[Swan-dev] send_v2_notification_invalid_ke_from_state
Paul Wouters
paul at nohats.ca
Tue Feb 17 10:53:17 EET 2015
On Tue, 17 Feb 2015, D. Hugh Redelmeier wrote:
> Subject: [Swan-dev] send_v2_notification_invalid_ke_from_state
>
> This calls send_v2_notification.
>
> Do we know that st != NULL?
>
> If not, the passert and the DBG_log will segfault.
>
> If we do know st != NULL, would it not be better to call
> send_v2_notification_from_state?
> That would seem to be simpler and clearer.
> Or is there a problem with getting the right cookies out?
Yes, we need to clear the RCOOKIE and we need to pick up a parameter
from the state to send with the notify (the modp group we DO like)
But I agree, the various send_v2_notif* functions could use a
restructuring. These functions are also AFAIK, not usable for encrypted
notifications, so only for IKE_INIT and IKE_AUTH.
Paul
More information about the Swan-dev
mailing list