[Swan] Can you elaborate on this ?
Harald Jenny
harald at a-little-linux-box.at
Wed Jan 23 08:48:34 EET 2013
http://fossies.org/dox/openswan-2.6.38/structstate__microcode.html#ac0788a57a16fe238c958196e6817854d
You just may take a look at it yourself, I do not suspect the code
changed this far from openswan 2.6.38
On Tue, Jan 22, 2013 at 09:22:24PM +0100, Philippe Vouters wrote:
> Paul,
>
> You succeeded to totally confuse me in your successive explanations
> for my actual understanding of Elison's problem. This is my only
> question to you after this mail of yours below:
> Which side, Netscreen or Libreswan, is supposed to set smc->flags in
> the code extract I focus onto ???? Only one among the three possible
> answers I accept : "don't know/not sure", "Netscreen", "Libreswan".
>
> Philippe Vouters (Fontainebleau/France)
> URL: http://vouters.dyndns.org/
> SIP: sip:Vouters at sip.linphone.org
>
> Le 22/01/2013 20:13, Paul Wouters a écrit :
> >On Tue, 22 Jan 2013, Philippe Vouters wrote:
> >
> >>Can you give me with no hesitation which actual state corresponds to
> >>OAKLEY_AUTH_ROOF + 2 ? From the lecture of Libreswan source
> >>code, getting this certainty is not trivial.
> >>OAKLEY_AUTH_ROOF + 2 conditions this loglog'ed message:
> >
> >These are just defines,
> >
> >libreswan/programs/pluto/ikev1.c:#define SMF_ALL_AUTH LRANGE(0,
> >OAKLEY_AUTH_ROOF-1)
> >libreswan/programs/pluto/ikev1.c:#define SMF_INITIATOR
> >LELEM(OAKLEY_AUTH_ROOF + 0)
> >libreswan/programs/pluto/ikev1.c:#define SMF_FIRST_ENCRYPTED_INPUT
> >LELEM(OAKLEY_AUTH_ROOF + 1)
> >libreswan/programs/pluto/ikev1.c:#define SMF_INPUT_ENCRYPTED
> >LELEM(OAKLEY_AUTH_ROOF + 2)
> >libreswan/programs/pluto/ikev1.c:#define SMF_OUTPUT_ENCRYPTED
> >LELEM(OAKLEY_AUTH_ROOF + 3)
> >libreswan/programs/pluto/ikev1.c:#define
> >SMF_RETRANSMIT_ON_DUPLICATE LELEM(OAKLEY_AUTH_ROOF + 4)
> >libreswan/programs/pluto/ikev1.c:#define SMF_REPLY
> >LELEM(OAKLEY_AUTH_ROOF + 5)
> >libreswan/programs/pluto/ikev1.c:#define SMF_RELEASE_PENDING_P2
> >LELEM(OAKLEY_AUTH_ROOF + 6)
> >libreswan/programs/pluto/ikev1.c:#define SMF_XAUTH_AUTH
> >LELEM(OAKLEY_AUTH_ROOF + 7)
> >
> >They are used for our own defines. There is probably a good and smart
> >reason why Hugh originally based them on values > OAKLEY_AUTH_ROOF, but
> >I don't know them.
> >
> >>smc in the code extract above is nothing but:
> >>smc = md->smc;
> >>and as per your explanation on md, I quote you:
> >>"
> >>md is the message digest, the stream of bytes from the incoming packet.
> >>"
> >>smc->flags should have been set by the Netscreen side.
> >
> >Not entirely, smc is the state machine microcode. The struct md is
> >defined as:
> >
> >struct msg_digest {
> > struct msg_digest *next; /* for free list */
> > chunk_t raw_packet; /* if encrypted, received packet
> >before decryption */
> > const struct iface_port *iface; /* interface on which
> >message arrived */
> > ip_address sender; /* where message came from
> >(network order) */
> > u_int16_t sender_port; /* host order */
> > pb_stream packet_pbs; /* whole packet */
> > pb_stream message_pbs; /* message to be processed */
> > pb_stream clr_pbs; /* place to store decrypted packet */
> > struct isakmp_hdr hdr; /* message's header */
> > bool encrypted; /* was it encrypted? */
> > enum state_kind from_state; /* state we started in */
> > const struct state_microcode *smc; /* microcode for initial
> >state (v1)*/
> > const struct state_v2_microcode *svm; /* microcode for initial
> >state (v2)*/
> > bool new_iv_set;
> > struct state *st; /* current state object */
> > struct state *pst; /* parent state object (if any) */
> >
> > enum phase1_role role;
> > msgid_t msgid_received;
> >
> > pb_stream rbody; /* room for reply body (after header) */
> > notification_t note; /* reason for failure */
> > bool dpd; /* Peer supports RFC 3706 DPD */
> > bool ikev2; /* Peer supports IKEv2 */
> > bool event_already_set;
> > stf_status result; /* temporary stored here for access by Tcl */
> >
> ># define PAYLIMIT 30
> > struct payload_digest
> > digest[PAYLIMIT],
> > *digest_roof,
> > *chain[ISAKMP_NEXT_ROOF];
> > struct isakmp_quirks quirks;
> >};
> >
> >I did not mean to say md is _just_ the packet. Apologies for the
> >confusion.
> >
> >Paul
> >
> >
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list