[Openswan dev] Why this code can work?

[ctosgh]

Hi,all:
      Recently, I am reading the pluto source code and I am confused by the following code.

In init_demux(), we can see the following comment:
 /* fill ike_microcode_index:
 * make ike_microcode_index[s] point to first entry in
 * state_microcode_table for state s (backward scan makes this easier).
 * Check that table is in order -- catch coding errors.
 * For what it's worth, this routine is idempotent.
 */
So after we call init_demux(), ike_microcode_index[s]point to first entry in 

state_microcode_table for state s. But, for a certain state there may be more than one entry 

in state_microcode_table. For example, there are two entries for STATE_AGGR_R0 in 

state_microcode_table,as follows:
.....
    { STATE_AGGR_R0, STATE_AGGR_R1,
      SMF_PSK_AUTH| SMF_REPLY,
      P(SA) | P(KE) | P(NONCE) | P(ID), P(VID), PT(NONE),
      EVENT_RETRANSMIT, aggr_inI1_outR1_psk },

    { STATE_AGGR_R0, STATE_AGGR_R1,
      SMF_DS_AUTH | SMF_REPLY,
      P(SA) | P(KE) | P(NONCE) | P(ID), P(VID), PT(NONE),
      EVENT_RETRANSMIT, aggr_inI1_outR1_rsasig },
.....

After calling init_demux(), the pointer in ike_microcode_index[] for STATE_AGGR_R0 will point to the following entry:
    { STATE_AGGR_R0, STATE_AGGR_R1,
      SMF_PSK_AUTH| SMF_REPLY,
      P(SA) | P(KE) | P(NONCE) | P(ID), P(VID), PT(NONE),
      EVENT_RETRANSMIT, aggr_inI1_outR1_psk },

My question is: What if I use RSASIG authentication in IKE phase 1? It SHOULD call aggr_inI1_outR1_rsasig() not aggr_inI1_outR1_psk() to process the packet. 
Jacky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20070418/f5c55a28/attachment.html