[Openswan dev] Re: msgids and IVs
Michael Richardson
mcr at cyphermail.sandelman.ottawa.on.ca
Thu Feb 5 17:35:37 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "D" == D Hugh Redelmeier <hugh at mimosa.com> writes:
D> The message ID is part of each IKE message (in Phase 1 it is 0).
D> Pluto uses the message ID of an inbound message when looking up the
D> state. It does so with a hash table. The state object is linked into
No, it doesn't actually.
struct state *st = *state_hash(icookie, rcookie, peer);
while (st != (struct state *) NULL)
{
if (sameaddr(peer, &st->st_connection->spd.that.host_addr)
&& memcmp(icookie, st->st_icookie, COOKIE_SIZE) == 0
&& memcmp(rcookie, st->st_rcookie, COOKIE_SIZE) == 0)
{
if(msgid == st->st_msgid)
break;
it finds the hash bucket with the cookies+peer, and then walks the
buckets looking for the one with the right msgid. So, making a set of
msgid/IVs is actually rather easy.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQCLFN4qHRg3pndX9AQFNzwP9EW6Dd4LQ2SBfk/CKrIivmgjHghcaKGPr
lzSWYoEU2/6BGJnGI12Z9h+HibHsOLqnwufEczpq1RZHc69xR6o2IQKnZthLxPrr
dplcbPjM9MjSiTMLfmhvYIhpcNYtzCWV1IXTZAS/HFxzJf2OLwqQkChSPFURTzw0
R5Xs7ToBjjs=
=Uzxx
-----END PGP SIGNATURE-----
More information about the Dev
mailing list