[Openswan dev] Re: msgids and IVs
D. Hugh Redelmeier
hugh at mimosa.com
Thu Feb 5 00:00:48 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
| From: Michael Richardson <mcr at sandelman.ottawa.on.ca>
|
| For openswan 2.0.0 and all FreeS/WAN, a state can have at most one
| active msgid.
The message ID is part of each IKE message (in Phase 1 it is 0).
Pluto uses the message ID of an inbound message when looking up the
state. It does so with a hash table. The state object is linked into
the hash table that only allows for the state object to appear one
place in the hash table.
If you want one state to simultaneously have several message IDs, all
of which might appear in an inbound message, this will have to change.
| Things like XAUTH confuse this - one could create a new "phase 1.5"
| state for XAUTH. However, it and modecfg can actually use several msgid.
The least gross change to Pluto is to create a new state object
whenever you create a new message ID that you expect to appear in an
inbound message. If the previous message ID is not to be expected,
perhaps the new message ID's can "take over" the old state object.
Generally, many state object fields are immutable. If you want to
change them, it is better to clone the state object and set use the
new state.
Hugh Redelmeier
hugh at mimosa.com voice: +1 416 482-8253
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBQCHOD8FAuQPManGZAQGJdgQAwTegcUGll47hcgUKVLOqxH9JgeoHlnxJ
dOmsXJNPJDFpZe9SH6O8Bzyem5+xL7fA+9vgVNNrtp3IDq1UQEzI30X/9o1uoCpn
K20tcBoIYw+UGLJ7SuRbTkU4UO5vpKFmxu+aLcUfoujqwiG5mlFw6U62AYpGPEBh
N05LH6U1mxM=
=oapo
-----END PGP SIGNATURE-----
More information about the Dev
mailing list