+++ /dev/null
-
- |
- | PF_ACQUIRE
- |
- V
- .---------------.
- | non-existant |
- | connection |
- `---------------'
- | | |
- send , | \
-expired pass / | \ send
-conn. msg / | \ deny
- ^ / | \ msg
- | V | do \
-.---------------. | DNS \ .---------------.
-| clear-text | | lookup `->| deny |---> expired
-| connection | | for | connection | connection
-`---------------' | destination `---------------'
- ^ ^ | ^
- | | no record | |
- | | OE-permissive V | no record
- | | .---------------. | OE-paranoid
- | `------------| potential OE |---------'
- | | connection | ^
- | `---------------' |
- | | |
- | | got TXT record | DNSSEC failure
- | | reply |
- | V | wrong
- | .---------------. | failure
- | | authenticate |---------'
- | | & parse TXT RR| ^
- | repeated `---------------' |
- | ICMP | |
- | failures | initiate IKE to |
- | (short-timeout) | responder |
- | V |
- | phase-2 .---------------. | failure
- | failure | pending |---------'
- | (normal | OE | ^
- | timeout) | |invalid | phase-2 failure (short-timeout)
- | | |<--.SPI | ICMP failures (normal timeout)
- | | | | |
- | | +=======+ |---' |
- | | | IKE | | ^ |
- `--------------| | states|---------------'
- | +=======+ | |
- `---------------' |
- | | invalid SPI
- | |
- V | rekey time
- .--------------. |
- | keyed |<---|-------------------------------.
- | connection |----' |
- `--------------' |
- | |
- | |
- V |
- .--------------. connection still active |
- clear-text----->| expired |------------------------------------'
- deny----->| connection |
- `--------------'
-
-
-$Id: initiatorstate.txt,v 1.1 2004/03/15 20:35:24 as Exp $
projects / thirdparty / strongswan.git / blobdiff