[Openswan dev] LELEM, 0ULL

Fri Jun 4 12:46:30 CEST 2004

-----BEGIN PGP SIGNED MESSAGE-----

| From: mladen-g at rogers.com

[Best to keep lines of mail shorter than 80 characters]

| The definitions for LELEM and LDISJOINT are in constants.h and say:
| 
| --------------------------
| typedef unsigned long long lset_t;
| #define LEMPTY 0ULL
| #define LELEM(opt) (1ULL << (opt))
| #define LRANGE(lwb, upb) LRANGES(LELEM(lwb), LELEM(upb))
| #define LRANGES(first, last) (last - first + last)
| #define LHAS(set, elem)  ((LELEM(elem) & (set)) != LEMPTY)
| #define LIN(subset, set)  (((subset) & (set)) == (subset))
| #define LDISJOINT(a, b)  (((a) & (b)) == LEMPTY)
| --------------------------

You didn't quote the comment at the start.  These definitions
implement an abstract datatype: a set with room for at least 64
elements (I'm guessing: I'm looking at an earlier version that used
unsigned long).

| So what is 0ULL and 1ULL?  Maybe values 0 and 1 in unsigned long long
| field size?

0 and 1 with unsigned long long type.

| ---------------------------------
| {
|     lset_t s = LELEM(np);
| 
|     if (LDISJOINT(s
| 	, needed | smc->opt_payloads| LELEM(ISAKMP_NEXT_N) | LELEM(ISAKMP_NEXT_D)))
|     {
| 	loglog(RC_LOG_SERIOUS, "%smessage ignored because it "
| 		"contains an unexpected payload type (%s)"
| 		, excuse, enum_show(&payload_names, np));
| 	SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
| 	return;
|     }
|     needed &= ~s;
| }
| --------------------------
| 
| My problem is quite simply that I don't have any idea what this does,
| and how it checks for expected payloads.

LDISJOINT checks that the two sets it is passed are disjoint (i.e.
that they have no members in common).

s is the set containing just the next payload type.

The second argument is in the union of:
needed is the set of needed payloads
opt_payloads is the set of optional payloads (for this state)
ISAKMP_NEXT_N is an always-welcome payload_type (Notification)
ISAKMP_NEXT_D is an always-welcome payload_type (Delete)

If s isn't in the union, we are not expecting it.

|  I've never seen code like this
| before (I'm currently a university student, and the course I took in C
| didn't go nearly into this kind of depth).

Consider learning the language.  Guessing and hacking is not a great
approach to security code.

Hugh Redelmeier
hugh at mimosa.com  voice: +1 416 482-8253

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBQMCZW8FAuQPManGZAQG6DAP/bhx2h6ocls3ZT4It1sr/E8dgfrsyKSVG
mYA6x6NnvBe62frdHSjInX8x8rmoomchveNSzo9DvNfP3uIb6j5qHyI6DCrpOTWs
IpVnh95k9lCsLX8P5SuBTofA+Ab9mrA/7rWR3DzX4IRX+xTR8KAcR0mazsycG/0P
+DXjSxTV6Uw=
=xvOy
-----END PGP SIGNATURE-----