diff options
Diffstat (limited to 'doc/src/initiatorstate.txt')
| -rw-r--r-- | doc/src/initiatorstate.txt | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/doc/src/initiatorstate.txt b/doc/src/initiatorstate.txt new file mode 100644 index 000000000..315f6da4c --- /dev/null +++ b/doc/src/initiatorstate.txt @@ -0,0 +1,66 @@ + + | + | PF_ACQUIRE + | + V + .---------------. + | non-existant | + | connection | + `---------------' + | | | + send , | \ +expired pass / | \ send +conn. msg / | \ deny + ^ / | \ msg + | V | do \ +.---------------. | DNS \ .---------------. +| clear-text | | lookup `->| deny |---> expired +| connection | | for | connection | connection +`---------------' | destination `---------------' + ^ ^ | ^ + | | no record | | + | | OE-permissive V | no record + | | .---------------. | OE-paranoid + | `------------| potential OE |---------' + | | connection | ^ + | `---------------' | + | | | + | | got TXT record | DNSSEC failure + | | reply | + | V | wrong + | .---------------. | failure + | | authenticate |---------' + | | & parse TXT RR| ^ + | repeated `---------------' | + | ICMP | | + | failures | initiate IKE to | + | (short-timeout) | responder | + | V | + | phase-2 .---------------. | failure + | failure | pending |---------' + | (normal | OE | ^ + | timeout) | |invalid | phase-2 failure (short-timeout) + | | |<--.SPI | ICMP failures (normal timeout) + | | | | | + | | +=======+ |---' | + | | | IKE | | ^ | + `--------------| | states|---------------' + | +=======+ | | + `---------------' | + | | invalid SPI + | | + V | rekey time + .--------------. | + | keyed |<---|-------------------------------. + | connection |----' | + `--------------' | + | | + | | + V | + .--------------. connection still active | + clear-text----->| expired |------------------------------------' + deny----->| connection | + `--------------' + + +$Id: initiatorstate.txt,v 1.1 2004/03/15 20:35:24 as Exp $ |