An IKE exchange normally consists of a fixed number of well-defined messages, which each peer sends every other turn. Recognizing this simple fact, we chose to build the state machine around an engine which ran ``scripts'' unique for each exchange type. An example of a script is shown in figure 1. This is the script an initiator runs when doing a ``main mode''. The elements of the script are functions, alternately constructing a message to be sent, or dealing with a message that has been received. Along with this semantics description there is also a syntactic ``script'', which may look like figure 2. This syntax description describes what payloads are mandatory in each message of the exchange. It also marks when the exchange ends.
![\begin{figure*}
\begin{verbatim}
int16_t script_identity_protection[] = {
ISAKM...
...or. */
EXCHANGE_SCRIPT_AUTH,
EXCHANGE_SCRIPT_END
};\end{verbatim}\end{figure*}](img3.gif)