[Swan-dev] state m/c 2of3: State machine cleanups
D. Hugh Redelmeier
hugh at mimosa.com
Tue Mar 3 23:42:36 EET 2015
| From: Andrew Cagney <andrew.cagney at gmail.com>
(I didn't write the centralized V2 code driven by the microcode but it
was kind of copied from what I did in V1.)
| - I earlier posted questions related to ikev2_process_payloads() - it
| is, to me, doing more than it should.
| By moving its search logic into the main search-for-state-transition
| loop things get more transparent, and SMF2_CONTINUE_MATCH (which
| scares me) can also be deleted.
| In addition to checking the clear payload, SMF2_UNPACK_SK indicates
| that the SK (encrypted) payload can be checked - less stuff for my
| rekey states to deal with
The following is based on my imperfect memory. With no checking.
Beware.
I hacked in the SMF2_CONTINUE_MATCH code. Why?
- decryption was not done by the central routine: the per-transition
routines do it.
- in some cases, decryption exposes information that affects microcode
selection. So a second go at matching was required
(SMF2_CONTINUE_MATCH).
Some thoughts:
- I think that it would be better to have the centralized routine do
the decryption before calling the appropriate per-transition
routine.
- I think that there are some cases where a bit of transition-specific
code is needed before the keying material for decryption is
available. (So it was easier to hack in what I did rather than
making larger changes.)
- ikev2_process_payloads gets called twice on an encrypted message:
the first gobbles just the single E payload; the second gobbles the many
payloads within the decrypted E payload.
- I think that it would be clearer if the E payload were special-cased
and that ikev2_process_payload were only called once
and that the payload checking only be done once
and only then would the per-transition function be called.
But the proof would be if the code were simplified by this.
My feeling is that a significant amount of code that is replicated in
several per-transition functions could be moved into a central routine
and gated by microcode. That was the motivation for the microcode
construct in V1.
An example of centralizing code is moving the timeout-setting logic out of
the per-transition functions. I think that Antony has done (most of?
all of?) this.
More information about the Swan-dev
mailing list