DESIGN-NOTES - OpenGrok cross reference for /openbsd/sbin/isakmpd/DESIGN-NOTES

Deleted Added

sdiffudifftextold ( a42de217 )new ( 5678a57a )

DESIGN-NOTES (a42de217)	DESIGN-NOTES (5678a57a)
1$OpenBSD: DESIGN-NOTES,v 1.24 2005/11/17 21:18:25 grunk Exp $	1$OpenBSD: DESIGN-NOTES,v 1.25 2006/06/02 19:35:55 hshoexer Exp $
2$EOM: DESIGN-NOTES,v 1.48 1999/08/12 22:34:25 niklas Exp $ 3 4General coding conventions 5-------------------------- 6GNU indentation, Max 80 characters per line, KNF comments, mem* instead of b, 7BSD copyright, one header per module specifying the API. 8Multiple inclusion protection like this: 9 --- 28 unchanged lines hidden* (view full) --- 38constants.c Value to name map of constants. 39cookie.c Cookie generation. 40crypto.c Generic cryptography. 41dh.c Diffie-Hellman exchange logic. 42dnssec.c IKE authentication using signed DNS KEY RRs. 43doi.c Generic handling of different DOIs. 44exchange.c Exchange state machinery. 45exchange_num.cst	2$EOM: DESIGN-NOTES,v 1.48 1999/08/12 22:34:25 niklas Exp $ 3 4General coding conventions 5-------------------------- 6GNU indentation, Max 80 characters per line, KNF comments, mem* instead of b, 7BSD copyright, one header per module specifying the API. 8Multiple inclusion protection like this: 9 --- 28 unchanged lines hidden* (view full) --- 38constants.c Value to name map of constants. 39cookie.c Cookie generation. 40crypto.c Generic cryptography. 41dh.c Diffie-Hellman exchange logic. 42dnssec.c IKE authentication using signed DNS KEY RRs. 43doi.c Generic handling of different DOIs. 44exchange.c Exchange state machinery. 45exchange_num.cst
46 Some constants used for exhange scripts.	46 Some constants used for exchange scripts.
47field.c Generic handling of fields. 48genconstants.sh 49 Generate constant files from .cst source. 50genfields.sh Generate field description files from .fld source.	47field.c Generic handling of fields. 48genconstants.sh 49 Generate constant files from .cst source. 50genfields.sh Generate field description files from .fld source.
51gmp_util.c Utilities to ease interfaceing to GMP.	51gmp_util.c Utilities to ease interfacing to GMP.
52hash.c Generic hash handling. 53if.c Network interface details. 54ike_aggressive.c 55 IKE's aggressive mode exchange logic. 56ike_auth.c IKE authentication method abstraction. 57ike_main_mode.c IKE's main mode exchange logic. 58ike_phase_1.c Common parts IKE's main & aggressive modes' exchange logic. 59ike_quick_mode.c --- 79 unchanged lines hidden (view full) --- 139ID would be the struct sa address. Another idea would be some kind of sequence 140number, either global or per-destination. Right now I have introduced a name 141for SAs, non-unique, that binds together SAs and their configuration 142parameters. This means both manual exchange runs and rekeying are simpler. 143Both struct exchange and struct sa does hold a reference count, but this is 144not entirely like a reference count in the traditional meaning where 145every reference gets counted. Perhaps it will be in the future, but for now 146we increment the count at allocation time and at times we schedule events	52hash.c Generic hash handling. 53if.c Network interface details. 54ike_aggressive.c 55 IKE's aggressive mode exchange logic. 56ike_auth.c IKE authentication method abstraction. 57ike_main_mode.c IKE's main mode exchange logic. 58ike_phase_1.c Common parts IKE's main & aggressive modes' exchange logic. 59ike_quick_mode.c --- 79 unchanged lines hidden (view full) --- 139ID would be the struct sa address. Another idea would be some kind of sequence 140number, either global or per-destination. Right now I have introduced a name 141for SAs, non-unique, that binds together SAs and their configuration 142parameters. This means both manual exchange runs and rekeying are simpler. 143Both struct exchange and struct sa does hold a reference count, but this is 144not entirely like a reference count in the traditional meaning where 145every reference gets counted. Perhaps it will be in the future, but for now 146we increment the count at allocation time and at times we schedule events
147tha might happen sometime in the future where we will need the structure. 148These events then realeases its reference when done. This way intermediate	147that might happen sometime in the future where we will need the structure. 148These events then release its reference when done. This way intermediate
149deallocation of these structures are OK. 150 151The basic idea of control flow 152------------------------------ 153 154The main loop just waits for events of any kind. Supposedly a message 155comes in, then the daemon looks to see if the cookies describes an 156existing ISAKMP SA, if they don't and the rcookie is zero, it triggers a --- 161 unchanged lines hidden (view full) --- 318Configuration 319------------- 320 321Internally isakmpd uses a section-tag-value triplet database for 322configuration. Currently this happen to map really well to the 323configuration file format, which on the other hand does not map 324equally well to humans. It is envisioned that the configuration 325database should be dynamically modifiable, and through a lot of	149deallocation of these structures are OK. 150 151The basic idea of control flow 152------------------------------ 153 154The main loop just waits for events of any kind. Supposedly a message 155comes in, then the daemon looks to see if the cookies describes an 156existing ISAKMP SA, if they don't and the rcookie is zero, it triggers a --- 161 unchanged lines hidden (view full) --- 318Configuration 319------------- 320 321Internally isakmpd uses a section-tag-value triplet database for 322configuration. Currently this happen to map really well to the 323configuration file format, which on the other hand does not map 324equally well to humans. It is envisioned that the configuration 325database should be dynamically modifiable, and through a lot of
326differnet mechanisms. Therefore we have designed an API for this	326different mechanisms. Therefore we have designed an API for this
327purpose. 328 329int conf_begin (); 330int conf_set (int transaction, char section, char tag, char value, 331 int override); 332int conf_remove (int transaction, char section, char tag); 333int conf_remove_section (int transaction, char section); 334int conf_end (int transaction, int commit); --- 80 unchanged lines hidden ---	327purpose. 328 329int conf_begin (); 330int conf_set (int transaction, char section, char tag, char value, 331 int override); 332int conf_remove (int transaction, char section, char tag); 333int conf_remove_section (int transaction, char section); 334int conf_end (int transaction, int commit); --- 80 unchanged lines hidden ---