[Swan-dev] xauth_send_request has a comment that confuses me
Paul Wouters
paul at nohats.ca
Mon Oct 9 20:06:34 UTC 2017
On Mon, 9 Oct 2017, Antony Antony wrote:
>> You could look at (st->st_connection->policy & POLICY_AGGRESSIVE) to
>> determine that. But again, I don't see why knowing this should make a
>> difference to the retransmit timer code.
>
> It seems different. Atleast in our test cases, and smc entry supprt this
> theory.
Remember that xauth/modecfg don't always follow smc model.
> To understand it follow state changes on east in xauth-pluto-16(main mode)
> and xauth-pluto-08(aggressive) closely, notice when east initiate XAUTH_R0.
> And what it receive and send just before this.
>
> Due to the difference between main mode and aggressive mode, when
> retransmitting aggressive mode do not re-transmit last aggressive mode
> message, just XAUTH_R0. Where as main mode will first retransmit last main
> mode message and 80msec later re-create XAUTH_R0 and send it.
I don't understand why aggr mode and main mode should behave differently
in this aspect. I suspect one of them was just not fixed?
> You can also see aggressive mode smc entry is different from the main mode.
>
> STATE_MAIN_R2, STATE_MAIN_R3 got SMF_REPLY (MAIN_R2 + XAUTH_R0)
> STATE_AGGR_R1, STATE_AGGR_R2 no SMF_REPLY (just XAUTH_R0)
>
> I just pushed the change df642ec190d534
I don't understand the difference for expecting a reply between
STATE_AGGR_R2 and STATE_MAIN_R3. Both are responder end states that
end up with an established IKE SA. I would expect anything applying
to STATE_XAUTH_R0 to apply regardless of main or aggressive mode.
Paul
More information about the Swan-dev
mailing list