pluto实现分析(11)

 
本文档的Copyleft归yfydz所有,使用GPL发布,可以自由拷贝,转载,转载时请保持文档的完整性,
严禁用于任何商业用途。
msn: [email protected]
来源: http://yfydz.cublog.cn

11. 状态操作
 
关于连接的基本处理在programs/pluto/state.c中定义

11.1 初始化

系统的状态库是通过HASH表实现的, 一共是32个HASH链表, 每个链表是双向链表, 分别通过状态结构
中的st_hashchain_next和st_hashchain_prev参数链接起来.

/*
 * Initialize the state table (and mask*).
 */
void
init_states(void)
{
    int i;
// 初始化32个链表头
    for (i = 0; i < STATE_TABLE_SIZE; i++)
 statetable[i] = (struct state *) NULL;
}

// 状态哈希函数
// 根据双方的cookie,和对方的地址进行哈希
// 返回值不是整数哈希值, 而是哈希值对应链表的链表头元素地址
static struct state **
state_hash(const u_char *icookie, const u_char *rcookie, const ip_address *peer)
{
    u_int i = 0, j;
    const unsigned char *byte_ptr;
// 地址长度, V4是4字节,V6是16字节
    size_t length = addrbytesptr(peer, &byte_ptr);
    DBG(DBG_RAW | DBG_CONTROL,
 DBG_dump("ICOOKIE:", icookie, COOKIE_SIZE);
 DBG_dump("RCOOKIE:", rcookie, COOKIE_SIZE);
 DBG_dump("peer:", byte_ptr, length));
    /* XXX the following hash is pretty pathetic */
// cookie长度是8字节
    for (j = 0; j < COOKIE_SIZE; j++)
 i = i * 407 + icookie[j] + rcookie[j];
// 增加地址参数
    for (j = 0; j < length; j++)
 i = i * 613 + byte_ptr[j];
// 取模获取哈希值
    i = i % STATE_TABLE_SIZE;
    DBG(DBG_CONTROL, DBG_log("state hash entry %d", i));
// 返回哈希值对应的链表头地址
    return &statetable[i];
}

11.2 新建状态

/* Get a state object.
 * Caller must schedule an event for this object so that it doesn't leak.
 * Caller must insert_state().
 */
struct state *
new_state(void)
{
    static const struct state blank_state; /* initialized all to zero & NULL */
// 状态序号初始值
    static so_serial_t next_so = SOS_FIRST;
    struct state *st;
// 分配空间
    st = clone_thing(blank_state, "struct state in new_state()");
// 状态序号值是递增的
    st->st_serialno = next_so++;
    passert(next_so > SOS_FIRST); /* overflow can't happen! */
#ifdef XAUTH
    passert(st->st_oakley.xauth == 0);
    passert(st->st_xauth_username == NULL);
#endif   
// 初始化状态结构的相关参数
    st->st_whack_sock = NULL_FD;
   
    anyaddr(AF_INET, &st->hidden_variables.st_nat_oa);
    anyaddr(AF_INET, &st->hidden_variables.st_natd);
    DBG(DBG_CONTROL, DBG_log("creating state object #%lu at %p",
 st->st_serialno, (void *) st));
    return st;
}
 
11.3 查找状态

有多个状态查找函数
/* Find the state object with this serial number.
 * This allows state object references that don't turn into dangerous
 * dangling pointers: reference a state by its serial number.
 * Returns NULL if there is no such state.
 * If this turns out to be a significant CPU hog, it could be
 * improved to use a hash table rather than sequential seartch.
 */
// 根据序号查找状态
struct state *
state_with_serialno(so_serial_t sn)
{
    if (sn >= SOS_FIRST)
    {
 struct state *st;
 int i;
// 遍历所有哈希表
 for (i = 0; i < STATE_TABLE_SIZE; i++)
// 遍历链表
     for (st = statetable[i]; st != NULL; st = st->st_hashchain_next)
// 根据序号比对
  if (st->st_serialno == sn)
      return st;
    }
    return NULL;
}

/*
 * Find a state object.
 */
// 根据cookie, 目的地址, 消息ID等信息查找状态
struct state *
find_state(const u_char *icookie
, const u_char *rcookie
, const ip_address *peer
, msgid_t /*network order*/ msgid)
{
// 计算哈希值获取该哈希值对应的状态链表头
    struct state *st = *state_hash(icookie, rcookie, peer);

// 如果链表非空, 遍历链表
    while (st != (struct state *) NULL)
    {
// 比较对端地址, 发送方和响应方的cookie
 if (sameaddr(peer, &st->st_connection->spd.that.host_addr)
     && memcmp(icookie, st->st_icookie, COOKIE_SIZE) == 0
     && memcmp(rcookie, st->st_rcookie, COOKIE_SIZE) == 0)
 {
     DBG(DBG_CONTROL,
  DBG_log("peer and cookies match on #%ld, provided msgid %08x vs %08x"
   , st->st_serialno
   , ntohl(msgid), ntohl(st->st_msgid)));
// 地址,cookie都相同的情况下,如果消息ID也匹配,找到状态, 中断循环
     if(msgid == st->st_msgid)
  break;
 }
 st = st->st_hashchain_next;
    }
    DBG(DBG_CONTROL,
 if (st == NULL)
     DBG_log("state object not found");
 else
     DBG_log("state object #%lu found, in %s"
  , st->st_serialno
  , enum_show(&state_names, st->st_state)));
// 返回状态
    return st;
}
 
/*
 * Find a state object.
 */
// 同样根据cookie, 目的地址, 消息ID等信息查找状态
struct state *
find_info_state(const u_char *icookie
  , const u_char *rcookie
  , const ip_address *peer
  , msgid_t /*network order*/ msgid)
{
// 计算哈希值获取该哈希值对应的状态链表头
    struct state *st = *state_hash(icookie, rcookie, peer);

// 如果链表非空, 遍历链表
    while (st != (struct state *) NULL)
    {
// 比较对端地址, 发送方和响应方的cookie
 if (sameaddr(peer, &st->st_connection->spd.that.host_addr)
     && memcmp(icookie, st->st_icookie, COOKIE_SIZE) == 0
     && memcmp(rcookie, st->st_rcookie, COOKIE_SIZE) == 0)
 {
     DBG(DBG_CONTROL,
  DBG_log("peer and cookies match on #%ld, provided msgid %08x vs %08x/%
08x"
   , st->st_serialno
   , ntohl(msgid)
   , ntohl(st->st_msgid)
   , ntohl(st->st_msgid_phase15)));
// 继续比较消息ID, 和上面函数比增加了比较1.5阶段的消息ID值st_msgid_phase15
// 1.5阶段应该是指XAUTH,MODECFG等第一阶段完成,第2阶段还未开始的情况吧
     if((st->st_msgid_phase15!=0 && msgid == st->st_msgid_phase15)
        || msgid == st->st_msgid)
  break;
 }
 st = st->st_hashchain_next;
    }
    DBG(DBG_CONTROL,
 if (st == NULL)
     DBG_log("p15 state object not found");
 else
     DBG_log("p15 state object #%lu found, in %s"
  , st->st_serialno
  , enum_show(&state_names, st->st_state)));
// 返回状态
    return st;
}

/* Find the state that sent a packet
 * ??? this could be expensive -- it should be rate-limited to avoid DoS
 */
// 根据数据包查找状态
struct state *
find_sender(size_t packet_len, u_char *packet)
{
    int i;
    struct state *st;
// 数据包长度至少要大于基本的ISAKMP头长度
    if (packet_len >= sizeof(struct isakmp_hdr))
// 遍历各哈希链表
 for (i = 0; i < STATE_TABLE_SIZE; i++)
     for (st = statetable[i]; st != NULL; st = st->st_hashchain_next)
// 直接比较状态当前数据包内容是否完全匹配来查找状态
  if (st->st_tpacket.ptr != NULL
  && st->st_tpacket.len == packet_len
  && memcmp(st->st_tpacket.ptr, packet, packet_len) == 0)
      return st;
    return NULL;
}

// 根据阶段1的状态查找要删除的第2阶段状态
// 还包括协议ID和SPI等查找参数
struct state *
find_phase2_state_to_delete(const struct state *p1st
, u_int8_t protoid
, ipsec_spi_t spi
, bool *bogus)
{
    struct state *st;
    int i;
    *bogus = FALSE;
// 遍历所有状态哈希链表
    for (i = 0; i < STATE_TABLE_SIZE; i++)
    {
 for (st = statetable[i]; st != NULL; st = st->st_hashchain_next)
 {
// 必须是IPSEC SA已经建立的状态(IKE协商已经完成)
     if (IS_IPSEC_SA_ESTABLISHED(st->st_state)
// 主机对也匹配
     && p1st->st_connection->host_pair == st->st_connection->host_pair
// 连接ID也要相同
     && same_peer_ids(p1st->st_connection, st->st_connection, NULL))
     {
// 根据协议确定是状态的AH还是ESP信息
  struct ipsec_proto_info *pr = protoid == PROTO_IPSEC_AH
      ? &st->st_ah : &st->st_esp;
// 协议有效
  if (pr->present)
  {
// ipsec转换属性的SPI匹配, 找到, 直接返回状态
      if (pr->attrs.spi == spi)
   return st;
// 如果只是our_spi参数匹配,bogus参数为真
      if (pr->our_spi == spi)
   *bogus = TRUE;
  }
     }
 }
    }
    return NULL;
}
 
/* Find newest Phase 1 negotiation state object for suitable for connection c
 */
// 查找某连接的最新的阶段1的状态
// ok_states是状态类型
struct state *
find_phase1_state(const struct connection *c, lset_t ok_states)
{
    struct state
 *st,
 *best = NULL;
    int i;
// 遍历所有状态哈希表
    for (i = 0; i < STATE_TABLE_SIZE; i++) {
 for (st = statetable[i]; st != NULL; st = st->st_hashchain_next) {
// 检查状态结构的状态值是否匹配
     if (LHAS(ok_states, st->st_state)
// 检查主机对是否匹配
  && c->host_pair == st->st_connection->host_pair
// 连接的ID匹配
  && same_peer_ids(c, st->st_connection, NULL)
  && (best == NULL
// 序号越大表示越新
      || best->st_serialno < st->st_serialno))
  {
      best = st;
  }
 }
    }
// 返回最新状态
    return best;
}

11.4 插入状态
/* Insert a state object in the hash table. The object is inserted
 * at the begining of list.
 * Needs cookies, connection, and msgid.
 */
// 将状态插入合适的状态哈希链表
void
insert_state(struct state *st)
{
// 计算哈希值获取该哈希值对应的状态链表头
    struct state **p = state_hash(st->st_icookie, st->st_rcookie
 , &st->st_connection->spd.that.host_addr);
// 确定该状态没插入任何链表
    passert(st->st_hashchain_prev == NULL && st->st_hashchain_next == NULL);

// 将状态插入链表头,
    if (*p != NULL)
    {
 passert((*p)->st_hashchain_prev == NULL);
 (*p)->st_hashchain_prev = st;
    }
    st->st_hashchain_next = *p;
    *p = st;
    /* Ensure that somebody is in charge of killing this state:
     * if no event is scheduled for it, schedule one to discard the state.
     * If nothing goes wrong, this event will be replaced by
     * a more appropriate one.
     */
// 设置事件超时处理, 超时丢弃该状态
    if (st->st_event == NULL)
 event_schedule(EVENT_SO_DISCARD, 0, st);
}

11.5 断开状态

/* unlink a state object from the hash table, but don't free it
 */
// 将状态结构从哈希链表中断开
void
unhash_state(struct state *st)
{
    /* unlink from forward chain */
    struct state **p;

// 前一节点为空, 表示是链表头
    if(st->st_hashchain_prev == NULL) {
// 计算哈希值获取该哈希值对应的状态链表头
// p难道不等于&st ?
 p = state_hash(st->st_icookie, st->st_rcookie
         , &st->st_connection->spd.that.host_addr);
    } else {
 passert(st->st_hashchain_prev != NULL);
// st->st_hashchain_prev->st_hashchain_next难道就不是st
 passert(st->st_hashchain_prev->st_hashchain_next != NULL);
// p难道不等于&st ?
 p = &st->st_hashchain_prev->st_hashchain_next;
    }
    /* unlink from forward chain */
// *p为空, 是异常情况了
    if(*p == NULL) {
 /* if it isn't linked... then we are done. probably.
  * But there is some bug, so log it.
  */
 pexpect(st->st_hashchain_prev != NULL || st->st_hashchain_next != NULL);
 return;
    }
// *p就应该等于st
    passert(*p == st);
// 从链表中断开, next方向
    *p = st->st_hashchain_next;
    /* unlink from backward chain */
    if (st->st_hashchain_next != NULL)
    {
// prev方向断开
 passert(st->st_hashchain_next->st_hashchain_prev == st);
 st->st_hashchain_next->st_hashchain_prev = st->st_hashchain_prev;
    }
// 状态的前后指针均清空
    st->st_hashchain_next = st->st_hashchain_prev = NULL;
}
 

11.6 删除状态

状态删除也有多个函数

/* delete a state object */
void
delete_state(struct state *st)
{
// 状态所在的连接
    struct connection *const c = st->st_connection;
    struct state *old_cur_state = cur_state == st? NULL : cur_state;
    DBG(DBG_CONTROL, DBG_log("deleting state #%lu", st->st_serialno));
    set_cur_state(st);
    /* If DPD is enabled on this state object, clear any pending events */
// 如果该状态还定义了DPD事件, 删除DPD事件
    if(st->st_dpd_event != NULL)
            delete_dpd_event(st);
    /* if there is a suspended state transition, disconnect us */
// 该状态相关的子状态, 断开
    if (st != NULL && st->st_suspended_md != NULL)
    {
 passert(st->st_suspended_md->st == st);
 st->st_suspended_md->st = NULL;
    }
    /* tell the other side of any IPSEC SAs that are going down */
// 如果是已经完成第2阶段或第一阶段的协商,向对方发送状态删除通知
    if (IS_IPSEC_SA_ESTABLISHED(st->st_state)
    || IS_ISAKMP_SA_ESTABLISHED(st->st_state))
 send_delete(st);
// 删除状态的事件
    delete_event(st); /* delete any pending timer event */
    /* Ditch anything pending on ISAKMP SA being established.
     * Note: this must be done before the unhash_state to prevent
     * flush_pending_by_state inadvertently and prematurely
     * deleting our connection.
     */
// 删除状态相关的pending
    flush_pending_by_state(st);
    /* if there is anything in the cryptographic queue, then remove this
     * state from it.
     */
// 删除状态相关的加密队列
    delete_cryptographic_continuation(st);
    /* effectively, this deletes any ISAKMP SA that this state represents */
// 将状态从哈希链表中断开
    unhash_state(st);
    /* tell kernel to delete any IPSEC SA
     * ??? we ought to tell peer to delete IPSEC SAs
     */
// 如果第2阶段协商完成的状态, 删除状态相关的SA
    if (IS_IPSEC_SA_ESTABLISHED(st->st_state))
 delete_ipsec_sa(st, FALSE);
    else if (IS_ONLY_INBOUND_IPSEC_SA_ESTABLISHED(st->st_state))
 delete_ipsec_sa(st, TRUE);
// 如果该状态连接的连接最新IPSEC或ISAKMP状态的序号, 清空该序号
    if (c->newest_ipsec_sa == st->st_serialno)
 c->newest_ipsec_sa = SOS_NOBODY;
    if (c->newest_isakmp_sa == st->st_serialno)
 c->newest_isakmp_sa = SOS_NOBODY;
// 状态和连接断开
    st->st_connection = NULL; /* we might be about to free it */
    cur_state = old_cur_state; /* without st_connection, st isn't complete */
// 检查是否需要删除该连接
    connection_discard(c);
// 释放whack的通信描述符
    release_whack(st);
    /* from here on we are just freeing RAM */
    {
// 释放该状态的消息ID结构
 struct msgid_list *p = st->st_used_msgids;
 while (p != NULL)
 {
     struct msgid_list *q = p;
     p = p->next;
     pfree(q);
 }
    }
// 减少对方公钥的使用数
    unreference_key(&st->st_peer_pubkey);
// 释放状态相关密钥
    if (st->st_sec_in_use) {
 mpz_clear(&(st->st_sec));
 pfreeany(st->st_sec_chunk.ptr);
    }
// 释放状态内部所有用到的数据空间
    pfreeany(st->st_tpacket.ptr);
    pfreeany(st->st_rpacket.ptr);
    pfreeany(st->st_p1isa.ptr);
    pfreeany(st->st_gi.ptr);
    pfreeany(st->st_gr.ptr);
    pfreeany(st->st_shared.ptr);
    pfreeany(st->st_ni.ptr);
    pfreeany(st->st_nr.ptr);
    pfreeany(st->st_skeyid.ptr);
    pfreeany(st->st_skeyid_d.ptr);
    pfreeany(st->st_skeyid_a.ptr);
    pfreeany(st->st_skeyid_e.ptr);
    pfreeany(st->st_enc_key.ptr);
    pfreeany(st->st_ah.our_keymat);
    pfreeany(st->st_ah.peer_keymat);
    pfreeany(st->st_esp.our_keymat);
    pfreeany(st->st_esp.peer_keymat);
    pfreeany(st->st_xauth_username);
// 还把状态结构空间全部重写, 防止泄漏敏感信息
    memset(st, 0xAB, sizeof(*st));
    pfree(st);
}
 
/*
 * delete all states that were created for a given connection.
 * if relations == TRUE, then also delete states that share
 * the same phase 1 SA.
 */
// 删除连接相关的所有状态
void
delete_states_by_connection(struct connection *c, bool relations)
{
    int pass;
    /* this kludge avoids an n^2 algorithm */
// 连接类型
    enum connection_kind ck = c->kind;
    struct spd_route *sr;
    /* save this connection's isakmp SA, since it will get set to later SOS_NOBODY */
// 连接最新的ISAKMP SA的序号
    so_serial_t parent_sa = c->newest_isakmp_sa;
// 如果连接类型是实例化连接, 连接类型改为CK_GOING_AWAY
    if (ck == CK_INSTANCE)
 c->kind = CK_GOING_AWAY;
    /* We take two passes so that we delete any ISAKMP SAs last.
     * This allows Delete Notifications to be sent.
     * ?? We could probably double the performance by caching any
     * ISAKMP SA states found in the first pass, avoiding a second.
     */
// 循环两次
    for (pass = 0; pass != 2; pass++)
    {
 int i;
// 遍历所有状态哈希链表
 /* For each hash chain... */
 for (i = 0; i < STATE_TABLE_SIZE; i++)
 {
     struct state *st;
     /* For each state in the hash chain... */
     for (st = statetable[i]; st != NULL; )
     {
// 备份当前状态
  struct state *this = st;
// 更新到下一个状态, 循环
  st = st->st_hashchain_next; /* before this is deleted */
// 连接匹配
                if ((this->st_connection == c
// 或者非连接的第一个状态
   || (relations && parent_sa != SOS_NOBODY
// 当前状态是从最新的ISAKMP状态克隆出来的
   && this->st_clonedfrom == parent_sa))
// 第2次循环遍历哈希表,或者状态非第一阶段完成的状态
   && (pass == 1 || !IS_ISAKMP_SA_ESTABLISHED(this->st_state)))
                {
// 备份当前状态
                    struct state *old_cur_state
                        = cur_state == this? NULL : cur_state;
#ifdef DEBUG
      lset_t old_cur_debugging = cur_debugging;
#endif
      set_cur_state(this);
      openswan_log("deleting state (%s)"
   , enum_show(&state_names, this->st_state));
// 删除状态登记的事件
      if(this->st_event != NULL) delete_event(this);
// 删除状态
      delete_state(this);
      cur_state = old_cur_state;
#ifdef DEBUG
      set_debugging(old_cur_debugging);
#endif
  }
     }
 }
    }
 /*  Seems to dump here because 1 of the states is NULL.  Removing the Assert
     makes things work.  We should fix this eventually.
    passert(c->newest_ipsec_sa == SOS_NOBODY
     && c->newest_isakmp_sa == SOS_NOBODY);
 */
// 这循环有什么意义么?
    sr = &c->spd;
    while (sr != NULL)
    {
 passert(sr->eroute_owner == SOS_NOBODY);
 passert(sr->routing != RT_ROUTED_TUNNEL);
 sr = sr->next;
    }

    if (ck == CK_INSTANCE)
    {
// 如果连接类型是实例化的连接, 删除连接
 c->kind = ck;
 delete_connection(c, relations);
    }
}
/* Walk through the state table, and delete each state whose phase 1 (IKE)
 * peer is among those given.
 */
// 根据对端地址删除阶段1的状态
void
delete_states_by_peer(ip_address *peer)
{
    char peerstr[ADDRTOT_BUF];
    int i, ph1;
// 将地址转换为字符串
    addrtot(peer, 0, peerstr, sizeof(peerstr));
// 向whack输出
    whack_log(RC_COMMENT, "restarting peer %s\n", peerstr);
    /* first restart the phase1s */
    for(ph1=0; ph1 < 2; ph1++) {
 /* For each hash chain... */
// 遍历所有状态哈希表
 for (i = 0; i < STATE_TABLE_SIZE; i++) {
     struct state *st;
  
     /* For each state in the hash chain... */
     for (st = statetable[i]; st != NULL; ) {
// 备份状态指针
  struct state *this = st;
// 状态相关的连接
  struct connection *c = this->st_connection;
  char ra[ADDRTOT_BUF];
// 状态更新到下一项
  st = st->st_hashchain_next; /* before this is deleted */
  addrtot(&this->st_remoteaddr, 0, ra, sizeof(ra));
  DBG_log("comparing %s to %s\n", ra, peerstr);
// 比较地址是否匹配
  if(sameaddr(&this->st_remoteaddr, peer)) {
// 如果是阶段1的状态
      if(ph1==0 && IS_PHASE1(st->st_state)) {
// 向whack输出信息   
   whack_log(RC_COMMENT
      , "peer %s for connection %s crashed, replacing"
      , peerstr
      , c->name);
// 进行ipsecdoi_replace操作
   ipsecdoi_replace(st, 1);
      } else {
// 非阶段1状态, 删除状态当前的事件
   delete_event(this);
// 调度超时替换操作
   event_schedule(EVENT_SA_REPLACE, 0, this);
      }
  }
     }
 }
    }
}
 
11.7 复制状态
 
/* Duplicate a Phase 1 state object, to create a Phase 2 object.
 * Caller must schedule an event for this object so that it doesn't leak.
 * Caller must insert_state().
 */
// 复制阶段1的状态, 生成阶段2的状态
struct state *
duplicate_state(struct state *st)
{
    struct state *nst;
    DBG(DBG_CONTROL, DBG_log("duplicating state object #%lu",
 st->st_serialno));
    /* record use of the Phase 1 state */
// 老状态复制操作的次数和最后一次复制的时间
    st->st_outbound_count++;
    st->st_outbound_time = now();

// 分配新状态空间
    nst = new_state();
// 复制状态参数, 一般参数就直接赋值
    memcpy(nst->st_icookie, st->st_icookie, COOKIE_SIZE);
    memcpy(nst->st_rcookie, st->st_rcookie, COOKIE_SIZE);
    nst->st_connection = st->st_connection;
    nst->st_doi = st->st_doi;
    nst->st_situation = st->st_situation;
    nst->quirks = st->quirks;
    nst->hidden_variables = st->hidden_variables;
    if(st->st_xauth_username) {
 nst->st_xauth_username = clone_str(st->st_xauth_username
        , "xauth username");
    }
// 复制地址端口网卡
    nst->st_remoteaddr = st->st_remoteaddr;
    nst->st_remoteport = st->st_remoteport;
    nst->st_localaddr  = st->st_localaddr;
    nst->st_localport  = st->st_localport;
    nst->st_interface  = st->st_interface;
// 复制源
    nst->st_clonedfrom = st->st_serialno;

#   define clone_chunk(ch, name) \
 clonetochunk(nst->ch, st->ch.ptr, st->ch.len, name)
// 这些chunk需要新分配空间
    clone_chunk(st_skeyid_d, "st_skeyid_d in duplicate_state");
    clone_chunk(st_skeyid_a, "st_skeyid_a in duplicate_state");
    clone_chunk(st_skeyid_e, "st_skeyid_e in duplicate_state");
    clone_chunk(st_enc_key, "st_enc_key in duplicate_state");
#   undef clone_chunk
    nst->st_oakley = st->st_oakley;
    return nst;
}

11.8 输出状态

// 将状态信息输出到whack
void
show_states_status(void)
{
// 当前时间
    time_t n = now();
    int i;
    char state_buf[LOG_WIDTH];
    char state_buf2[LOG_WIDTH];
    int count;
    struct state **array;
    /* make count of states */
    count = 0;
// 遍历所有哈希表
    for (i = 0; i < STATE_TABLE_SIZE; i++)
    {
 struct state *st;
// 遍历链表
 for (st = statetable[i]; st != NULL; st = st->st_hashchain_next)
 {
// 统计状态数
     count++;
 }
    }
    /* build the array */
// 分配状态指针数组, 容纳当前所有状态指针
    array = alloc_bytes(sizeof(struct state *)*count, "state array");
    count = 0;
    for (i = 0; i < STATE_TABLE_SIZE; i++)
    {
 struct state *st;
 for (st = statetable[i]; st != NULL; st = st->st_hashchain_next)
 {
     array[count++]=st;
 }
    }
    /* sort it! */
// 进行快速排序, 这个是glibc的标准库函数
    qsort(array, count, sizeof(struct state *), state_compare);
    /* now print sorted results */
// 输出排完序的状态
    for (i = 0; i < count; i++)
    {
 struct state *st;
 st = array[i];
// 输出状态信息到缓冲区state_buf中
 fmt_state(st, n, state_buf, sizeof(state_buf)
    , state_buf2, sizeof(state_buf2));
// 发送给whack
 whack_log(RC_COMMENT, state_buf);
 if (state_buf2[0] != '\0')
     whack_log(RC_COMMENT, state_buf2);
 /* show any associated pending Phase 2s */
// 如果是第一阶段的状态, 输出状态的pending结构
 if (IS_PHASE1(st->st_state))
     show_pending_phase2(st->st_connection, st);
    }
    /* free the array */
    pfree(array);
}
 

...... 待续 ......
 

你可能感兴趣的:(职场,休闲)