State tables and state transition graphs

Lee Winter lee.j.i.winter at gmail.com
Mon Sep 7 05:04:27 CEST 2009 

Dear mandos developers,

Your project looks very interesting, but I am having some difficulty
comprehending the seqence of operations in various scenarios.  Normally I
would construct a state table and derive the operational graph from it.  But
I cannot find enough info in the fukt website to accomplish that.

So I offer the following usage cases as stepping stones toward the necessary
documentation.  The key issue is the sequence of events that mandos detects
and reacts to.  Each usage case is characterized by the timing of two events
corresponding to the turn-on of the client and the server.  All cases start
with both machines off.

Case 1:  Client boots first.
    In this case I think the client simply waits for the server to boot and
announce itself.  The fundamental assumption is that the server can handle a
request from the client before it has established that the client is up and
running.  Is that true?

Case 2:  Server first, client boots immediately thereafter.  This is quite
similar to case #1, but the first message received here is the client's
broadcast request, while in case #1 the first message received would be the
server's announcement.

Case 3.  Server first, client boots after the server has established that
the client is not responding, but before the one-hour timeout has elapsed.

Case 4: Server first, client boots after the one-hour timeout (as soon as
the server has been up for a hour)

Case 5:  Server boots, client boots successfully, goes down, and comes back
up again immediately (the server does not notice the change in client
state)   The key issue here is whether any connection/state is lost when the
client goes down.

Case 6.  Server boots, client boots, goes down long enough for the server to
notice but not long enough to trigger the timeout.  Is any state lost?

Case 7.  Server boots, client boots, goes down longer than the timeout, and
then reboots with manual intervention to overcome the timeout.  Some time
later the client reboots within the timeout interval.  Does the server
provide service to the client or is some manual intervention necessary on
the server to reset the expired timeout?

I'm sure the list above does not visit every possible state, but it is my
starting point.  Are there other states of a server-to-client relationship
besides
a. server down
b. server just booted (no client status info yet)
c. server sees client alive
d. server sees client dead < timeout
e. server sees client dead >= timeout?

For each of the above usage cases please tell me whether I should expect the
client to reboot unattended

Thanks,

Lee Winter
NP Engineering
Nashua, New Hampshire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.fukt.bsnet.se/pipermail/mandos-dev/attachments/20090906/b79d1b01/attachment.html

More information about the Mandos-Dev mailing list