On 3 March 2015 at 12:27, Paul Wouters <[email protected]> wrote: > On Tue, 3 Mar 2015, Andrew Cagney wrote: > >> - cleans up IKE_I and MSG_R along with md->role and st->st_role (new). > > > Could one state object be in two different roles? Like when it sent a > delete notify and receiving a DPD/liveness probe?
No. But there is MSG_R. "role" is the original role as in the original INITIATOR or RESPONDER. It can never change. And md-role had better match st->st_role; if it doesn't we should back away from the payload slowly :-). Once in the established state, the role determines encryption but nothing else. The liveness probe should be using the MSG_R bits. for sender and replier(sic). (ok, I lie #1, the liveness probe needs to use st->st_role when encrypting the packet it is going to send) (ok, I lie #2: if the original responder initiates a re-key, it at the end of it all becomes the original initiator) > I'm not yet entirely sure that you can pull "role" from the md into the > state. (I'm not saying you cannot either) > > Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
