[Swan-dev] send_v2_notification_invalid_ke_from_state

Paul Wouters paul at nohats.ca
Tue Feb 17 10:53:17 EET 2015


On Tue, 17 Feb 2015, D. Hugh Redelmeier wrote:

> Subject: [Swan-dev] send_v2_notification_invalid_ke_from_state
> 
> This calls send_v2_notification.
>
> Do we know that st != NULL?
>
> If not, the passert and the DBG_log will segfault.
>
> If we do know st != NULL, would it not be better to call
> send_v2_notification_from_state?
> That would seem to be simpler and clearer.
> Or is there a problem with getting the right cookies out?

Yes, we need to clear the RCOOKIE and we need to pick up a parameter
from the state to send with the notify (the modp group we DO like)

But I agree, the various send_v2_notif* functions could use a
restructuring. These functions are also AFAIK, not usable for encrypted
notifications, so only for IKE_INIT and IKE_AUTH.

Paul


More information about the Swan-dev mailing list