some code optimizations

1 files changed, 37 insertions, 34 deletions

diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index d96d6fc61..e9da5d1c5 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -196,6 +196,7 @@ static kernel_algorithm_t integrity_algs[] = {
 	{AUTH_HMAC_MD5_96, 			"md5"				},
 	{AUTH_HMAC_SHA1_96,			"sha1"				},
 	{AUTH_HMAC_SHA2_256_96,		"sha256"			},
+	{AUTH_HMAC_SHA2_256_128,	"hmac(sha256)"		},
 	{AUTH_HMAC_SHA2_384_192,	"hmac(sha384)"		},
 	{AUTH_HMAC_SHA2_512_256,	"hmac(sha512)"		},
 /*	{AUTH_DES_MAC,				"***"				}, */
@@ -1064,33 +1065,8 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
 		}
 	}
 
-	if (int_alg == AUTH_HMAC_SHA2_256_128)
+	if (int_alg  != AUTH_UNDEFINED)
 	{
-		/* the kernel uses SHA256 with 96 bit truncation by default,
-		 * use specified truncation size supported by newer kernels */
-		rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC;
-		alg_name = "hmac(sha256)";
-		DBG2(DBG_KNL, "  using integrity algorithm %N with key size %d",
-			 integrity_algorithm_names, int_alg, int_key.len * 8);
-
-		rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len);
-		hdr->nlmsg_len += rthdr->rta_len;
-		if (hdr->nlmsg_len > sizeof(request))
-		{
-			return FAILED;
-		}
-
-		struct xfrm_algo_auth* algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
-		algo->alg_key_len = int_key.len * 8;
-		algo->alg_trunc_len = 128;
-		strcpy(algo->alg_name, alg_name);
-		memcpy(algo->alg_key, int_key.ptr, int_key.len);
-
-		rthdr = XFRM_RTA_NEXT(rthdr);
-	}
-	else if (int_alg  != AUTH_UNDEFINED)
-	{
-		rthdr->rta_type = XFRMA_ALG_AUTH;
 		alg_name = lookup_algorithm(integrity_algs, int_alg);
 		if (alg_name == NULL)
 		{
@@ -1101,18 +1077,45 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
 		DBG2(DBG_KNL, "  using integrity algorithm %N with key size %d",
 			 integrity_algorithm_names, int_alg, int_key.len * 8);
 
-		rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len);
-		hdr->nlmsg_len += rthdr->rta_len;
-		if (hdr->nlmsg_len > sizeof(request))
+		if (int_alg == AUTH_HMAC_SHA2_256_128)
 		{
-			return FAILED;
+			struct xfrm_algo_auth* algo;
+
+			/* the kernel uses SHA256 with 96 bit truncation by default,
+			 * use specified truncation size supported by newer kernels */
+			rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC;
+			rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len);
+
+			hdr->nlmsg_len += rthdr->rta_len;
+			if (hdr->nlmsg_len > sizeof(request))
+			{
+				return FAILED;
+			}
+
+			algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
+			algo->alg_key_len = int_key.len * 8;
+			algo->alg_trunc_len = 128;
+			strcpy(algo->alg_name, alg_name);
+			memcpy(algo->alg_key, int_key.ptr, int_key.len);
 		}
+		else 
+		{
+			struct xfrm_algo* algo;
 
-		struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
-		algo->alg_key_len = int_key.len * 8;
-		strcpy(algo->alg_name, alg_name);
-		memcpy(algo->alg_key, int_key.ptr, int_key.len);
+			rthdr->rta_type = XFRMA_ALG_AUTH;
+			rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len);
 
+			hdr->nlmsg_len += rthdr->rta_len;
+			if (hdr->nlmsg_len > sizeof(request))
+			{
+				return FAILED;
+			}
+
+			algo = (struct xfrm_algo*)RTA_DATA(rthdr);
+			algo->alg_key_len = int_key.len * 8;
+			strcpy(algo->alg_name, alg_name);
+			memcpy(algo->alg_key, int_key.ptr, int_key.len);
+		}
 		rthdr = XFRM_RTA_NEXT(rthdr);
 	}