Can someone who understands DPD have a look at this?
in complete_v1_state_transition:
/*
* make sure that a DPD event gets created for a new phase 1
* SA.
*/
if (IS_ISAKMP_SA_ESTABLISHED(st->st_state)) {
if (deltasecs(st->st_connection->dpd_delay) > 0 &&
deltasecs(st->st_connection->dpd_timeout) > 0) {
/* don't ignore failure */
/* ??? in fact, we do ignore this:
* result is NEVER used
* (clang 3.4 noticed this)
*/
stf_status s = dpd_init(st);
pexpect(s != STF_FAIL);
if (s == STF_FAIL)
result = STF_FAIL; /* ??? fall through
!?! */
/* ??? result not subsequently used */
}
}
The code claims that failure should not be ignored, and then ignores
it. The code has been like this for years.
see 98eed4a91ea93e69807f1236b82f61325c4c831f
and 993e9312f195f54a3e3a00126aaf926ad566e2ae
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
