I think I brought this issue up a couple of months
ago. The resounding answer at the time is that the version number in the isakmp
hdr is enough to direct message to the correct process running a specific IKE
version. I think there is some code reuse here (although that is a debatable
requirement as well).
On a very different note:
Also, I was wondering if it would be possible to
add a "message type" in the isakmp hdr in the IKEv2 (Harkins et al) to indicate
what part of the exchange the message represents. This would be different than
the "Exchange Type" as it would offer a finer level of granularity. I know you
can look at how the message is constructed to determine that information, but it
seems to be that a simple identifier to validate a message against a state
machine would be a cheaper operation. Of course, it does not remove the
requirement to examine the payloads to ensure that all is in order. Just an
idea.
Scott
|