[Swan-dev] encrypted informational message when in state R1?
Paul Wouters
paul at nohats.ca
Thu Feb 19 03:25:17 EET 2015
On Wed, 18 Feb 2015, D. Hugh Redelmeier wrote:
> The only states that support ISAKMP_v2_INFORMATIONAL in the current
> code are STATE_PARENT_I2, STATE_PARENT_R1, and STATE_PARENT_I3, in
> that order. Sure feels like a typo.
STATE_PARENT_R2 also suports informationals, like liveness probes.
> I continue to think that these are terrible state names.
Everybody agrees.
> STATE_PARENT_R1 => STATE_INIT_R
> STATE_PARENT_R2 => STATE_AUTH_R
That would work, andso would:
STATE_PARENT_I1 => STATE_INIT_I
STATE_PARENT_I2 => STATE_AUTH_I
I'm not sure what STATE_PARENT_I3 should be called.
Proposals by Antony (and Hugh?) are written up at:
https://libreswan.org/wiki/IKEv2_Child_SA
Currently our child states are called STATE_PARENT_I3 and STATE_PARENT_R2,
but only because they are cloned from those states and no change_state()
is called on them for a child-specific state.
I have some uncommited code where I created a new state STATE_CHILD with
no SMF entry and after the cline I would put them in that state, which
seems to work but needs more testing and more eye balls on whether or
not this is the right approach. It assumes this state only has events
where it instructs the parent state to do something. The link above has
the suggestion to craete
Paul
More information about the Swan-dev
mailing list