[Swan] Can you elaborate on this ?

Philippe Vouters philippe.vouters at laposte.net
Tue Jan 22 22:43:58 EET 2013 

I may also accept "both" as a valid answer. In which case, which side, 
from Netscreen or Libreswan, is supposed to have modified this 
smc->flags variable the last when it comes into the routine 
process_packet ???? Shouldn't process_packet be better renamed to 
process_incoming_packet ???

Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

Le 22/01/2013 21:22, Philippe Vouters a écrit :
> Paul,
>
> You succeeded to totally confuse me in your successive explanations 
> for my actual understanding of Elison's problem. This is my only 
> question to you after this mail of yours below:
> Which side, Netscreen or Libreswan, is supposed to set smc->flags in 
> the code extract I focus onto ???? Only one among the three possible 
> answers I accept : "don't know/not sure", "Netscreen", "Libreswan".
>
> Philippe Vouters (Fontainebleau/France)
> URL: http://vouters.dyndns.org/
> SIP: sip:Vouters at sip.linphone.org
>
> Le 22/01/2013 20:13, Paul Wouters a écrit :
>> On Tue, 22 Jan 2013, Philippe Vouters wrote:
>>
>>> Can you give me with no hesitation which actual state corresponds to
>>> OAKLEY_AUTH_ROOF + 2 ? From the lecture of Libreswan source code, 
>>> getting this certainty is not trivial.
>>> OAKLEY_AUTH_ROOF + 2 conditions this loglog'ed message:
>>
>> These are just defines,
>>
>> libreswan/programs/pluto/ikev1.c:#define SMF_ALL_AUTH LRANGE(0, 
>> OAKLEY_AUTH_ROOF-1)
>> libreswan/programs/pluto/ikev1.c:#define SMF_INITIATOR 
>> LELEM(OAKLEY_AUTH_ROOF + 0)
>> libreswan/programs/pluto/ikev1.c:#define SMF_FIRST_ENCRYPTED_INPUT 
>> LELEM(OAKLEY_AUTH_ROOF + 1)
>> libreswan/programs/pluto/ikev1.c:#define SMF_INPUT_ENCRYPTED 
>> LELEM(OAKLEY_AUTH_ROOF + 2)
>> libreswan/programs/pluto/ikev1.c:#define SMF_OUTPUT_ENCRYPTED 
>> LELEM(OAKLEY_AUTH_ROOF + 3)
>> libreswan/programs/pluto/ikev1.c:#define SMF_RETRANSMIT_ON_DUPLICATE 
>> LELEM(OAKLEY_AUTH_ROOF + 4)
>> libreswan/programs/pluto/ikev1.c:#define SMF_REPLY 
>> LELEM(OAKLEY_AUTH_ROOF + 5)
>> libreswan/programs/pluto/ikev1.c:#define SMF_RELEASE_PENDING_P2 
>> LELEM(OAKLEY_AUTH_ROOF + 6)
>> libreswan/programs/pluto/ikev1.c:#define SMF_XAUTH_AUTH 
>> LELEM(OAKLEY_AUTH_ROOF + 7)
>>
>> They are used for our own defines. There is probably a good and smart
>> reason why Hugh originally based them on values > OAKLEY_AUTH_ROOF, but
>> I don't know them.
>>
>>> smc in the code extract above is nothing but:
>>> smc = md->smc;
>>> and as per your explanation on md, I quote you:
>>> "
>>> md is the message digest, the stream of bytes from the incoming packet.
>>> "
>>> smc->flags should have been set by the Netscreen side.
>>
>> Not entirely, smc is the state machine microcode. The struct md is
>> defined as:
>>
>> struct msg_digest {
>>     struct msg_digest *next;    /* for free list */
>>     chunk_t raw_packet;         /* if encrypted, received packet 
>> before decryption */
>>     const struct iface_port *iface;     /* interface on which message 
>> arrived */
>>     ip_address sender;          /* where message came from (network 
>> order) */
>>     u_int16_t sender_port;      /* host order */
>>     pb_stream packet_pbs;       /* whole packet */
>>     pb_stream message_pbs;      /* message to be processed */
>>     pb_stream clr_pbs;          /* place to store decrypted packet */
>>     struct isakmp_hdr hdr;      /* message's header */
>>     bool encrypted;     /* was it encrypted? */
>>     enum state_kind from_state; /* state we started in */
>>     const struct state_microcode *smc;    /* microcode for initial 
>> state (v1)*/
>>     const struct state_v2_microcode *svm; /* microcode for initial 
>> state (v2)*/
>>     bool new_iv_set;
>>     struct state *st;   /* current state object */
>>     struct state *pst;  /* parent state object (if any) */
>>
>>     enum phase1_role role;
>>     msgid_t          msgid_received;
>>
>>     pb_stream rbody;    /* room for reply body (after header) */
>>     notification_t note;        /* reason for failure */
>>     bool dpd;           /* Peer supports RFC 3706 DPD */
>>     bool ikev2;         /* Peer supports IKEv2 */
>>     bool event_already_set;
>>     stf_status result;  /* temporary stored here for access by Tcl */
>>
>> #   define PAYLIMIT 30
>>     struct payload_digest
>>         digest[PAYLIMIT],
>>         *digest_roof,
>>         *chain[ISAKMP_NEXT_ROOF];
>>     struct isakmp_quirks quirks;
>> };
>>
>> I did not mean to say md is _just_ the packet. Apologies for the
>> confusion.
>>
>> Paul
>>
>>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>

More information about the Swan mailing list