[Swan-dev] state m/c 2of3: State machine cleanups
andrew.cagney at gmail.com
Tue Mar 3 19:38:30 EET 2015
On 3 March 2015 at 12:27, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 3 Mar 2015, Andrew Cagney wrote:
>> - cleans up IKE_I and MSG_R along with md->role and st->st_role (new).
> Could one state object be in two different roles? Like when it sent a
> delete notify and receiving a DPD/liveness probe?
No. But there is MSG_R.
"role" is the original role as in the original INITIATOR or RESPONDER.
It can never change. And md-role had better match st->st_role; if it
doesn't we should back away from the payload slowly :-). Once in the
established state, the role determines encryption but nothing else.
The liveness probe should be using the MSG_R bits. for sender and replier(sic).
(ok, I lie #1, the liveness probe needs to use st->st_role when
encrypting the packet it is going to send)
(ok, I lie #2: if the original responder initiates a re-key, it at the
end of it all becomes the original initiator)
> I'm not yet entirely sure that you can pull "role" from the md into the
> state. (I'm not saying you cannot either)
More information about the Swan-dev