - | SET FRAGMENTATION { fragmentation = 1; } - | SET NOFRAGMENTATION { fragmentation = 0; } - | SET MOBIKE { mobike = 1; } - | SET NOMOBIKE { mobike = 0; } +set : SET ACTIVE { passive = false; } + | SET PASSIVE { passive = true; } + | SET COUPLE { decouple = false; } + | SET DECOUPLE { decouple = true; } + | SET FRAGMENTATION { fragmentation = true; } + | SET NOFRAGMENTATION { fragmentation = false; } + | SET MOBIKE { mobike = true; } + | SET NOMOBIKE { mobike = false; } | SET OCSP STRING { if ((ocsp_url = strdup($3)) == NULL) { yyerror("cannot set ocsp_url"); @@ -1653,20 +1654,20 @@ free(ocsp_url); - mobike = 1; - fragmentation = 0; - decouple = passive = 0; + mobike = true; + fragmentation = false; + decouple = passive = false; ocsp_url = NULL; if (env->sc_opts & IKED_OPT_PASSIVE) - passive = 1; + passive = true; yyparse(); errors = file->errors; popfile(); - env->sc_passive = passive ? 1 : 0; - env->sc_decoupled = decouple ? 1 : 0; + env->sc_passive = passive; + env->sc_decoupled = decouple; env->sc_mobike = mobike; env->sc_frag = fragmentation; env->sc_ocsp_url = ocsp_url; Index: sbin/iked/pfkey.c =================================================================== RCS file: /cvs/src/sbin/iked/pfkey.c,v retrieving revision 1.63 diff -u -r1.63 pfkey.c --- sbin/iked/pfkey.c 14 Jan 2020 22:28:29 -0000 1.63 +++ sbin/iked/pfkey.c 2 Apr 2020 15:45:45 -0000 @@ -29,6 +29,7 @@ #include <err.h> #include <errno.h> +#include <stdbool.h> #include <stdio.h> #include <poll.h> #include <string.h> @@ -49,7 +50,7 @@ #define IKED_SADB_UPDATE_SA_ADDRESSES 0xff static uint32_t sadb_msg_seq = 0; -static unsigned int sadb_decoupled = 0; +static bool sadb_decoupled = false; static struct event pfkey_timer_ev; static struct timeval pfkey_timer_tv; @@ -117,7 +118,7 @@ int pfkey_process(struct iked *, struct pfkey_message *); int -pfkey_couple(int sd, struct iked_sas *sas, int couple) +pfkey_couple(int sd, struct iked_sas *sas, bool couple) { struct iked_sa *sa; struct iked_flow *flow; @@ -132,10 +133,10 @@ return (0); log_debug("%s: kernel %s -> %s", __func__, - mode[sadb_decoupled], mode[!sadb_decoupled]); + mode[sadb_decoupled ? 0 : 1], mode[sadb_decoupled ? 1 : 0]); /* Allow writes to the PF_KEY socket */ - sadb_decoupled = 0; + sadb_decoupled = false; RB_FOREACH(sa, iked_sas, sas) { TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { @@ -1336,7 +1337,7 @@ } } - sa->csa_loaded = 1; + sa->csa_loaded = true; return (0); } @@ -1372,7 +1373,7 @@ if (pfkey_sa(fd, satype, SADB_DELETE, sa) == -1) return (-1); - sa->csa_loaded = 0; + sa->csa_loaded = false; return (0); } Index: sbin/iked/policy.c =================================================================== RCS file: /cvs/src/sbin/iked/policy.c,v retrieving revision 1.57 diff -u -r1.57 policy.c --- sbin/iked/policy.c 10 Mar 2020 18:54:52 -0000 1.57 +++ sbin/iked/policy.c 2 Apr 2020 15:45:45 -0000 @@ -22,6 +22,7 @@ #include <sys/uio.h> #include <sys/tree.h> +#include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> @@ -345,8 +346,8 @@ } struct iked_sa * -sa_new(struct iked *env, uint64_t ispi, uint64_t rspi, - unsigned int initiator, struct iked_policy *pol) +sa_new(struct iked *env, uint64_t ispi, uint64_t rspi, bool initiator, + struct iked_policy *pol) { struct iked_sa *sa; struct iked_sa *old; @@ -587,8 +588,7 @@ } struct iked_sa * -sa_lookup(struct iked *env, uint64_t ispi, uint64_t rspi, - unsigned int initiator) +sa_lookup(struct iked *env, uint64_t ispi, uint64_t rspi, bool initiator) { struct iked_sa *sa, key;