The same transform is used for inbound and outbound packets.
The transform should know which direction these packets are flowing
in; that (a) allows a transform to reject packets which are "looping
back" so to speak, and (b) makes it easier for a transform to generate
unique nonces.
This will be used by the forthcoming EAX transform. It is combined
with the sequence number (the same values of which are used by both
ends) to make the nonce, which must be unique across the single shared
key, ie unique across both flows.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
~mdw / secnet / commitdiff