X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=blobdiff_plain;f=trp%2Ftrps.c;h=a4891331de2d9523b439eb44f83c3260fcded0e9;hp=f2d3b9d87de41033379314fffb002e9d39f4b679;hb=b5117dd88f660ee157de3cf96f8fb6d952ac342a;hpb=536646258cdf77d28015493c460022e6a239b4f3 diff --git a/trp/trps.c b/trp/trps.c index f2d3b9d..a489133 100644 --- a/trp/trps.c +++ b/trp/trps.c @@ -69,7 +69,7 @@ TRPS_INSTANCE *trps_new (TALLOC_CTX *mem_ctx) TRPS_INSTANCE *trps=talloc(mem_ctx, TRPS_INSTANCE); if (trps!=NULL) { trps->hostname=NULL; - trps->port=0; + trps->trps_port=0; trps->cookie=NULL; trps->conn=NULL; trps->trpc=NULL; @@ -196,7 +196,7 @@ TR_NAME *trps_dup_label(TRPS_INSTANCE *trps) { TALLOC_CTX *tmp_ctx=talloc_new(NULL); TR_NAME *label=NULL; - char *s=talloc_asprintf(tmp_ctx, "%s:%u", trps->hostname, trps->port); + char *s=talloc_asprintf(tmp_ctx, "%s:%u", trps->hostname, trps->trps_port); if (s==NULL) goto cleanup; label=tr_new_name(s); @@ -265,12 +265,15 @@ TRP_RC trps_send_msg(TRPS_INSTANCE *trps, TRP_PEER *peer, const char *msg) /* get the connection for this peer */ trpc=trps_find_trpc(trps, peer); - /* instead, let's let that happen and then clear the queue when an attempt to - * connect fails */ + /* The peer connection (trpc) usually exists even if the connection is down. + * We will queue messages even if the connection is down. To prevent this from + * endlessly increasing the size of the queue, the trpc handler needs to clear + * its queue periodically, even if it is unable to send the messages + */ if (trpc==NULL) { tr_warning("trps_send_msg: skipping message queued for missing TRP client entry."); } else { - mq_msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPC_SEND, TR_MQ_PRIO_NORMAL); + mq_msg=tr_mq_msg_new(tmp_ctx, TR_MQMSG_TRPC_SEND); msg_dup=talloc_strdup(mq_msg, msg); /* get local copy in mq_msg context */ tr_mq_msg_set_payload(mq_msg, msg_dup, NULL); /* no need for a free() func */ trpc_mq_add(trpc, mq_msg); @@ -359,7 +362,6 @@ static TRP_RC trps_read_message(TRPS_INSTANCE *trps, TRP_CONNECTION *conn, TR_MS switch (tr_msg_get_msg_type(*msg)) { case TRP_UPDATE: trp_upd_set_peer(tr_msg_get_trp_upd(*msg), tr_dup_name(conn_peer)); - trp_upd_set_next_hop(tr_msg_get_trp_upd(*msg), trp_peer_get_server(peer), 0); /* TODO: 0 should be the configured TID port */ /* update provenance if necessary */ trp_upd_add_to_provenance(tr_msg_get_trp_upd(*msg), trp_peer_get_label(peer)); break; @@ -382,7 +384,7 @@ int trps_get_listener(TRPS_INSTANCE *trps, TRPS_MSG_FUNC msg_handler, TRP_AUTH_FUNC auth_handler, const char *hostname, - unsigned int port, + int port, void *cookie, int *fd_out, size_t max_fd) @@ -393,7 +395,7 @@ int trps_get_listener(TRPS_INSTANCE *trps, n_fd = tr_sock_listen_all(port, fd_out, max_fd); if (n_fd == 0) - tr_err("trps_get_listener: Error opening port %d."); + tr_err("trps_get_listener: Error opening port %d.", port); else { /* opening port succeeded */ tr_info("trps_get_listener: Opened port %d.", port); @@ -417,7 +419,7 @@ int trps_get_listener(TRPS_INSTANCE *trps, trps->msg_handler = msg_handler; trps->auth_handler = auth_handler; trps->hostname = talloc_strdup(trps, hostname); - trps->port = port; + trps->trps_port = port; trps->cookie = cookie; } @@ -499,12 +501,27 @@ static TRP_RC trps_validate_inforec(TRPS_INSTANCE *trps, TRP_INFOREC *rec) switch(trp_inforec_get_type(rec)) { case TRP_INFOREC_TYPE_ROUTE: if ((trp_inforec_get_trust_router(rec)==NULL) - || (trp_inforec_get_next_hop(rec)==NULL)) { + || (trp_inforec_get_next_hop(rec)==NULL)) { tr_debug("trps_validate_inforec: missing record info."); return TRP_ERROR; } - /* check for valid metric */ + /* check for valid ports */ + if ((trp_inforec_get_trust_router_port(rec) <= 0) + || (trp_inforec_get_trust_router_port(rec) > 65535)) { + tr_debug("trps_validate_inforec: invalid trust router port (%d)", + trp_inforec_get_trust_router_port(rec)); + return TRP_ERROR; + } + + if ((trp_inforec_get_next_hop_port(rec) <= 0) + || (trp_inforec_get_next_hop_port(rec) > 65535)) { + tr_debug("trps_validate_inforec: invalid next hop port (%d)", + trp_inforec_get_next_hop_port(rec)); + return TRP_ERROR; + } + + /* check for valid metric */ if (trp_metric_is_invalid(trp_inforec_get_metric(rec))) { tr_debug("trps_validate_inforec: invalid metric (%u).", trp_inforec_get_metric(rec)); return TRP_ERROR; @@ -590,6 +607,17 @@ static struct timespec *trps_compute_expiry(TRPS_INSTANCE *trps, unsigned int in return ts; } + +/* compare hostname/port of the trust router, return 0 if they match */ +static int trust_router_changed(TRP_ROUTE *route, TRP_INFOREC *rec) +{ + if (trp_route_get_trust_router_port(route) != trp_inforec_get_trust_router_port(rec)) + return 1; + + return tr_name_cmp(trp_route_get_trust_router(route), + trp_inforec_get_trust_router(rec)); +} + static TRP_RC trps_accept_update(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC *rec) { TRP_ROUTE *entry=NULL; @@ -609,8 +637,9 @@ static TRP_RC trps_accept_update(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC trp_route_set_realm(entry, trp_upd_dup_realm(upd)); trp_route_set_peer(entry, trp_upd_dup_peer(upd)); trp_route_set_trust_router(entry, trp_inforec_dup_trust_router(rec)); + trp_route_set_trust_router_port(entry, trp_inforec_get_trust_router_port(rec)); trp_route_set_next_hop(entry, trp_inforec_dup_next_hop(rec)); - /* TODO: pass next hop port (now defaults to TID_PORT) --jlr */ + trp_route_set_next_hop_port(entry, trp_inforec_get_next_hop_port(rec)); if ((trp_route_get_comm(entry)==NULL) ||(trp_route_get_realm(entry)==NULL) ||(trp_route_get_peer(entry)==NULL) @@ -632,13 +661,13 @@ static TRP_RC trps_accept_update(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC trp_route_set_metric(entry, trp_inforec_get_metric(rec)); trp_route_set_interval(entry, trp_inforec_get_interval(rec)); - /* check whether the trust router has changed */ - if (0!=tr_name_cmp(trp_route_get_trust_router(entry), - trp_inforec_get_trust_router(rec))) { + /* check whether the trust router has changed (either name or port) */ + if (trust_router_changed(entry, rec)) { /* The name changed. Set this route as triggered. */ tr_debug("trps_accept_update: trust router for route changed."); trp_route_set_triggered(entry, 1); trp_route_set_trust_router(entry, trp_inforec_dup_trust_router(rec)); /* frees old name */ + trp_route_set_trust_router_port(entry, trp_inforec_get_trust_router_port(rec)); } if (!trps_route_retracted(trps, entry)) { tr_debug("trps_accept_update: route not retracted, setting expiry timer."); @@ -653,36 +682,50 @@ static TRP_RC trps_accept_update(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC static TRP_RC trps_handle_inforec_route(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_INFOREC *rec) { TRP_ROUTE *route=NULL; + TR_COMM *comm = NULL; unsigned int feas=0; /* determine feasibility */ feas=trps_check_feasibility(trps, trp_upd_get_realm(upd), trp_upd_get_comm(upd), rec); tr_debug("trps_handle_update: record feasibility=%d", feas); - /* do we have an existing route? */ - route=trps_get_route(trps, - trp_upd_get_comm(upd), - trp_upd_get_realm(upd), - trp_upd_get_peer(upd)); - if (route!=NULL) { - /* there was a route table entry already */ - tr_debug("trps_handle_updates: route entry already exists."); - if (feas) { - /* Update is feasible. Accept it. */ - trps_accept_update(trps, upd, rec); - } else { - /* Update is infeasible. Ignore it unless the trust router has changed. */ - if (0!=tr_name_cmp(trp_route_get_trust_router(route), - trp_inforec_get_trust_router(rec))) { - /* the trust router associated with the route has changed, treat update as a retraction */ - trps_retract_route(trps, route); + /* verify that the community is an APC */ + comm = tr_comm_table_find_comm(trps->ctable, trp_upd_get_comm(upd)); + if (comm == NULL) { + /* We don't know this community. Reject the route. */ + tr_debug("trps_handle_updates: community %.*s unknown, ignoring route for %.*s", + trp_upd_get_comm(upd)->len, trp_upd_get_comm(upd)->buf, + trp_upd_get_realm(upd)->len, trp_upd_get_realm(upd)->buf); + } else if (tr_comm_get_type(comm) != TR_COMM_APC) { + /* The community in a route request *must* be an APC. This was not - ignore it. */ + tr_debug("trps_handle_updates: community %.*s is not an APC, ignoring route for %.*s", + trp_upd_get_comm(upd)->len, trp_upd_get_comm(upd)->buf, + trp_upd_get_realm(upd)->len, trp_upd_get_realm(upd)->buf); + } else { + /* do we have an existing route? */ + route=trps_get_route(trps, + trp_upd_get_comm(upd), + trp_upd_get_realm(upd), + trp_upd_get_peer(upd)); + if (route!=NULL) { + /* there was a route table entry already */ + tr_debug("trps_handle_updates: route entry already exists."); + if (feas) { + /* Update is feasible. Accept it. */ + trps_accept_update(trps, upd, rec); + } else { + /* Update is infeasible. Ignore it unless the trust router has changed. */ + if (trust_router_changed(route, rec)) { + /* the trust router associated with the route has changed, treat update as a retraction */ + trps_retract_route(trps, route); + } } + } else { + /* No existing route table entry. Ignore it unless it is feasible and not a retraction. */ + tr_debug("trps_handle_update: no route entry exists yet."); + if (feas && trp_metric_is_finite(trp_inforec_get_metric(rec))) + trps_accept_update(trps, upd, rec); } - } else { - /* No existing route table entry. Ignore it unless it is feasible and not a retraction. */ - tr_debug("trps_handle_update: no route entry exists yet."); - if (feas && trp_metric_is_finite(trp_inforec_get_metric(rec))) - trps_accept_update(trps, upd, rec); } return TRP_SUCCESS; @@ -768,7 +811,7 @@ cleanup: return comm; } -static TR_RP_REALM *trps_create_new_rp_realm(TALLOC_CTX *mem_ctx, TR_NAME *realm_id, TRP_INFOREC *rec) +static TR_RP_REALM *trps_create_new_rp_realm(TALLOC_CTX *mem_ctx, TR_NAME *comm, TR_NAME *realm_id, TRP_INFOREC *rec) { TALLOC_CTX *tmp_ctx=talloc_new(NULL); TR_RP_REALM *rp=tr_rp_realm_new(tmp_ctx); @@ -791,11 +834,15 @@ cleanup: return rp; } -static TR_IDP_REALM *trps_create_new_idp_realm(TALLOC_CTX *mem_ctx, TR_NAME *realm_id, TRP_INFOREC *rec) +static TR_IDP_REALM *trps_create_new_idp_realm(TALLOC_CTX *mem_ctx, + TR_NAME *comm_id, + TR_NAME *realm_id, + TRP_INFOREC *rec) { TALLOC_CTX *tmp_ctx=talloc_new(NULL); TR_IDP_REALM *idp=tr_idp_realm_new(tmp_ctx); - + TR_APC *realm_apcs = NULL; + if (idp==NULL) { tr_debug("trps_create_new_idp_realm: unable to allocate new realm."); goto cleanup; @@ -807,14 +854,52 @@ static TR_IDP_REALM *trps_create_new_idp_realm(TALLOC_CTX *mem_ctx, TR_NAME *rea idp=NULL; goto cleanup; } - if (trp_inforec_get_apcs(rec)!=NULL) { - tr_idp_realm_set_apcs(idp, tr_apc_dup(tmp_ctx, trp_inforec_get_apcs(rec))); - if (tr_idp_realm_get_apcs(idp)==NULL) { - tr_debug("trps_create_new_idp_realm: unable to allocate APC list."); - idp=NULL; + + /* Set the APCs. If the community is a CoI, copy its APCs. If it is an APC, then + * that community itself is the APC for the realm. */ + if (trp_inforec_get_comm_type(rec) == TR_COMM_APC) { + /* the community is an APC for this realm */ + realm_apcs = tr_apc_new(tmp_ctx); + if (realm_apcs == NULL) { + tr_debug("trps_create_new_idp_realm: unable to allocate new APC list."); + idp = NULL; + goto cleanup; + } + + tr_apc_set_id(realm_apcs, tr_dup_name(comm_id)); + if (tr_apc_get_id(realm_apcs) == NULL) { + tr_debug("trps_create_new_idp_realm: unable to allocate new APC name."); + idp = NULL; + goto cleanup; + } + } else { + /* the community is not an APC for this realm */ + realm_apcs = trp_inforec_get_apcs(rec); + if (realm_apcs == NULL) { + tr_debug("trps_create_new_idp_realm: no APCs for realm %.*s/%.*s, cannot add.", + realm_id->len, realm_id->buf, + comm_id->len, comm_id->buf); + idp = NULL; + goto cleanup; + } + + /* we have APCs, make our own copy */ + realm_apcs = tr_apc_dup(tmp_ctx, realm_apcs); + if (realm_apcs == NULL) { + tr_debug("trps_create_new_idp_realm: unable to duplicate APC list."); + idp = NULL; goto cleanup; } } + + /* Whether the community is an APC or CoI, the APCs for the realm are in realm_apcs */ + tr_idp_realm_set_apcs(idp, realm_apcs); /* takes realm_apcs out of tmp_ctx on success */ + if (tr_idp_realm_get_apcs(idp) == NULL) { + tr_debug("trps_create_new_idp_realm: unable to set APC list for new realm."); + idp=NULL; + goto cleanup; + } + idp->origin=TR_REALM_DISCOVERED; talloc_steal(mem_ctx, idp); @@ -864,7 +949,11 @@ static TRP_RC trps_handle_inforec_comm(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_IN tr_debug("trps_handle_inforec_comm: unable to create new community."); goto cleanup; } - tr_comm_table_add_comm(trps->ctable, comm); + if (tr_comm_table_add_comm(trps->ctable, comm) != 0) + { + tr_debug("trps_handle_inforec_comm: unable to add community to community table."); + goto cleanup; + } } /* TODO: see if other comm data match the new inforec and update or complain */ @@ -878,7 +967,7 @@ static TRP_RC trps_handle_inforec_comm(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_IN if (rp_realm==NULL) { tr_debug("trps_handle_inforec_comm: unknown RP realm %.*s in inforec, creating it.", realm_id->len, realm_id->buf); - rp_realm=trps_create_new_rp_realm(tmp_ctx, realm_id, rec); + rp_realm= trps_create_new_rp_realm(tmp_ctx, tr_comm_get_id(comm), realm_id, rec); if (rp_realm==NULL) { tr_debug("trps_handle_inforec_comm: unable to create new RP realm."); /* we may leave an unused community in the table, but it will only last until @@ -899,7 +988,7 @@ static TRP_RC trps_handle_inforec_comm(TRPS_INSTANCE *trps, TRP_UPD *upd, TRP_IN if (idp_realm==NULL) { tr_debug("trps_handle_inforec_comm: unknown IDP realm %.*s in inforec, creating it.", realm_id->len, realm_id->buf); - idp_realm=trps_create_new_idp_realm(tmp_ctx, realm_id, rec); + idp_realm= trps_create_new_idp_realm(tmp_ctx, tr_comm_get_id(comm), realm_id, rec); if (idp_realm==NULL) { tr_debug("trps_handle_inforec_comm: unable to create new IDP realm."); /* we may leave an unused community in the table, but it will only last until @@ -1052,12 +1141,13 @@ static TRP_RC trps_validate_request(TRPS_INSTANCE *trps, TRP_REQ *req) /* choose the best route to comm/realm, optionally excluding routes to a particular peer */ static TRP_ROUTE *trps_find_best_route(TRPS_INSTANCE *trps, - TR_NAME *comm, - TR_NAME *realm, - TR_NAME *exclude_peer) + TR_NAME *comm, + TR_NAME *realm, + TR_NAME *exclude_peer_label) { TRP_ROUTE **entry=NULL; TRP_ROUTE *best=NULL; + TRP_PEER *route_peer = NULL; size_t n_entry=0; unsigned int kk=0; unsigned int kk_min=0; @@ -1066,13 +1156,31 @@ static TRP_ROUTE *trps_find_best_route(TRPS_INSTANCE *trps, entry=trp_rtable_get_realm_entries(trps->rtable, comm, realm, &n_entry); for (kk=0; kkptable, + trp_route_get_peer(entry[kk])); + if (route_peer == NULL) { + tr_err("trps_find_best_route: unknown peer GSS name (%.*s) for route %d to %.*s/%.*s", + trp_route_get_peer(entry[kk])->len, trp_route_get_peer(entry[kk])->buf, + kk, + realm->len, realm->buf, + comm->len, comm->buf); + continue; /* unknown peer, skip the route */ + } + if (0 == tr_name_cmp(exclude_peer_label, trp_peer_get_label(route_peer))) { + /* we're excluding this peer - skip the route */ + continue; + } + } + } + /* if we get here, we're not excluding the route */ + kk_min = kk; + min_metric = trp_route_get_metric(entry[kk]); } } + if (trp_metric_is_finite(min_metric)) best=entry[kk_min]; @@ -1266,13 +1374,23 @@ static TRP_INFOREC *trps_route_to_inforec(TALLOC_CTX *mem_ctx, TRPS_INSTANCE *tr trp_route_get_peer(route))); } - /* Note that we leave the next hop empty since the recipient fills that in. - * This is where we add the link cost (currently always 1) to the next peer. */ - if ((trp_inforec_set_trust_router(rec, trp_route_dup_trust_router(route)) != TRP_SUCCESS) - ||(trp_inforec_set_metric(rec, - trps_metric_add(trp_route_get_metric(route), - linkcost)) != TRP_SUCCESS) - ||(trp_inforec_set_interval(rec, trps_get_update_interval(trps)) != TRP_SUCCESS)) { + /* + * This is where we add the link cost (currently always 1) to the next peer. + * + * Here, set next_hop to our TID address/port rather than passing along our own + * next_hop. That is the one *we* use to forward requests. We are advertising + * ourselves as a hop for our peers. + */ + if ((TRP_SUCCESS != trp_inforec_set_trust_router(rec, + trp_route_dup_trust_router(route), + trp_route_get_trust_router_port(route))) + ||(TRP_SUCCESS != trp_inforec_set_next_hop(rec, + tr_new_name(trps->hostname), + trps->tids_port)) + ||(TRP_SUCCESS != trp_inforec_set_metric(rec, + trps_metric_add(trp_route_get_metric(route), + linkcost))) + ||(TRP_SUCCESS != trp_inforec_set_interval(rec, trps_get_update_interval(trps)))) { tr_err("trps_route_to_inforec: error creating route update."); talloc_free(rec); rec=NULL; @@ -1322,26 +1440,67 @@ cleanup: } /* select the correct route to comm/realm to be announced to peer */ -static TRP_ROUTE *trps_select_realm_update(TRPS_INSTANCE *trps, TR_NAME *comm, TR_NAME *realm, TR_NAME *peer_gssname) +static TRP_ROUTE *trps_select_realm_update(TRPS_INSTANCE *trps, TR_NAME *comm, TR_NAME *realm, TR_NAME *peer_label) { - TRP_ROUTE *route; + TRP_ROUTE *route = NULL; + TRP_PEER *route_peer = NULL; + TR_NAME *route_peer_label = NULL; /* Take the currently selected route unless it is through the peer we're sending the update to. - * I.e., enforce the split horizon rule. */ + * I.e., enforce the split horizon rule. Start by looking up the currently selected route. */ route=trp_rtable_get_selected_entry(trps->rtable, comm, realm); if (route==NULL) { /* No selected route, this should only happen if the only route has been retracted, * in which case we do not want to advertise it. */ return NULL; } - tr_debug("trps_select_realm_update: %s vs %s", peer_gssname->buf, - trp_route_get_peer(route)->buf); - if (0==tr_name_cmp(peer_gssname, trp_route_get_peer(route))) { - tr_debug("trps_select_realm_update: matched, finding alternate route"); - /* the selected entry goes through the peer we're reporting to, choose an alternate */ - route=trps_find_best_route(trps, comm, realm, peer_gssname); - if ((route==NULL) || (!trp_metric_is_finite(trp_route_get_metric(route)))) - return NULL; /* don't advertise a nonexistent or retracted route */ + + /* Check whether it's local. */ + if (trp_route_is_local(route)) { + /* It is always ok to announce a local route */ + tr_debug("trps_select_realm_update: selected route for %.*s/%.*s is local", + realm->len, realm->buf, + comm->len, comm->buf); + } else { + /* It's not local. Get the route's peer and check whether it's the same place we + * got the selected route from. Peer should always correspond to an entry in our + * peer table. */ + tr_debug("trps_select_realm_update: selected route for %.*s/%.*s is not local", + realm->len, realm->buf, + comm->len, comm->buf); + route_peer = trp_ptable_find_gss_name(trps->ptable, trp_route_get_peer(route)); + if (route_peer == NULL) { + tr_err("trps_select_realm_update: unknown peer GSS name (%.*s) for selected route for %.*s/%.*s", + trp_route_get_peer(route)->len, trp_route_get_peer(route)->buf, + realm->len, realm->buf, + comm->len, comm->buf); + return NULL; + } + route_peer_label = trp_peer_get_label(route_peer); + if (route_peer_label == NULL) { + tr_err("trps_select_realm_update: error retrieving peer label for selected route for %.*s/%.*s", + realm->len, realm->buf, + comm->len, comm->buf); + return NULL; + } + + /* see if these match */ + tr_debug("trps_select_realm_update: %.*s vs %.*s", + peer_label->len, peer_label->buf, + route_peer_label->len, route_peer_label->buf); + + if (0==tr_name_cmp(peer_label, route_peer_label)) { + /* the selected entry goes through the peer we're reporting to, choose an alternate */ + tr_debug("trps_select_realm_update: matched, finding alternate route"); + route=trps_find_best_route(trps, comm, realm, peer_label); + if ((route==NULL) || (!trp_metric_is_finite(trp_route_get_metric(route)))) { + tr_debug("trps_select_realm_update: no route to %.*s/%.*s suitable to advertise to %.*s", + realm->len, realm->buf, + comm->len, comm->buf, + peer_label->len, peer_label->buf); + return NULL; /* don't advertise a nonexistent or retracted route */ + } + } } return route; } @@ -1350,7 +1509,7 @@ static TRP_ROUTE *trps_select_realm_update(TRPS_INSTANCE *trps, TR_NAME *comm, T static TRP_RC trps_select_route_updates_for_peer(TALLOC_CTX *mem_ctx, GPtrArray *updates, TRPS_INSTANCE *trps, - TR_NAME *peer_gssname, + TR_NAME *peer_label, int triggered) { size_t n_comm=0; @@ -1367,7 +1526,7 @@ static TRP_RC trps_select_route_updates_for_peer(TALLOC_CTX *mem_ctx, for (ii=0; iirtable, comm[ii], &n_realm); for (jj=0; jjlen, tr_realm_get_id(realm)->buf); - upd=trps_comm_update(mem_ctx, trps, peer_gssname, comm, realm); + upd=trps_comm_update(mem_ctx, trps, peer_label, comm, realm); if (upd!=NULL) g_ptr_array_add(updates, upd); }