The following changes look at the state machine proper: - the flag SMF2_STATENEEDED which indicates that the state transition requires state is completely redundant: "struct state" == NULL IFF initial-state; is deleted
- I earlier posted questions related to ikev2_process_payloads() - it is, to me, doing more than it should. By moving its search logic into the main search-for-state-transition loop things get more transparent, and SMF2_CONTINUE_MATCH (which scares me) can also be deleted. In addition to checking the clear payload, SMF2_UNPACK_SK indicates that the SK (encrypted) payload can be checked - less stuff for my rekey states to deal with - cleans up IKE_I and MSG_R along with md->role and st->st_role (new). The flags SMF2_MSG_R_CLEAR and SMF2_MSG_R_SET along with SMF2_IKE_I_SET and SMF2_IKE_I_CLEAR (replace the overlaoded SMF2_INITIATOR) are used to match expected packet states. And checks that all is well with md->role and st->st_role are also added (oh and some weird code declaring that md->role is wrong - if that is true we're really sunk) _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
