<DIV> </DIV>
<DIV><FONT size=2>Hi,All:<BR> As we know, if we use aggressive mode with x.509 cert in IKE phase one, pluto will </FONT></DIV>
<DIV>
<DIV> </DIV>
<DIV><FONT size=2>not exchange both sides' certs. Now, I want the both sides exchange each other's cert in IKE </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>phase 1 using aggressive mode. Now I am modifying the source code to implement this. Now, I </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>have successfully make the initiator send the first packet which has a CR payload after the </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>ID payload and before VID payload. But, it seems like that the responsder does not accept </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>this packet. The log says "message ignored because it contains an unexpected payload types </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>ISAKMP_NEXT_CR". I have modify the function aggr_inI1_outR1_common() and </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>aggr_inI1_outR1_tail() in ipsec_doi.c to process the CR payload. But, according to the log, </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>I find that the log message comes from the following codes in function process_packet() in </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>demux.c<BR>{<BR> lset_t s = LELEM(np);</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2> if (LDISJOINT(s<BR> , needed | smc->opt_payloads| LELEM(ISAKMP_NEXT_N) | LELEM(ISAKMP_NEXT_D)))<BR> {<BR> loglog(RC_LOG_SERIOUS, "%smessage ignored because it "<BR> "contains an unexpected payload type (%s)"<BR> , excuse, enum_show(&payload_names, np));<BR> SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);<BR> return;<BR> }<BR> needed &= ~s;<BR>}<BR> Untill now, I do not have a clear thinking about the PROCESS of the INCOMING and </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>OUTCOMING IKE packet, just have a general profile. Does anyone can tell me what should I do </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>if I want to meet my require demands. I mean that just the general steps. For example, </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>which key files,key places and key data structures should be modified. Or does anyone can </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>tell me where to get the resources about openswan's source code analysis. There is too </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>little resources about openswan's source code on the Internet.<BR> I will really appreciate your reply and any help~~~~~~~~<BR>Jacky </FONT></DIV><!-- CoreMail Version 3.1_dev Copyright (c) 2002-2007 www.mailtech.cn --></DIV>
<DIV> </DIV><br><!-- footer --><br><hr>
<a style="font-size:14px;line-height:15px; color:#000; text-decoration:none" href="http://www.126.com/" target="_blank"><span style="text-decoration:underline; color:blue">抢注!网易隆重推出新一代免费邮箱</span><span style="font-family:Tahoma; text-decoration:underline; color:blue">>></span> </a>