[Swan-dev] state m/c 2of3: State machine cleanups

Andrew Cagney andrew.cagney at gmail.com
Tue Mar 3 19:38:30 EET 2015


On 3 March 2015 at 12:27, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 3 Mar 2015, Andrew Cagney wrote:
>
>> - cleans up IKE_I and MSG_R along with md->role and st->st_role (new).
>
>
> Could one state object be in two different roles? Like when it sent a
> delete notify and receiving a DPD/liveness probe?

No.  But there is MSG_R.

"role" is the original role as in the original INITIATOR or RESPONDER.
It can never change. And md-role had better match st->st_role; if it
doesn't we should back away from the payload slowly :-).  Once in the
established state, the role determines encryption but nothing else.

The liveness probe should be using the MSG_R bits. for sender and replier(sic).

(ok, I lie #1, the liveness probe needs to use st->st_role when
encrypting the packet it is going to send)
(ok, I lie #2: if the original responder initiates a re-key, it at the
end of it all becomes the original initiator)


> I'm not yet entirely sure that you can pull "role" from the md into the
> state. (I'm not saying you cannot either)
>
> Paul


More information about the Swan-dev mailing list