--- /dev/null
+
+ |
+ | PF_ACQUIRE
+ |
+ V
+ .---------------.
+ | non-existant |
+ | connection |
+ `---------------'
+ | | |
+ send , | \
+expired pass / | \ send
+conn. msg / | \ deny
+ ^ / | \ msg
+ | V | do \
+.---------------. | DNS \ .---------------.
+| clear-text | | lookup `->| deny |---> expired
+| connection | | for | connection | connection
+`---------------' | destination `---------------'
+ ^ ^ | ^
+ | | no record | |
+ | | OE-permissive V | no record
+ | | .---------------. | OE-paranoid
+ | `------------| potential OE |---------'
+ | | connection | ^
+ | `---------------' |
+ | | |
+ | | got TXT record | DNSSEC failure
+ | | reply |
+ | V | wrong
+ | .---------------. | failure
+ | | authenticate |---------'
+ | | & parse TXT RR| ^
+ | repeated `---------------' |
+ | ICMP | |
+ | failures | initiate IKE to |
+ | (short-timeout) | responder |
+ | V |
+ | phase-2 .---------------. | failure
+ | failure | pending |---------'
+ | (normal | OE | ^
+ | timeout) | |invalid | phase-2 failure (short-timeout)
+ | | |<--.SPI | ICMP failures (normal timeout)
+ | | | | |
+ | | +=======+ |---' |
+ | | | IKE | | ^ |
+ `--------------| | states|---------------'
+ | +=======+ | |
+ `---------------' |
+ | | invalid SPI
+ | |
+ V | rekey time
+ .--------------. |
+ | keyed |<---|-------------------------------.
+ | connection |----' |
+ `--------------' |
+ | |
+ | |
+ V |
+ .--------------. connection still active |
+ clear-text----->| expired |------------------------------------'
+ deny----->| connection |
+ `--------------'
+
+
+$Id: initiatorstate.txt,v 1.1 2004/03/15 20:35:24 as Exp $
projects / thirdparty / strongswan.git / blobdiff