[Swan-dev] state m/c 2of3: State machine cleanups

Andrew Cagney andrew.cagney at gmail.com
Tue Mar 3 19:20:21 EET 2015

The following changes look at the state machine proper:

- the flag SMF2_STATENEEDED which indicates that the state transition
requires state is completely redundant: "struct state" == NULL IFF
initial-state; is deleted

- I earlier posted questions related to ikev2_process_payloads() - it
is, to me, doing more than it should.
By moving its search logic into the main search-for-state-transition
loop things get more transparent, and SMF2_CONTINUE_MATCH (which
scares me) can also be deleted.
In addition to checking the clear payload, SMF2_UNPACK_SK indicates
that the SK (encrypted) payload can be checked - less stuff for my
rekey states to deal with

- cleans up IKE_I and MSG_R along with md->role and st->st_role (new).
The flags SMF2_MSG_R_CLEAR and SMF2_MSG_R_SET along with
SMF2_IKE_I_SET and SMF2_IKE_I_CLEAR (replace the overlaoded
SMF2_INITIATOR) are used to match expected packet states.
And checks that all is well with md->role and st->st_role are also added
(oh and some weird code declaring that md->role is wrong - if that is
true we're really sunk)

More information about the Swan-dev mailing list