[Swan-dev] ikev2: decode notify payloads into the message digest

Paul Wouters paul at nohats.ca
Thu Feb 20 23:34:15 UTC 2020

On Thu, 20 Feb 2020, Andrew Cagney wrote:

>    Instead of storing the message digest's notify payloads directly into
>    struct state or local variables, store them in the message digest, and
>    then access the values as needed.

How does that work after the exchange is completely processed? Are there
cases where we need to remember having received these before? For IPsec,
I guess we can look things up in the IPsec SA, and ensure we send only
the things we did last time. Is there anything we might have received
for the IKE SA that we need to remember for a rekey?

Looking through the payloads now, I don't see anything. So this might be
okay for now.

Also, if we are doing this, why should we store some of these in a new
structure as bools? Couldn't we just write wrapper functions that just
re-read the parsed list of notifies? eg ntfy->payload.v2n.isan_type[x]


More information about the Swan-dev mailing list